Head of Information Security

Title: Head of Information Security

Department: Technology

Location: Sheffield or London

Full time, permanent

Salary: £90,000

Tes is an international provider of software-enabled services passionate about using technology to make life easier for schools and teachers. All products and services are built with teachers and schools needs at the core, ensuring they are innovative, trusted education solutions. 

Role overview:

Reporting into the Group IT Director, the Head of Information Security is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which Tes operates. The Head of InfoSec is responsible for identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing Tes` EdTech SaaS transformation business objectives.

An important element of the Head of InfoSec`s role is to establish the most optimised security operating model for Tes while balancing risk with investment. The ideal candidate will have a track record of delivering business benefits by balancing the need to protect the organisation with the need to do business.

The Head of InfoSec position requires an enterprise-minded and visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. In addition, the Head of InfoSec will be viewed as a business leader and should have a track record of competency in the field of information security and/or risk management, with seven to 10 years of relevant enterprise grade experience, including five years in a significant leadership role.

Key Responsibilities:

• Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
• Create the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
• Responsible for ensuring engagement from key stakeholders and helping them define the risk appetite of the firm.
• Facilitate ongoing management of security steering committee. Advise management on how best to securely exploit technology to drive the business`s transformation aspirations.
• Oversee security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
• Ensure effective measures are put in place to protect Tes internal / customer data in line with current legislations.
• Developing and embedding mature processes that focus on Risk Management and incident response. Carry out risk assessments and conducting frequent GDPR compliance audits.
• Work with stakeholders to develop Business Continuity and Disaster Recovery plans across the business.
• Advise Platform Engineering, Development, Product teams on SDLC security architecture and how to continually reduce the attack surface.
• Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of said documents.
• Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at executive levels.
• Monitor advancements in educational technologies and threat horizons.

What will you need to succeed?

• Hold at least one of the following Security Management Certifications: CISM, CISSP, CSSLP, CISA, AWS Certified Security Specialty.  (CISSP preferred)
• Leading Information Security functions in Enterprise-scale / software development environments essential.
• Minimum of seven to 10 years of experience in a combination of risk management, information security and IT jobs. (at least five must be in a senior leadership role)
• Proven experience in benchmarking against ISO27001 and NIST frameworks.
• Strong understanding of technical architecture and security aspects of infrastructure, application, web and cloud technologies.
• Demonstrable security-related experience in public cloud platforms (mostly AWS). In-depth knowledge of security services available in these platforms and how they can be applied to strengthen security posture in a SaaS business.
• Strong interpersonal skills - Senior stakeholder negotiation and influence / external vendor relationships. Excellent written and verbal communication skills with the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
• Proven experience of Least Privileged / Zero Trust adoption, Data Leakage Protection strategies in enterprise businesses.
• Strong experience having developed and managed business continuity and disaster recovery plans for large-scale SaaS businesses.
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Must be a collaborative security leader with strong business acumen, critical thinker and have effective problem-solving skills.
• In-depth knowledge and understanding of Data Protection legislation, especially the UK Data Protection Act 2018 (GDPR) and the Australian Privacy Act 1988 and how to effectively apply controls across the business.
• Deep understanding of data security across the business.
• Experience working with third-party managed service suppliers including outsourced SOC.
• Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
• Project management skills, financial/budget management, scheduling, and resource management.
• Approachable personality.
• High level of integrity and confidentiality.
• Team player.

What do you get in return?

• 25 days annual leave rising to 30
• 5% pension after probation
• State of the art city centre offices
• Access to a range of benefits via My Benefits World
• Discounted city centre parking 
• Free eye care cover
• Life Assurance
• Cycle to Work Scheme
• EAP (Employee assistance programme)
• Monthly Tes Socials
• Access to an extensive Learning and Development menu

Who are Tes?

Tes has been supporting the education sector for over a century, growing and changing alongside the evolution of education. Today, Tes is focused on providing digital solutions to support school leaders and teachers with wellbeing, continuous professional development, safeguarding, SEND provision, flexibility through timetabling, and pupil behaviour management. 

Our Vision is to power schools and enable great teaching worldwide, by creating intelligent online products and services to make the greatest difference in education. 

Tes has over 13m teachers in its online community and working relationships with 25,000 schools in over 100 countries. Tes helps schools find the teachers they need via a range of recruitment solutions; brings new teachers into the profession through initial teacher training; provides teachers with continuous professional development and world class safeguarding training. It also offers a range of expert tools for the classroom from timetabling, SEND provision, and behaviour management solutions to dynamic staff surveying and wellbeing tools. Tes brings educators together online so they can share expertise and teaching resources and it provides them with vital information, research and analysis about education via its fully digital Tes Magazine. 

Tes is a global company employing over 600 people and operating across 10 offices, including in London, Sheffield, Hong Kong, Sydney, and Dubai. 

We are proud of our people centric culture where everyone is driven to achieve the same goal. We are an agile organization striving for continuous improvement. We invest in our people with extensive learning and development opportunities and support our colleagues with various mentoring and career enhancement programmes.

Tes Global will ensure all qualified applicants receive consideration for employment without regard to race, sex, colour, religion, sexual orientation, gender identity, national origin or on the basis of disability.  We invite applicants to contact us directly to identify any additional support required.

www.tes.com/tesglobal