Head of Information Security

£75,000 - £87,500 with potential for market rate supplement

Hays Technology and The University of Birmingham are working in partnership to recruit a Head of Information Security on a permanent basis.

The University of Birmingham has been part of the city for over 100 years and is proud to be recognised as a world-class Russell Group institution. It supports the growth and development of its staff via work/life balance-oriented hybrid and flexible working schemes, and initiatives such as the sector-leading Birmingham Professional programme, offering career development opportunities to help individuals reach their full potential. The university holds a firm commitment to diversity and inclusion and welcomes individuals from all backgrounds, fostering a collaborative environment where different perspectives drive innovation and progress. Set in leafy Edgbaston, the campus offers excellent transport links and a vibrant atmosphere, with a sports centre, shops, cafés, an art gallery, museum, and botanical gardens.

The Head of Information Security will be tasked with leading, defining and driving the University’s information security strategy whilst taking ownership of its security posture. The role oversees all IT security activities and manages all risks to the University’s systems and data from internal and external threats. As such, the successful candidate will be developing and maintaining the University’s IT security policies and procedures in accordance with best practice security standards and frameworks, leveraging existing technology, internal skillsets and external technology providers.

• Developing and executing a strategic, enterprise-wide information security and IT risk management programme aligned with the University's goals and regulatory requirements.
• Overseeing the creation, enhancement, and enforcement of a robust information security management framework, including all related policies, standards, and procedures.
• Leading a medium-sized team of information security and cyber professionals, recognising and utilising their individual skillsets, and developing the overall team to reach its full potential.
• Collaborating with academic and professional services teams to assess and manage information security risks across the organisation.
• Defining and evolving the structure of the Information Security team, ensuring appropriate staffing and capabilities to meet current and future needs.
• Acting as the University’s authoritative representative on information and cyber security matters, engaging with external partners, networks, and regulatory bodies.
• Partnering with stakeholders across the University to raise awareness of information security risks and promoting a culture of shared responsibility.
• Overseeing the ongoing implementation of security tools and working with technical cyber security staff to maximise the effectiveness of existing tooling.
• Working closely with vendors to interpret and manage complex licensing terms, ensuring compliance and maximising the utilisation of existing security tools.
• Demonstrating a mature and compliant approach to information governance and security, in alignment with public-sector specific requirements.

• Senior-level experience in security leadership built upon a progressive trajectory in IT Security roles, with a proven track record of defining strategic security initiatives and serving as a trusted subject matter expert.
• Extensive experience in leading information security strategy and governance, including the creation, implementation, and enforcement of security policies, monitoring frameworks, and compliance structures within large organisations.
• Whilst certainly not essential, a higher education or public sector background would be ideal.
• Strong strategic thinking and planning capabilities, with the ability to articulate and drive a clear vision for information security across the university.
• Demonstrable expertise in implementing and maintaining formal compliance or certification programmes, such as ISO27001, NIST, COBIT or Cyber Essentials.
• Experience in assessing, managing, and quantifying information security risks, including the development of metrics and tracking mechanisms.
• Experience working with senior stakeholders, earning trust and influencing decision-making at executive levels.
• Excellent communication and presentation skills, with the ability to articulate complex security concepts to non-technical audiences.

• A salary between £75,000 and £87,500 (DoE)
• Market rate supplement – enquire for details
• A hybrid arrangement of 3 days in office and 2 days per week from home
• Universities Superannuation Scheme (USS) pension of 22% (9% personal, 13% UofB contribution)
• 25 days annual leave, 7 University Closure Days, 8 Bank Holidays
• Volunteering leave
• Occupational sick pay
• Access to three subsidised nurseries
• Access to the Birmingham Professional programme

Closing date: 24th October

Hays Technology have been retained by the University of Birmingham to manage the recruitment of this role. For all enquiries, please contact James Dilks at Hays Technology.

If you have the relevant experience and would like to apply, please submit your CV.