Head of Information Security

**Job Description**:
**Job Title**:Head of Information Security

**Posting Start Date**:29/10/2025

**Job Id**:1784

**School/Department**:IT Services

**Work Arrangement**:Full Time (Hybrid)

**Contract Type**:Permanent

**Salary per annum (£)**:£61,759 - £69,488, potential to progress to £80,524

**Closing Date**:13/11/2025

The University of Sheffield is a remarkable place to work. Our people are at the heart of everything we do. Their diverse backgrounds, abilities and beliefs make Sheffield a world-class university.

We offer a fantastic range of benefits including a highly competitive annual leave entitlement (with the ability to purchase more), a generous pensions scheme, flexible working opportunities, a commitment to your development and wellbeing, a wide range of retail discounts, and much more.

**Overview**
- The University is seeking to enhance its Information Security function with the recruitment of the Head of Information Security.
- You will lead a high performing information security team, protecting the University from cyber attacks and providing assurance to the University and its partners on information security matters.
- Information Security has been a significant area of growth for the University and we are now focussed on continual improvement. You will work with the CISO to develop and embed mature and sustainable capabilities. As the leader of the Information Security function for the University you will build and develop the teams responsible for security operations, assurance, and identity and access management.
- You will be working in a high profile role in a trusted team who strive to ensure that information security activities enable research and education across the University. The team is based in the department of IT Services, responsible for the delivery of trusted IT services to the University.

**Main duties and responsibilities**
- Lead a high performing Information Security function to include;
- Security operations across threat intelligence, security testing, investigations and incident response
- Security assurance across risk management and compliance. Overseeing the development, implementation and management of policies, standards, procedures and strategies that align to adopted and forecasted security compliance frameworks
- Identity and Access Management. Responsible for the development and operations of core IDAM capabilities across account provisioning, authentication and housekeeping - using a breadth of both commercial and in-house tooling
- Build and maintain a high performing Information Security Team
- Effective and goal driven leadership and management of the University’s Information Security functions
- Manage the Information Security team leads; specifying the target operating model, defining specific job roles and responsibilities and supporting the team leads in managing performance
- Develop and mentor staff in the Information Security team and other supporting areas, as required
- Build and maintain strong relationships with, and influence over, key stakeholders, including security suppliers across the industry marketplace
- Ensure the team is an active member of the security community; including international HE communities and law enforcement
- Act as a trusted advisor to the CISO, deputising where required
- Authority to make operational and strategic decisions and representing the CISO at meetings as required
- Work in collaboration with the CISO to define and deliver the information security strategy and roadmap
- Deliver security projects and change
- Develop business cases for security improvements
- Aligning change with other initiatives delivered thorough product teams
- Delivering on University Strategy and goals outside of IT Services - e.g. strategic research partnerships
- Ensure resources are managed effectively to include the development of business cases and operational plans as well as tracking delivery and managing budgets
- Provide expert internal consultancy to senior stakeholders within the University in relation to security
- Carry out other duties, commensurate with the grade and remit of the post

**Person Specification**

**Criteria**

**Essential or desirable**

**Stage(s) assessed at**
Significant previous experience of information security in a large and complex organisation.EssentialApplication/interviewExpert knowledge of information security theory and practice, ideally demonstrated through a recognised Information Security professional qualification, e.g. CISM, CISSP, CISAEssentialApplication/interviewVision, strategy and planning - Ability to specify, maintain and uphold a strategic vision for security and embed that vision into yours and others plansEssentialApplication/interviewExperience of building, managing and motivating a high performing teamEssentialApplication/interviewAbility to support the development and improvement of information security governance, risk and compliance to support business activities,