Head of Security Governance Risk and Compliance

The Head of Security Governance Risk and Compliance (SGRC) is a leadership role and the main purpose of the job is to take responsibility for leading the strategic planning and delivery of the cross-University approach for the governance and management of information security risk and compliance in support of the University’s strategic and operational objectives, legislative requirements and industry-accepted good practice. The SGRC function is a core activity in, and crucial to the success of, the central Information Security team’s service which is of key strategic importance to the University. The role requires extensive experience and specialist expertise in information security governance, risk and compliance in order to lead the University’s approach to managing information security risk and compliance, and to provide strategic level advice.

As part of the management team of the University’s central information security service team, the Head of SGRC contributes towards the strategic planning for managing information security across the institution; defines, leads, assesses and is accountable for the quality of the University’s information security governance and risk services; and leads a team of SGRC specialists to support teaching, research and the administration of the University.

The Head of SGRC is also responsible for setting the standard for and delivering information governance as a service to the Medical Sciences Division. This service is of key strategic importance to the division, and the Head of SGRC is responsible for developing, implementing and monitoring the success and quality of a comprehensive divisional information governance framework to ensure compliance with external requirements and support the division’s strategic objectives by securing funding and research data from external parties. The service evaluates current ways of working and the impact on funding and research, and introduces appropriate solutions and new ways of working to effectively and efficiently secure research data and funding across the division.

Establishing collaborative relationships with and leading senior managers and stakeholders across the collegiate University is crucial to the success of the role and the University’s strategic objective of enabling a fit-for-purpose and effective information security framework in order to protect the brand and reputation of the University; support the delivery of the IT Strategic Plan; enable all staff and students to use existing and emerging technologies with confidence; and meet external requirements for securing funding and research data.

Essential selection criteria

  • Extensive experience and specialist expertise in governing and managing information security activities within a university or business environment
  • Recognised expert in the field of information security governance risk and compliance, with demonstrable ability to act as a leading authority on information security, providing guidance on the governance and management of information security risks for major IT programmes and strategic initiatives
  • Proven track record of contributing to the strategic planning for information security in a complex environment and for developing and implementing organisation-level policies, standards and guidance
  • Ability to establish relationships and influence key stakeholders at all levels of the organisation in order to build the reputation of Information Security and influence internal and external stakeholders to benefit the institution as a whole
  • Demonstrable experience of managing a team of experts and managing relationships between teams and stakeholders across an organisation in order to deliver an efficient and successful information security service
  • Demonstrable experience in developing and managing information security audit and assurance programmes, including assessing the security of third parties
  • Demonstrable experience in developing and managing information security training and awareness programmes to a diverse range of stakeholders
  • Demonstrable experience in setting the standards for, delivering and monitoring an information security service and for developing and managing information security reporting frameworks and dashboards
  • Ability to proactively lead or create a network of internal and external stakeholders and interested parties, to challenge or lead thinking in information security governance risk and compliance
  • Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
  • Excellent written and oral communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at all levels of the organisation
  • Graduate calibre with appropriate qualifications, such as BCS Fellow, CESG, IISP, CISM, CISSP
  • Knowledge of common information security management/governance frameworks, such as ISO/IEC 27001, ITIL and COBIT