Head of Cyber Security

**Job Title: Head of Cyber Security**
**Salary**:£61,227 to £76,925 (Including relevant allowances depending on skills and experience)
**Location**:Rutherford Appleton Laboratory Harwell, Oxfordshire
**Hours**:Full-Time
**Contract type**:Open-Ended

**_Together, our scientists, technologists, engineers, and business support team explore the unknown and turn what they find into work that changes the world around us. Whether it’s sending probes into space or finding new ways to treat cancer, everyone here plays a vital role in making a positive difference to society. Come and discover how much you can achieve when you’re surrounded by world-leading experts, encouraged to constantly learn and empowered to explore your curiosity._**

This role offers many significant benefits including, an outstanding public sector pension, a generous annual leave allowance, 30 days plus 10.5 public/privilege day, a flexible working pattern including hybrid working and opportunities for further professional development. We also have an on-site subsidised nursery and restaurant.

We are committed to supporting our teams' learning and our culture is to encourage relevant professional development. The role is based at the Rutherford Appleton Laboratory ‘RAL’ in Oxfordshire. There is an expectation of approximately monthly travel to other STFC campuses including Daresbury where IT Security staff are located. Whilst it could potentially be possible to conduct this role from other UKRI locations the balance of the role’s activity is at the RAL campus, hence any other way round requires more frequent travel and regular stays, the recruiter will be happy to discuss this with you.

**Role Details**

As the Head of Cyber Security & Compliance you will lead a team that has representation across STFC locations.

As a senior leader within the Digital Infrastructure Directorate 'DI' you will lead the creation of an enterprise security strategy, ensuring the policies and processes are in place to balance information security risks and enable digital services to be delivered effectively.

You will establish appropriate strategy, standards, controls, and implement polices to protect STFC’s information assets and technologies. You will advise on cyber risk and be responsible for coordinating STFC’s approach to cyber and information security.

You will collaborate with business leaders, leading academics, scientists, researchers, and innovation entrepreneurs to define practical policies that assist STFC’s strategic and operational outcomes whilst minimising cyber and information risk.

**Key Responsibilities**
- Chair relevant governance committees, when required deputising for the Director of Digital Infrastructure
- Oversee the development of STFC’s cyber approach for data protection, privacy, information security risk assessment, and management.
- Within DI, you will build and maintain a central understanding of the security status, develop and implement the cyber strategy, provide department wide threat assessment and define the risk appetite, act as the escalation point for risk decisions where necessary and initiate, plan and conduct detailed risk assessments following approved methods.
- Set, maintain, and audit the implementation of security policy and compliance standards for the department including advising on implications relevant for business continuity.
- Be responsible for information assurance activities of digital services to ensure ongoing security compliance. Including, mentoring, and upskilling of senior managers in cyber and information management issues.
- Lead your team to identify and undertake regular IT Health Checks including vulnerability and penetration testing in relevant areas, championing the culture of information security design throughout the lifecycle of IT services.
- Engage with project teams regarding security controls and ensure technical designs are reviewed to assess how the designs meet cyber and information assurance requirements.
- Ensure incident management plans are current and provide support for incident handling and reporting.
- Responsible for staff and budget management of your team.

**Essential Criteria**

Pro-active dynamic, visible leader who can simplify the complexities of information security and information management. Who possess:
- Experience developing and executing information security strategies, processes and services conforming to good practice.
- Have relevant experience ensuring the Integrity and Confidentiality of digital information and of working closely with colleagues to achieve high Availability.
- Experience of managing and ongoing professional development of a team of IT Cyber / Information Management professionals.
- Experience of managing cyber incidents from identification to successful recovery.
- A good understanding of cyber and information management risk relevant to a large-scale complex organisation.
- Practical experience of delivery, operat