Engineer the Quantum RevolutionYour expertise can help us shape the future of quantum computing at Oxford Ionics.

View Open Roles

Head of Security Architecture & Compliance

Manchester Metropolitan University
Greater Manchester
1 month ago
Applications closed

Related Jobs

View all jobs

Cyber Security Analyst

Senior Cyber Security Analyst

Chief Information Security Officer – Managing Director

Head of Engineering

Senior Information Security Analyst

Assistant Vice President, Penetration Tester

About the Role

We're looking for a Head of Security Architecture and Compliance to lead and evolve our capability at Manchester Metropolitan University. This is a key leadership role at the forefront of our efforts to protect the University's systems, data, and people from cyber threats.


As Head of Security Architecture and Compliance, you'll be responsible for managing a skilled team of operational and enterprise security architects, ensuring the effective design and implementation of security frameworks, and driving continual improvements in policy, guidance, testing and reference architectures. You'll play a crucial role in shaping compliance strategy, embedding a measurable, proactive approach to validating cyber defence.


This is a highly collaborative role, requiring strong technical knowledge, excellent leadership skills, and the ability to communicate effectively across technical and non-technical audiences. You'll work closely with colleagues across Information Security, IT and wider university services to enhance our security posture and support the delivery of a major security and risk transformation programme, including a major refresh of framework and policy.


It's a unique opportunity to lead a growing team within a supportive and forward-thinking environment, where your work will make a measurable impact and help shape the future of cyber resilience in higher education.


Key Responsibilities

Lead and manage the Security Architecture and Compliance team, ensuring strategic alignment and operational cohesion across the two functions, and defining and monitoring strategic objectives, roadmaps, and outcomes for enterprise security architecture and compliance maturity. Identify and support professional development pathways to maintain cutting-edge capability in security architecture and compliance.


Act as the university's security design authority, developing, reviewing and approving security architectures for all significant IT initiatives and change programmes. Ensure security is embedded into enterprise IT architecture, change programmes, and digital transformation initiatives.
Develop and deliver a compliance strategy aligned with legislation(e.g., UK GDPR, Data Protection Act 2018, PCI-DSS), internal policies, external frameworks (e.g., NIST CSF, ISO 27001) and aligned with sector-specific best practice (e.g UCISA, NCSC)
Develop and deliver a Security Assurance Testing program, including internal and external audit, penetration testing and associated activities. Represent the university in regulatory or assurance activities and lead response to security audits and assessments.
Own the university's information security policy framework, ensuring policies are effective, enforceable, and reflective of regulatory and operational needs.
Provide strategic input into the security incident response capability, ensuring robust governance, timely escalation, and cross-functional collaboration with CSIRT and key stakeholders. Collaborate on the development and continual improvement of enterprise-wide remediation strategies and readiness planning.
Provide strategic insight for information security risk management, ensuring effective collaboration to maintain an accurate, prioritised, and actionable university-wide risk register.
Set the strategic direction for third-party cybersecurity risk management, ensuring supplier assurance processes are robust, proportionate, and aligned with institutional risk appetite and compliance obligations. Ensure the development and maintenance of a scalable third-party risk assessment framework, directing the gathering, analysis, and communication of cybersecurity risk data related to critical suppliers and partners.
Define and oversee the university-wide security awareness and education strategy, ensuring programmes are impactful, data-informed, and tailored to the needs of both technical and non-technical audiences. Direct the identification and evaluation of key human-related cybersecurity risks, driving institution-wide initiatives to address behavioural vulnerabilities and promote secure working practices, using metrics and feedback mechanisms to inform programme improvements and executive reporting.
Collaborate closely with the Deputy CISO and security leadershipto shape strategic direction, enhance service integration, and foster a culture of continuous improvement.

Key Skills & Experiences  

Proven leadership in cyber security, with experience managing Architecture and Compliance or equivalent functions, including oversight of both internal systems and processes and external partners.


Track record of developing and implementing policy frameworks, including reference architectures, detailed technical controls and supporting awareness and guidance, to ensure efficient, consistent operations.
Experience in designing and reporting on KPIs, SLAs, and performance metricsto monitor compliance, drive continual improvement, and provide visibility to senior leadership.
Expertise in risk management, acting as a senior point of escalation and coordination, ensuring effective and prioritised remediation and stakeholder communication.
Experience leading and developing high-performing teams, fostering a collaborative, inclusive culture aligned to organisational goals.
Strong technical backgroundin security architecture, with hands-on experience using industry-standard tools and platforms.
Capability to manage outsourced testing, aligning partner activities with internal goals, setting performance expectations, and maintaining quality service delivery.
Strategic thinking and planning ability, including the development of technical roadmaps, risk mitigation strategies, and resource alignment for both BAU and project work.
Strong stakeholder engagement skills, with the ability to explain complex security issues to non-technical audiences and build trusted relationships across teams.
Agile, collaborative leadership style, focused on mentoring team members, encouraging professional growth, and cultivating a culture of proactive security.
Commitment to continuous improvement and industry engagement, staying current with evolving threats, technologies, and best practices.

Highly Desirable Certifications

Industry-recognised certifications such asCISSP,CISM,GIAC (e.g., GDSA, GCIH, GCIA), andCompTIA CASP+


Framework-related qualifications (e.g.ISO 27001 Lead Implementer/Auditor,NIST CSF,TOGAForSABSA) demonstrating capability in structured security operations and strategic alignment.

To learn more about this exciting opportunity and benefits we offer, please read the job description and candidate pack provided below.


About the Team


Our Security Architecture and Compliance team plays a vital role in safeguarding the University's digital environment. We protect a diverse community of students and staff and systems by designing and implementing the frameworks needed to protect our information and services. Part of the wider Information Security function, the team includes multi-skilled Enterprise and Operational Security Architects who work together with professionals across the wider IT& Digital department to provide a coordinated and effective cyber defence capability.


We align our work with recognised frameworks such as the NCSC Cyber Assessment Framework (CAF), NIST CSF, and CIS Controls, ensuring we keep pace with industry best practice while tailoring our approach to the unique challenges of the higher education sector. 


As part of the team, you'll contribute to a supportive and collaborative environment where ideas are valued, development is encouraged, and your work has a clear and lasting impact. Looking ahead, the Head of Security Architecture and Compliance will play a central role in delivering a major security and risk transformation programme—an exciting opportunity to shape the future of cyber resilience at Manchester Met.


About the Directorate & Department


As IT&D, we help to create the University of the future by co-designing new ways of working, enhancing productivity, reducing complexity, supporting innovation, and providing the insights to drive continual improvement. Embracing a digital future in an evolving modern university, you will be working in partnership with our academic and Professional Services colleagues to deliver digital services that help the University achieve its strategic objectives in teaching and research, nationally & globally.


Our Information Security department is responsible for developing, operating, and continuously improving information security across the University, ensuring the availability, confidentiality, and integrity of its information. We define information security policies and procedures, advise on secure IT arrangements, provide training and practical advice that the University can use to meet business requirements while maintaining security. We are responsible for information security risk management and compliance, and the monitoring of IT systems to prevent, detect, and respond to attacks.


Application & Assessment Process

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Seasonal Hiring Peaks for Cybersecurity Jobs: The Best Months to Apply & Why

The UK's cybersecurity sector has emerged as one of the most critical and lucrative technology markets, with roles spanning from security analysts to penetration testers and chief information security officers. With cybersecurity positions commanding salaries from £28,000 for junior security analysts to £140,000+ for senior security architects, understanding when organisations actively recruit can dramatically impact your career trajectory in this essential field. Unlike traditional IT sectors, cybersecurity hiring follows distinct patterns influenced by threat landscapes, regulatory compliance cycles, and incident response requirements. The sector's unique combination of perpetual threat evolution, regulatory pressures, and skills shortages creates predictable hiring windows that strategic professionals can leverage to advance their careers in protecting Britain's digital infrastructure. This comprehensive guide explores the optimal timing for cybersecurity job applications in the UK, examining how cyber threat cycles, compliance deadlines, and government initiatives influence recruitment patterns, and why strategic timing can determine whether you join a cutting-edge security consultancy or miss the opportunity to defend against tomorrow's cyber threats.

Pre-Employment Checks for Cyber Security Jobs: DBS, References & Right-to-Work and more Explained

The cyber security sector in the UK stands at the forefront of protecting national infrastructure, business operations, and personal data from increasingly sophisticated cyber threats. As organisations across all sectors recognise cyber security as a critical business function, employers are implementing the most rigorous pre-employment screening processes in the technology industry to ensure they recruit professionals capable of defending against advanced persistent threats and maintaining the highest standards of security and trustworthiness. Whether you're a penetration tester, security analyst, incident response specialist, or chief information security officer, understanding the comprehensive vetting requirements is essential for successfully advancing your career in this security-critical field. This detailed guide explores the extensive background checks and screening processes you'll encounter when applying for cyber security positions in the UK, from fundamental eligibility verification to the most stringent security clearance requirements and specialised threat intelligence assessments.

Why Now Is the Perfect Time to Launch Your Career in Cyber Security: The UK's Digital Defence Revolution

The United Kingdom faces an unprecedented cyber security challenge that presents an extraordinary career opportunity. With cyber attacks increasing by 300% year-on-year and the average cost of a data breach reaching £4.24 million, Britain urgently needs skilled cyber security professionals to defend its digital infrastructure, protect citizens' data, and maintain national security in an increasingly connected world. If you've been considering a career change or seeking to future-proof your professional trajectory, cyber security represents one of the most secure, well-compensated, and socially impactful career choices available. The convergence of escalating threats, skills shortage, government investment, and regulatory requirements has created a perfect storm of opportunity that shows no signs of abating.