Chief Information Security Officer

This is an outstanding opportunity to take on a leadership role whose main responsibility is to establish and maintain the University’s information security management framework, to ensure the availability, integrity and confidentiality of the University’s information.

The Chief Information Security Officer (CISO) will define and implement the University’s information security strategy and lead operational and improvement programmes in order to protect information assets, manage information security risks, meet legislative and partner requirements, and provide assurance to key stakeholders.

The CISO will work proactively with units across the collegiate University to implement practices that meet defined policies and standards for information security. They will manage the University's information security function, consisting of direct reports in both the Oxford Computer Emergency Response Team (OxCERT) and the Governance Risk & Compliance Team (GRC). They will also provide leadership to other colleagues across the University.

The ideal candidate will have or be able to develop a sound understanding of the collegiate University and an excellent knowledge of information security trends, technologies and methodologies. They will lead by consensus, and will be skilled in integrating the various elements of information security. They will support the University’s strategic objectives while ensuring the appropriate information security protections and practices to safeguard the information assets of the University.

Essential selection criteria

  • Proven track record and experience in successfully developing and executing information security strategy and programmes in a highly complex organisation with devolved structures and multiple stakeholders
  • A consensual approach to leadership and management and the ability to lead and motivate cross-functional, interdisciplinary teams
  • The ability to establish relationships and influence key stakeholders at all levels of the organisation in order to build the reputation of information security and influence internal and external stakeholders to benefit the institution as a whole
  • Must be a critical thinker, with strong problem-solving skills, a high degree of initiative, dependability and excellent analytical skills
  • Project management skills including financial / budget management, scheduling and resource management, and experience with contract and vendor negotiations
  • High level of personal integrity, as well as the ability to handle confidential matters, and show an appropriate level of judgment and maturity
  • Excellent written and oral communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences
  • Demonstrable experience of senior leadership roles in risk management, information security or IT
  • Graduate calibre with appropriate qualifications, such as BCS Fellow, CESG, IISP, CISM, CISSP
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST, and of relevant legal and regulatory requirements, such as the DPA, GDPR, PCI and NHS Data Security & Protection Toolkit