Head of Cyber Security and Compliance

STFC - The Science and Technology Facilities Council ;, United Kingdom

Updated: almost 3 years ago
Location: Didcot, ENGLAND
Job Type: FullTime
Deadline: 08 Aug 2021

STFC, RAL/Didcot

About Us

The Science and Technology Facilities Council (STFC) is one of Europe’s largest multidisciplinary research organisations, with our National Laboratories providing world-class research facilities and capabilities operated as a national research resource. STFC is one of the nine councils in UK Research and Innovation (UKRI). UKRI’s mission is to convene, catalyse and invest in close collaboration with others to build a thriving, inclusive research and innovation system that connects discovery to prosperity and public good.

With sites including the Rutherford Appleton Laboratory (RAL) at the Harwell campus in Oxfordshire, the Daresbury Laboratory at the Sci-Tech Daresbury campus in Cheshire, and the UK Astronomy Technology Centre in Edinburgh, STFC is positioned to deliver advance scientific understanding and generate a remarkable variety of real-world benefits which shape societies and transform lives.

About the Role

A vacancy has arisen for Head of Cyber Security & Compliance within STFC Digital Infrastructure.

The post will be based primarily at the Rutherford Appleton Laboratory on the Harwell Campus in Oxfordshire with an expectation of monthly travel to Daresbury where some of the IT Security staff reporting to you are located.

STFC conducts science and research across five locations, three of which are similar to university campuses with multiple faculties. The uniqueness of the research and technical infrastructures at each of STFCs user facilities dictates that information technology must be bespoke tailored to their individual needs. For this reason, our overarching IT strategy enables a high degree of federation and local autonomy around core and central services.

This is a new role leading an expanded team that will lead cyber security for STFC across what is, a complex, high throughput and leading-edge technical environment. STFC is one of nine councils within UK research and innovation (UKRI) and has around a third of the total directly employed science and research headcount within UKRI. It is important that the Head of Cyber security can represent the Interest of STFC whilst actively collaborating and assisting the central UKRI team to ensure there is an approach to cyber security that will deliver individual thematic needs across all nine councils.

As the Head of Cyber Security & Compliance you will be responsible for providing vision, leadership and direction around cyber security and converting this strategic vision into delivery plans and implementation. You will manage a team of staff at based Rutherford Appleton Laboratory and Daresbury Laboratory ensuring you establish appropriate strategy, standards, controls, and implement policies to protect STFC's information assets and technologies. You will also be STFC’s policy advisor for cyber risk in the sector and will be responsible for bringing together the department in its approach to cyber and information security. STFC has already established a common cyber security policy framework that operates throughout its facilities. In this role you will advance the maturity whilst successfully balancing the operational needs of complex science and research.

As a senior member of the Digital Infrastructure 'DI' team, you will lead in the creation of the enterprise security strategy. You will ensure, the policies and processes are in place to reduce information security risks and enable services to be delivered effectively. On occasion there will be the necessity to work under pressure to time critical incidents including outside of office hours .

You will have a strong information security / information management background along with formal qualifications and possess a proven ability to lead an information security function and execute an enterprise-level security strategy. You will be able to work in a collaborative way with policy, operations and leaders to identify low-risk solutions to business and digital needs. The role is conditional on having or obtaining UK National Security Vetting Security Clearance (SC).

Essential Criteria:

  • A pro-active dynamic, visible leader who can simplify the complexities of information security and information management to communicate effectively with staff at all levels and delivery partners. The expectation to act as an ambassador for STFC in a highly delegated technical environment and demonstrating a proactive approach for quality management and continual process improvement.
  • Will have formal Information Security qualifications (MSc in Information Security, CISSP, ISACA, SIRA, etc.) and / or significant relevant experience as an information security / information risk management professional.
  • An expert in Risk Management with practical experience of delivering risk and information system control management and strategies plus a deep understanding of IT and information risk and how it relates to a large-scale complex organisation.
  • An excellent grasp of the technologies used to deliver on premise and cloud-based services including the security controls needed to protect these services and the data that they process and store.
  • The ability to work proactively with scientific & digital innovators, identifying how a solution may be implemented consistent with the organisations' risk appetite.
  • Extensive experience in the delivery, operation and improvement of Information Security in line with industry standards or frameworks such as ISO/IEC 27000. The ability to demonstrate experience ensuring the Integrity and Confidentiality of digital information, and by working closely with colleagues to achieve high service Availability outcomes.

Desirable Criteria:

  • A detailed understanding of UK and international, legal and regulatory requirements that could affect STFC organisational security and information assurance policies and influence their development as needed. Including, GDPR, Data Protection Act 2018, and how to deliver privacy by design, zero trust, and will be experienced in the assurance of data protection and compliance for digital services.
  • A thorough understanding of operational and technical environment of an organisation of similar size and complexity to STFC / UKRI; the ability to identify relevant risks and propose appropriate risk mitigation approaches.
  • Degree in a relevant subject or significant work experience.
  • ITIL Certification, or other relevant IT Service Management certification or prepared to work towards it within 12 months.

What we Offer

UK Research and Innovation recognises and values employees as individuals and aims to provide a pay and reward package that motivates staff to the best of their ability. The reward and benefit package includes a flexible working scheme, an excellent Defined Benefit pension scheme, 30 days annual leave allowance and a number of other benefits.

How to Apply

Applicants are required to include a cover letter outlining their suitability for this role.

Applications are handled by UK Shared Business Services, to see more details and to apply please visit our job board.

The closing date for applications is 8th August 2021.


Similar Positions