Unite is currently undergoing a large modernisation project for its technology platform with a strong vision to leverage data to drive continuous innovation and delivery as our ambitions evolve. Our ability to manage our information and data protection risks and demonstrate compliance is vital to our continued success. In this role you will be part of the Risk and Assurance team where success will depend on building trust and being a `critical friend` to the wider business, working with teams to ensure Unite meets its information security obligations.

The key aim of the role is to support the Head of Information Security with the delivery and continuous improvement of information security services across the company. As the InfoSec Technical Manager, you will be part of delivering expert advice on information security, embedding a framework of compliance and compliance testing and using the results for continuous improvement. This is a wide-ranging role, and it includes working with all internal stakeholders. You will work across all initiatives to drive the agenda on information security.

What You`ll Be Doing

Relationship building with colleagues across Unite, including senior management and external stakeholders, is key to this role and you will have the experience, confidence, and credibility to do this. Some specific responsibilities are set our below:

Internal consultancy / Stakeholder engagement:

• Provide ad-hoc technical guidance and support where needed to colleagues across Unite
• Identify, design and deliver security control improvements
• Be part of security team projects, working collaboratively to deliver information security aspects
• IT Audit support co-ordination / management / follow-up
• Provide support to the Head of Information Security for the technical aspects of IS&DPC / IS&DPWG / Strategy / Activity tracking etc
• Prepare and present papers for Information Security and Data Protection Committee (IS&DPC)

Strategy

• Be an advocate and the Technical Security Lead for the Information Security Strategy / Technical Roadmap / control improvements
• Lead the implementation of the IS framework and target accreditation to ISO27001
• Actively manage IS and DP risks

Technical support areas

• Participate in the IT Architecture Review Group - bringing security considerations to the group
• SME security guidance for best technical security practices (business-wide, especially Projects, Change teams)
• SME point of escalation for the Security Operations Engineers
• Security control improvements (especially logging/SIEM), own the relationship with 3^rd party SIEM provider (once in place)
• Manage IT Service Desk escalations / approvals
• Participate in CAB - security considerations / approvals
• Attend Technical Design Authority (TDA) / TDA Triage - security considerations
• Provide technical support to the Head of Information Security, SecOps engineers and the IT department by advising on best practice in implementations of new technologies and identifying information security risks via risk assessments
• Operational support for external sharing solution
• Liaising with the 3^rd parties with regards to technical security

Assurance/ monitoring/ compliance

• Schedule and undertake security testing and monitoring, analyse the results and ensure remedial action is appropriate and completed
• Manage the Information Security Mailbox and monitor and act upon security alerts
• Threat feed monitoring and actioning / escalating as appropriate
• Monitor the Phish alert report and take action as appropriate;
• Own the security exceptions process
• Co-ordinate and respond to annual penetration testing - internal and external
• Work with the Head of Information Security and the IT Operations team to maintain Cyber Essentials + certification
• Complete POCs and POVs as required
• Support security products vendor engagement / licence renewals
• Manage technical metrics / KPIs process
• Ensure all technical security is documented and regularly reviewed to respond to emerging threats
• Monitor latest threats and respond to them timely and appropriately
• Design and implement a technical compliance monitoring framework; act on the results
• Instigate technical security improvements
• Management of LastPass

Incident/issue management and response

• Own the technical aspects of incident management
• Be the security lead in the investigation of information security and data protection breaches/ incidents and complaints; provide advice to the team as needed

What We`re Looking for in You

• Proven experience of information security with a strong hands-on technical security background within a large-scale Enterprise environment
• Direct experience of performing security risk assessments of applications and infrastructure within the Cloud
• Strong knowledge of information security standards (e.g., Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001) and Information Security Industry Good Practices
• Excellent understanding of security risk assessment and risk management methodologies, as well as software development lifecycles, especially in the context of building secure solutions in the public cloud
• Experience managing responses to Information Security Questionnaires, RFPs, and customer audits
• Strong IT literacy and technical awareness; able to work and communicate at different levels across technical / non-technical teams to achieve the necessary outcomes
• Demonstrable skills owning, articulating, and driving activities through collaboration with other teams in order to achieve organisation-wide security objectives
• Strong written and verbal communication skills, including the ability to create clear documentation and presentations to explain activities, requirements, plans, issues etc to interested parties
• Able to collaborate a wide group of stakeholders (internal and external) to ensure that security procedures are understood and upheld and driving best value for the business.
• Organised and able to prioritise workload
• Understands risk management and can effectively manage Information Security risks within an organisation
• Experience driving continuous improvement, opportunities for improvement and resolving non conformance
• Possessing strong analytical and auditing skills
• Ideally certified to advanced security standards, for example CISSP, CISM, CCSP or can demonstrate relevant experience and understanding at this level
• PMO experience
• Degree/MA/Academic qualification in a relevant subject would be beneficial

What You`ll Get in Return

• An annual bonus so you can share in the company`s success
• 25 days` paid holiday
• Pension - based on how much you save, we`ll contribute 1% more
• Flexible working opportunities
• Shared Parental Leave - 18 weeks full pay
• Other benefits include, ShareSave, Bike to Work, Charity Match, amazing discounts and more!

About Unite Students

Founded in 1991, Unite Students is a FTSE 100 business and the UK`s leading provider of purpose-built student accommodation. You can find us in 25 leading university towns and cities, with 74,000 students calling US home! We are driven by our values, culture, and a commitment to develop diverse and inclusive teams, filled with positive energy and new ideas.

Instinctive inclusion. We know that to create and maintain a happy healthy organisation, we have to work hard to ensure inclusion isn`t just what we do but who we are.

People make Unite Students. Employees, students and neighbours all contribute to building environments where we can all thrive.

Room for Everyone

We`re proud to be an employer that embraces individuality, and we`re passionate about building inclusive teams. We focus on creating a collaborative culture where you can be you, where your voice is heard, and where you can truly belong. We take great pride in being rated Gold Investors in People and are constantly striving to provide the highest standard of learning and development opportunities and professional pathways for our people. Building a home for success, for both our employees and students, requires exceptional people with a passion for creating room for everyone, doing what`s right, keeping US safe, and raising the bar. Join us as we build better experiences for students that live with us.

We are US.