Group Systems Security Manager

Group Systems Security Manager 23-month fixed-term contract Manchester: £74,818 - £84,453 Milton Keynes: £77,903 - £87,936 Hybrid (2 days per week in the office) Introduction This key role will help shape group wide security at a pivotal time of growth, as AQA expands into digital exams and international markets. You'll play a key role in strengthening how we protect our systems and information while supporting innovation across a complex, modern technology estate. As threats continue to evolve, you'll apply sound judgement and a balanced, thoughtful approach to ensure security enables progress rather than slows it down. This is a chance to influence meaningful change, work with a wide range of teams and make a visible impact on an organisation with a clear educational purpose Purpose of the role You will operate within AQA's Enterprise Technology Security & Risk team to provide security consultancy, oversight and assurance across the Group. You will maintain and evolve the Information Security Management System (ISMS) and ensure solutions and services proportionately balance security needs with desired business outcomes, supporting AQA's mission to benefit learners of all abilities. Key responsibilities Provide security consultancy and oversight across Enterprise Technology and the wider Group, ensuring solutions meet business and security requirements and align with ISO 27001. Own and evolve ISMS policies, standards and audits; lead incident response and supplier assurance; surface risks and drive mitigation and prevention. Partner with business areas to embed secure ways of working; plan and deliver periodic security testing and technology security roadmaps across systems and services. What we are looking for A strong track record in providing information security, cyber security and data protection advice and guidance. A solid background in managing information security, cyber and data protection risks. Confident handling of security incidents, including events, weaknesses and breaches. A proven ability to deliver supplier and third party security assurance. Skilled in acting as a security SME within programmes or projects, with good working knowledge of ISO27001. What's in it for you 25 days' annual leave, rising to 30 with service, plus bank holidays and extra closure days at Christmas a 35-hour working week with flexible working arrangements an excellent contributory pension scheme (6%-11.5% depending on your contribution) life assurance, BUPA PMI, and health cash plan enhanced maternity and paternity schemes Diversity and inclusion statement At AQA, we are committed to fostering a workplace that celebrates diversity and promotes equity and inclusion. We believe that a diverse team brings richer perspectives and drives better outcomes. Our ED&I strategy ensures that everyone-regardless of religion, ethnicity, gender identity or expression, age, disability, sexual orientation, or background-is valued, respected, and empowered to thrive. We actively promote inclusive language, avoid stereotypes, and strive for representation across all dimensions of diversity. We welcome applications from individuals of all backgrounds and lived experiences. Application process To apply, submit your CV by following the link provided. Application deadline: Sunday 1st March First stage interviews will take place via MS Teams w/c 2nd March and second stage will take place in person w/c 9th March. Recruitment Agencies We have a preferred supplier list (PSL) in place.Unsolicited CVs will be treated as a gift. We will not be subject to or liable under your terms and conditions for agency fees. Full Job Description Summary Purpose: As System Security Manager you will operate within the (Enterprise Technology) Security & Risk team working closely with the Head of Architecture & Security and the Enterprise Security Manager. You will lead on the delivery of a range of security related services, delivering consultative security guidance and support with the goal of ensuring that IT solutions and services meet key business and security requirements. By providing a security consultancy support service to colleagues and business stakeholders you will deliver effective and pragmatic security related advice, guidance, direction and liaison across technology and business stakeholders shaping and guiding to deliver solutions to proportionately balance security needs and desired business outcomes. Facilitating a security consultancy service and approach to positively influence and evolve the information technology landscape across Enterprise / Assessment technology and wider AQA Group, providing overarching security oversight and compliance assurance. Supporting the delivery of effective security strategies within Enterprise Technology and engaging with key stakeholders across Assessment Technology and wider Group entities to ensure alignment and oversight of approaches, where appropriate taking ownership of and resolving (or escalating), related issues or concerns you identify.Landscape: The Enterprise Technology Division sits within the Group Corporate Services Office, enabling the centralised delivery of core corporate services across the AQA Group. In addition, Enterprise Technology operates in close partnership with Assessment Technology, Programme Management and AQA Group subsidiaries, collectively delivering the full IT service portfolio of current operations to future change programmes. Due to the nature of the role and function, stakeholder engagement with colleagues / teams within other AQA UK locations may be required. Key relationships: Key internal (AQA Education and AQA Assessment Services Limited) relationships AQA Divisional Heads / Cx Levels Enterprise Technology functions AQA Assessment Technology architecture and development teams AQA Education business functions Relevant subsidiaries and functions across the AQA Group Key external relationships Third-party technology providers Relevant third-party service providers / suppliers Activities: To maintain the required knowledge and expertise across the following domain areas of security to support the delivery of appropriately secure solutions: Physical Infrastructure (Endpoint / Network / Cloud) Application Data / Information People / Human Develop, take ownership of, and maintain policies, procedures, guidance and standards that make up the AQA Information Security Management System, evolving them in line with business drivers and goals to establish robust yet flexible and adaptive controls. Support the Enterprise Security Manager in the implementation and periodic refreshes of the AQA security strategy, leading on specific areas as required and actively participating, contributing, controlling and managing relevant security communities, forums and design authorities. Directly contribute to the definition and verification of and adherence to technical security standards covering areas such as application, infrastructure, data / information and physical security, access control, system resilience / reliability / recovery and storage / network security architectures etc. Take ownership, work with, and support business stakeholders and Enterprise Technology colleagues in the design and delivery of appropriately scoped technical security policies, processes, and procedures, ensuring that they are disseminated across all relevant areas and understood by all stakeholders and audiences. Undertake purposeful 'horizon scanning' ensuring that AQA is positioned well to be able to benefit from emerging security technologies, architectures and standards. Research and explore opportunities for solutions to meet AQA's business objectives and develop clear cost benefit analysis for the adoption of