Head of IT Security
Milton Keynes, or could be Birmingham, London, Leicester, Peterborough based (with flexibility to travel to other sites 2/3 times a month)
£ Negotiable depending on experience.
Hybrid working - 3 days office, 2 days home
MHA is the UK arm of Baker Tilly International, and we have a fantastic opportunity for a Head of IT Security to join our IT team, reporting to the IT Partner.
Purpose of the Role
The Head of IT Security is responsible for the comprehensive management and execution of all IT security processes and activities within the organisation. This includes the development and implementation of a robust security improvement programme aimed at safeguarding the company's digital assets and ensuring compliance with relevant regulations and standards.
This role involves the creation and maintenance of a high-quality IT Security Management system, with regular reporting to senior stakeholders to ensure transparency and accountability.
A key aspect of this role is to thoroughly understand, document, and communicate the organisation's cyber risk landscape. The Head of IT Security will design, agree upon, and implement effective security solutions tailored to mitigate identified risks.
Additionally, the role encompasses the delivery of comprehensive training and awareness programmes to educate employees on best practices and reduce the likelihood of cyber incidents or data breaches.
The ongoing development and enhancement of the security programme are critical deliverables for this role. The Head of IT Security must possess excellent communication, interpersonal, and organisational skills to effectively collaborate with various departments and external partners.
This role also requires close cooperation with other IT teams to deliver projects that may extend beyond IT security, ensuring a cohesive approach to the organization's overall IT strategy.
Qualification and Essential Skills
Qualifications:
A professional certification in IT security, such as CISSP, CISM, CISA, or CEH, or equivalent
Essential skills and experience:
* A strong knowledge and experience of IT security frameworks, standards, and best practices, such as ISO27001, NIST, COBIT, and ITIL
* A high level of analytical and problem-solving skills, and the ability to communicate complex IT security concepts and issues to technical and non-technical audiences.
* A solid understanding and experience of IT security technologies and tools, such as firewalls, antivirus, encryption, authentication, and backup systems, and their implementation and management
* Ability to think ahead, research emerging solutions and connect them to business requirements.
* Strong customer focus and excellent communication skills at all levels
* A high level of integrity and professionalism, and the ability to handle confidential and sensitive information.
* Ability to write an appropriate business case to support a technology investment, including ROI and SMART measures.
* Ability to define and oversee a meaningful project plan (including measures that define success)
* Relationship and stakeholder management is essential to success in this role
Main Responsibilities
* Develop and implement a comprehensive IT security strategy and roadmap that aligns with the organisation’s objectives and risk appetite.
* Manage and monitor the IT security operations, including security incident response, vulnerability management, penetration testing, security audits, and security awareness training.
* Ensure compliance with IT security regulations and standards, such as DSS, Data Protection, ISO27001, and GDPR, and liaise with external auditors and regulators as required.
* Evaluate and recommend IT security solutions and tools, such as firewalls, antivirus, encryption, authentication, and backup systems, and ensure their proper installation, configuration, and maintenance.
* Conduct regular IT security assessments and audits to identify and remediate any gaps or weaknesses in the IT security posture and controls.
* Undertake IT Security and Data investigations as required to satisfy policy adherence, regulatory compliance or other agreed scenarios.
* Manage and mentor the IT team and wider business, fostering culture of security awareness and best practices across the organisation.
* Keep abreast of the latest IT security trends, threats, and technologies, and advise the senior management and stakeholders on IT security issues and risks.
* To be considered, professional and objective always
* To be an effective communicator at all levels.
General duties and responsibilities
* Ensure that a professional, courteous, and proactive IT service is always delivered to ‘the consumer (internal).
* Ensure that written work is delivered to a continually high standard and that all the appropriate firm policies for document release are adhered to.
* Ensure that all information is kept secure and not disclosed inappropriately
* Ensure that the operations under your management and control sustain the appropriate level of quality assurance standards
* Accept additional responsibilities as specifically requested by the IT Partner
* Always ensure you and any staff under your management project a professional image.
* To comply with, and ensure that your staff comply with, all required firm procedures.
* To carry out your duties in accordance with the firm’s Equal Opportunities and Health and Safety policies at all times
* To maintain high standards of quality of work, personal presentation and personal conduct
* To hold a valid driving licence.
* To be flexible in working from other national and international offices when required.
Reporting and administrative duties
* Document and provide a weekly/monthly performance report clearly showing activities are on target, missing target, next or remediation activities
* Document known project/activity pipeline for security roadmap.
Financial responsibilities and authority limits
* To ensure projects are delivered in line with the stated budget.
* Forecasting of future costs based on understand business demand and technology changes.
* All expenditure must be authorised in advance by the IT Partner.
Communications
* Reporting to Management Board and RICO committee
* Team members open door
* Providers and business partners
Problems and Issues
* Aligning Security requirements with business objectives
Decision Making Parameters
* MHA business plans
* Budgets and resources
* Resource requirements
* MHA policies and procedures
* Own initiative
Delegation
* System Team members as agreed with Head of Systems
* Service Team members as agreed with Head of IT Service
* IT Training Team members as agreed with Head of Training
* Business Change Champions
What we can offer you
* Genuine work life balance.
* Accredited Investor in People.
* New and improved programme for Succession planning and supportive management structure to help you realise your potential.
* 33 days holiday including bank holidays, plus the opportunity to buy up to 5 days.
* Competitive salary.
* Employee referral scheme, paying up to £4000 for a successful referral.
* Paid CSR time.
* Car lease scheme.
And more!