Responsibilities include:- Developing and delivering the University’s strategy for information security governance, risk and compliance including shaping University policies, standards and guidance.- Leading the delivery of an Information Governance as a service to the University’s Medical Sciences Division, coordinating activity across relevant divisional stakeholders to develop and implement a comprehensive divisional information governance framework to ensure compliance with internal and external requirements.- Provide expert advice and take the strategic lead on a number of University-wide compliance programmes – including compliance with PCI-DSS, Cyber Essentials and the NHS Information Governance Toolkit.- Leading the development and implementation of a University-wide information security audit and assurance programme to assess the information security arrangements in units across the collegiate University.- Leading the development, implementation and maintenance of a University-wide information risk management framework including institutional asset management and information security risk assessment methodology.- Developing and implementing the University’s third party information security assurance programme, and overseeing the assessment of third party security audits.- Building and managing and a team of specialists in information security governance, risk and compliance- Shaping and leading the delivery of the University’s information security education and awareness programme- Establishing collaborative relationships and initiatives with key University stakeholders.- Developing and maintain tools and processes for recording and reporting on University’s information security maturity and compliance to senior stakeholders

My responsibilities include:- Establishing an Information Security Management System (ISMS) framework for the management and governance of Information Security within the University.- Formulating, developing, implementing and maintaining information security policies, practices and procedures- Advising on approaches towards and undertaking risk assessments- Identifying, evaluating and protecting information assets- Raising awareness of information security issues and delivering appropriate training- Working closely with the University’s Council Secretariat and Legal Services team to ensure that all of the University’s information processing systems comply fully with all relevant legislation (for example, the Data Protection Act, Computer Misuse Act, Regulation of Investigatory Powers Act, Human Rights Act).- Coordinating University-wide handling of security incidents

- Worked as part of a team responsible for designing and implementing the University’s central intrusion detection and response capability gaining operational experience of intrusion detection platforms such as SNORT.- Extensive experience of dealing with information security security incidents and confidential investigations.- Developed a University-wide information incident response scheme and was responsible for investigating causes of security incidents and writing reports with subsequent recommendations.- Planned and managed and delivered projects on time and within budget such as a project to trial a University-wide whole disk encryption service.- Maintained up-to-date knowledge of latest security technologies and developed expertise in encryption, delivered a trial of a University service for email encryption using PGP.