This role is with a housing association within the UK and offers flexible hybrid working 

Role profile for the position of

Head of Information Security

OD Level: 2

Reports to: Director of IT (Infrastructure & Infosec) Main purpose of the role

Leadership and management of the security function, managing, reviewing, and maturing the design, selection of and implementation of security controls to reduce resilience and security risks to our clients information assets. Developing and fostering security awareness throughout the business and providing governance and assurances on the effectiveness of the security program. Influencing stakeholders across the organisation to win support for security and resilience initiatives.

Key Accountabilities

• Develop and lead an effective, high-performance Information Security team by retaining and attracting

key talent and ensure continuous improvement in staff competencies, skills and knowledge.

• Support your Director to develop and implement an information security strategy that aligns with our clients goals and objectives.

• Define the vision, mission, and long-term goals for information security.

• Develop, evaluate and monitor a set of Key Performance Indicators for the Information Security team, driving performance and taking actions to ensure targets, objectives and standards are exceeded or met.

• Foster a culture of innovation and continuous improvement that encourages, engages and supports an elevated level of professional development and personal responsibility.

• Advise Clarion senior leadership and other relevant stakeholders to enable effective decision making on information security matters.

• Mature and maintain organisational security policies, standards, and processes to protect information assets.

• Ensure compliance with legal and regulatory requirements related to data protection, financial information and privacy.

• Lead incident response and disaster recovery efforts in the event of security compromise or incidents.

• Identify and assess information security risks, implementing risk mitigation measures and monitor risk exposure.

• Design and maintain a robust security architecture

• Promote security awareness across Clarion and conduct training sessions for employees on security

best practises.

• Promote security awareness across the organization.

• Assess and manage security risks associated with third-party vendors and the supply chain through

onboarding and regular reviews

• Oversee security operations, including monitoring, threat detection, and vulnerability management.

• Deliver cost effective solutions to protect Clarions information assets.

Mandatory Head of Service Accountabilities:

• Has a robust understanding of the housing association sector and good understanding of the wider

social housing and commercial housing sectors. Has a good awareness of the political, economic, and regulatory environment in which housing associations operate. Understands who key players are in the housing association sector and how our clients business model differs from theirs

• Has a detailed knowledge and understanding of the policies, procedures and decision making framework relevant to your role. Understands legislative and regulatory requirements relevant to your role. Exercises judgement and discretion in the delivery of proportionate responses to any potential regulatory, assurance, and governance breaches or risks. Able to forecast, identify and resolve emergent risks to the business. Reports on the business in a transparent and evidence based manner. Appreciates the interconnectedness of different business functions, and knows where to go in business to find relevant information.

• Has a complete understanding of health and safety legislation relevant to your role and area of the business. Ensures health and safety is used as a pro-active tool to improve results and performance across the business. Has a clear understanding of both the desired and actual environmental impact in the short, medium, and long term of climate change upon the business.

• Takes accountability for the quality of data that business decisions in your area are based upon. Able to synthesise a range of quantitative and qualitative datasets and makes effective decisions based upon your findings. Able to produce clear, accurate, comprehensible data relevant to your needs and the needs of colleagues. Has a robust understanding of data governance and protection. Follows up quickly and appropriately on any reported or suspected data breaches.

• Has a detailed knowledge and understanding of Supplier Relationship Management and Contract Management. Designs and ensures mechanisms are adopted to deliver contract outcomes within budget, improves performance and continually shares trends analysis on performance with stakeholders. Identifies dependencies and associated responses, ensuring the contract continues to meet its objectives and agree measures to manage consequences to suppliers. Provides insight and direction around the dispute process and draws on expertise to review the contract exit plans, including during the life of the contract, and ensures its delivery.

• Undertakes any other duties and responsibilities of an equivalent nature as required

Experience and pre-qualification criteria

Essential

• Significant experience at Head of Service level responsible for managing cyber resiliency and

information security in a large multisite organisation.

• Substantial experience of managing and leading a high performing team operating at an operational level within a diverse organisation.

• Excellent stakeholder management and communication, negotiation and influencing skills at all levels of the organisation including executive leadership teams.

• A record of accomplishment in the management and delivery of transformational service management improvements across an organisation.

• Exceptional communication skills with the ability to convey concepts to non-technical audiences.

• Extensive experience at engaging, influencing and managing stakeholders across departmental and organisational boundaries up to and including CEO level.

• Substantial experience in leading, developing and motivating a team of subject matter experts.

• Highly experienced in the implementation and application of information security standards and frameworks with certification and successful re-audits of organisations to Cyber Essentials,

ISO27001:2022.

• Extensive (present or past) hands-on technical experience of at least one IT or cyber security discipline

(e.g. security engineer, security operations analyst, incident responder or penetration tester).

• Skilled in determining, establishing, and maintaining appropriate security strategies, risk management, policies, standards, and procedures for protecting Clarion’s information security assets.

• Extensive knowledge of security technologies, including, network, application, identity and access management and encryption.

• Experience of managing or investigating an information security incidents and investigations at all levels.

• Capable of influencing change in areas of business outside of direct authority.

• Significant experience of managing supply chain resilience and compliance

Desirable

• BSc/MSc Computer Science or IT-related academic qualification (or equivalent experience); and/or professional training and accreditation such as CREST, SANS, OSCP, CISSP, CISA or CISM (or equivalent experience).

• Knowledge of legal and regulatory requirements that could affect security requirements within the housing sector.

• Familiarity with cloud security principles, including knowledge of Microsoft cloud services and security products.