Head of Security Architecture & Compliance

About the Role

We're looking for a Head of Security Architecture and Compliance to lead and evolve our capability at Manchester Metropolitan University. This is a key leadership role at the forefront of our efforts to protect the University's systems, data, and people from cyber threats.

As Head of Security Architecture and Compliance, you'll be responsible for managing a skilled team of operational and enterprise security architects, ensuring the effective design and implementation of security frameworks, and driving continual improvements in policy, guidance, testing and reference architectures. You'll play a crucial role in shaping compliance strategy, embedding a measurable, proactive approach to validating cyber defence.

This is a highly collaborative role, requiring strong technical knowledge, excellent leadership skills, and the ability to communicate effectively across technical and non-technical audiences. You'll work closely with colleagues across Information Security, IT and wider university services to enhance our security posture and support the delivery of a major security and risk transformation programme, including a major refresh of framework and policy.

It's a unique opportunity to lead a growing team within a supportive and forward-thinking environment, where your work will make a measurable impact and help shape the future of cyber resilience in higher education.

Key Responsibilities

Lead and manage the Security Architecture and Compliance team, ensuring strategic alignment and operational cohesion across the two functions, and defining and monitoring strategic objectives, roadmaps, and outcomes for enterprise security architecture and compliance maturity. Identify and support professional development pathways to maintain cutting-edge capability in security architecture and compliance.

Act as the university's security design authority, developing, reviewing and approving security architectures for all significant IT initiatives and change programmes. Ensure security is embedded into enterprise IT architecture, change programmes, and digital transformation initiatives.
Develop and deliver a compliance strategy aligned with legislation(e.g., UK GDPR, Data Protection Act 2018, PCI-DSS), internal policies, external frameworks (e.g., NIST CSF, ISO 27001) and aligned with sector-specific best practice (e.g UCISA, NCSC)
Develop and deliver a Security Assurance Testing program, including internal and external audit, penetration testing and associated activities. Represent the university in regulatory or assurance activities and lead response to security audits and assessments.
Own the university's information security policy framework, ensuring policies are effective, enforceable, and reflective of regulatory and operational needs.
Provide strategic input into the security incident response capability, ensuring robust governance, timely escalation, and cross-functional collaboration with CSIRT and key stakeholders. Collaborate on the development and continual improvement of enterprise-wide remediation strategies and readiness planning.
Provide strategic insight for information security risk management, ensuring effective collaboration to maintain an accurate, prioritised, and actionable university-wide risk register.
Set the strategic direction for third-party cybersecurity risk management, ensuring supplier assurance processes are robust, proportionate, and aligned with institutional risk appetite and compliance obligations. Ensure the development and maintenance of a scalable third-party risk assessment framework, directing the gathering, analysis, and communication of cybersecurity risk data related to critical suppliers and partners.
Define and oversee the university-wide security awareness and education strategy, ensuring programmes are impactful, data-informed, and tailored to the needs of both technical and non-technical audiences. Direct the identification and evaluation of key human-related cybersecurity risks, driving institution-wide initiatives to address behavioural vulnerabilities and promote secure working practices, using metrics and feedback mechanisms to inform programme improvements and executive reporting.
Collaborate closely with the Deputy CISO and security leadershipto shape strategic direction, enhance service integration, and foster a culture of continuous improvement.

Key Skills & Experiences  

Proven leadership in cyber security, with experience managing Architecture and Compliance or equivalent functions, including oversight of both internal systems and processes and external partners.

Track record of developing and implementing policy frameworks, including reference architectures, detailed technical controls and supporting awareness and guidance, to ensure efficient, consistent operations.
Experience in designing and reporting on KPIs, SLAs, and performance metricsto monitor compliance, drive continual improvement, and provide visibility to senior leadership.
Expertise in risk management, acting as a senior point of escalation and coordination, ensuring effective and prioritised remediation and stakeholder communication.
Experience leading and developing high-performing teams, fostering a collaborative, inclusive culture aligned to organisational goals.
Strong technical backgroundin security architecture, with hands-on experience using industry-standard tools and platforms.
Capability to manage outsourced testing, aligning partner activities with internal goals, setting performance expectations, and maintaining quality service delivery.
Strategic thinking and planning ability, including the development of technical roadmaps, risk mitigation strategies, and resource alignment for both BAU and project work.
Strong stakeholder engagement skills, with the ability to explain complex security issues to non-technical audiences and build trusted relationships across teams.
Agile, collaborative leadership style, focused on mentoring team members, encouraging professional growth, and cultivating a culture of proactive security.
Commitment to continuous improvement and industry engagement, staying current with evolving threats, technologies, and best practices.

Highly Desirable Certifications

Industry-recognised certifications such asCISSP,CISM,GIAC (e.g., GDSA, GCIH, GCIA), andCompTIA CASP+

Framework-related qualifications (e.g.ISO 27001 Lead Implementer/Auditor,NIST CSF,TOGAForSABSA) demonstrating capability in structured security operations and strategic alignment.

To learn more about this exciting opportunity and benefits we offer, please read the job description and candidate pack provided below.

About the Team

Our Security Architecture and Compliance team plays a vital role in safeguarding the University's digital environment. We protect a diverse community of students and staff and systems by designing and implementing the frameworks needed to protect our information and services. Part of the wider Information Security function, the team includes multi-skilled Enterprise and Operational Security Architects who work together with professionals across the wider IT& Digital department to provide a coordinated and effective cyber defence capability.

We align our work with recognised frameworks such as the NCSC Cyber Assessment Framework (CAF), NIST CSF, and CIS Controls, ensuring we keep pace with industry best practice while tailoring our approach to the unique challenges of the higher education sector. 

As part of the team, you'll contribute to a supportive and collaborative environment where ideas are valued, development is encouraged, and your work has a clear and lasting impact. Looking ahead, the Head of Security Architecture and Compliance will play a central role in delivering a major security and risk transformation programme—an exciting opportunity to shape the future of cyber resilience at Manchester Met.

About the Directorate & Department

As IT&D, we help to create the University of the future by co-designing new ways of working, enhancing productivity, reducing complexity, supporting innovation, and providing the insights to drive continual improvement. Embracing a digital future in an evolving modern university, you will be working in partnership with our academic and Professional Services colleagues to deliver digital services that help the University achieve its strategic objectives in teaching and research, nationally & globally.

Our Information Security department is responsible for developing, operating, and continuously improving information security across the University, ensuring the availability, confidentiality, and integrity of its information. We define information security policies and procedures, advise on secure IT arrangements, provide training and practical advice that the University can use to meet business requirements while maintaining security. We are responsible for information security risk management and compliance, and the monitoring of IT systems to prevent, detect, and respond to attacks.

Application & Assessment Process