Head of IT & Security (Technology & Infrastructure)

Principles of Responsible Investment

Head of IT & Security (Technology & Infrastructure)

Full Time & Permanent

Hybrid (Minimum of 2 days per week in the office)

Salary – £66,000 – £78,000

(Please note this role is being exclusively managed by Megan Dack @ Goodman Masson, please contact her directly – megan.dack@goodmanmasson.com

About the PRI

The PRI is the world’s leading proponent of responsible investment. It works to understand the investment implications of environmental, social and governance (ESG) factors and to support its international network of investor signatories in incorporating these factors into their investment and ownership decisions.

The PRI’s three distinct capabilities relate to the core elements of the PRI’s approach to achieving a sustainable financial system.

• Translate RI (Responsible Investment) thought leadership into insights and practical support that is tailored to what signatories need to progress their RI practice

• Convene our vast network to create opportunities for collaborative action

• Harness our global scale to influence policymakers and regulators to effect system change

Job Description

The Head of IT and Security will be responsible for providing leadership of the IT infrastructure strategy and maturity to the IT operations, bringing your technical experience and expertise to help us build and deliver new capabilities within the infrastructure and security domain. You will be hands on as well as capable of managing technology projects and change management to improve the business process and IT systems.

The Head will report into and work closely with the Director of Technology and Infrastructure to embed the leadership in business partnering, people development, continuous improvement culture, and ideally with experience working for global organisation.

Core Responsibilities:

Team Management:

• Manage a team of IT support and security team to provide high quality support to the business users and signatories
• Manage staff development and performance to achieve balanced business knowledge through business partnering and participation of knowledge sharing sessions.
• Champion continuous process improvement culture, embedding best practices and ways of working across the organisation.
• Drive efficiency through the automation of common/frequent internal processes.
• Ensure all work is completed within budget and aligned with business planning, while managing costs efficiently to maximize savings.
• Contribute to the ongoing evolution of the technology operating model and its delivery, including team’s business plan and budget.
• Support the Director of Technology and Infrastructure in set the vision, purpose and culture of the Technology team.
• Provide regular reporting to the Director of Technology and Infrastructure and Chief of Operations Officer as required.

IT Infrastructure & Operations:

• Oversee IT Helpdesk and ensure SLAs are in place and tickets managed efficiently.
• Manage the team to provide effective technical support to the wider business, business with signatories’ issues and problem management as required
• Manage end-user hardware provisioning, updates, security, connectivity and configuration, and ensuring systems administration and maintenance are delivered to expectations (e.g. patching of servers, backup.)
• Provide 1st and 2nd line business applications support as required, e.g. Salesforce, Sage, Data Portal, Reporting Assessment, Collaboration Platform, Academy Learning System
• Manage resolution of technical problems escalated by the service desk as they arise with the extended technology team or via 3rd party support contracts.
• Management of 3rd party infrastructure partners ensuring services meet PRI needs in a cost effective manner.
• Manage the team to provide extended out of office hours support for critical or exceptional situation

Incident response:

• Lead on responding to major technical incidents e.g. system outage, service disruption, cybersecurity, data breach, etc.
• In collaboration with the IT Leadership team, develop a Major Incident Management process, communications and mitigation plans.
• Act as the main IT lead for BCP and DRP, supporting the team and work closely with the Business Continuity Incident Team until services are back into full operational mode.

Projects:

• Provide technical expertise to the IT team and to business projects to ensure solutions are aligned to our technology roadmap and are secure, supportable and scalable.
• Manage infrastructure projects and enhancements (e.g. server upgrades, network enhancements, migration to Azure.)
• Manage other internal IT projects as needed (e.g. technology modernisation, security, operational resilience, ISO/IEC 27001 programme of work).
• Develop the IT service model, catalogue and the end-to-end ticketing process that enables effective triage resolution e.g. Reporting team, Signatory Experience team
• Develop the roadmap for end user computing and new ways of working (e.g. productivity enhancements, cooperative collaboration, enhanced ways to communicate)
• Develop the Infrastructure architecture roadmap that aligns with the Technology and Digital transformation programme with a focus on resilience, scalability and new ways of working.

Security and Compliance:

• Support the roadmap for Cybersecurity to update our systems and services to be best in class for passive and active protection, including firewalls, antivirus, threat monitoring, spam/phishing
• Develop and implement Information Technology and Security policies, procedures, and protocols to ensure company’s IP are secured, and kept up-to-date
• Identify risks to systems and the IT infrastructure, creating mitigations and ensuring these are communicated and understood.
• Manage the development and implementation of the security strategies to achieve the targeted technology resilient and compliancy
• Ensure regular penetration testing occurs to maintain the security of our data and in support of obtaining and maintaining standards such as ISO/IEC 27001.
• Ensure that all business and signatory-facing applications, as well as the overall IT environment, adhere to regulatory requirements, industry standards, and best practices related to data security and privacy.

Person Specification

• Leadership Skills (including role-modelling positive behaviours, being genuine and vulnerable, driving change and making things happen) and the ability to think strategically and systemically and act for the long-term benefit of the organisation.
• Well-developed people management skills (including providing feedback & challenge, coaching, and developing individuals) and the experience to build and lead high performing hybrid teams.
• Strong working experience in IT Operations, infrastructure and security domain such as
• Office365, Exchange Online, Intune, Azure Cloud, Azure AD, Windows Server, SQL
• Technical and security policies, configurations, access management
• Network security, networking, firewalls, DHCP, VLAN, VPN, Cisco Meraki, Wi-Fi
• PaaS / IaaS / SaaS / cloud
• Atlassian Jira, Asana (desirable)
• Strong working experience in IT and business projects delivery
• Demonstrable working experience in Crisis Management related to information and cyber-attack, phishing, data breach incidents, including participation in BCP and/or DRP exercise.
• Experience in developing IT policies and controls, IT and Data Governance, GDPR, SCO2 (desirable)
• Experience in managing cybersecurity and operational resilience domain, ability to develop risk mitigation plan and onboarding new technologies, services and applications
• Experience in security applications and tools (SIEM products), sound knowledge of security frameworks e.g. NIST, CIS controls, ISO/IEC 27001, Cyber Assessment Framework (desirable)
• Experience with managing suppliers and 3rd party providers to ensure contractual commitments are met, including negotiating the scope of work, development, enhancement, upgrades.
• Experience in managing application solutions hosted both on traditional infrastructure and in the cloud is preferable and experience migrating products and services to the cloud is desirable.
• Excellent communication skills, confidently present and influence senior management to facilitate effective decision making.
• Excellent networking, relationship management and interpersonal skills and experience of building strong and productive relationships at all levels
• Very good programme management skills, with experience in delivering complex projects successfully, including directing others that may not be your direct reports.
• Experience at implementing and working in DevOps is an advantage.
• In-depth understanding of cloud-native architectures (ideally Azure), microservices, and API’s, is highly desirable.
• Ability to work with minimal supervision, managing work prioritisation with competing priorities and handling conflicts and/or difficult discussion.
• Ability to embrace and adapt changes, working with limited information and ambiguity in an ecosystem that is rapidly evolving.
• Demonstrates a commitment to developing others and a growth mindset, actively pursuing continuous profession and personal development.

We particularly welcome candidates from under-represented groups, including Black, Asian, and other People of Colour, those with visible or non-visible disabilities, LGBTQ+ candidates and those who are neurodivergent.

The PRI is committed to offering flexibility to our employees, both formal (e.g. part-time work) and informal (e.g. a shift in hours to accommodate caring responsibilities). Please talk to us about how we could make this role flexible for you.

N.B. We reserve the right to close a vacancy before the closing date in the event of an overwhelming response or a change in business priorities.