Head of IT and Security, Technology and Infrastructure

Head of IT and Security, Technology and Infrastructure

13 December 2024

• LOCATION: Hybrid · London, UK
  Please note, where PRI has an office there is an expectation to work a minimum of 2 days per week

About the PRI

The PRI is the world’s leading proponent of responsible investment. It works to understand the investment implications of environmental, social and governance (ESG) factors and to support its international network of investor signatories in incorporating these factors into their investment and ownership decisions.

The PRI’s three distinct capabilities relate to the core elements of the PRI’s approach to achieving a sustainable financial system.

• Translate RI (Responsible Investment) thought leadership into insights and practical support that is tailored to what signatories need to progress their RI practice
• Convene our vast network to create opportunities for collaborative action
• Harness our global scale to influence policymakers and regulators to effect system change

Job Description

The Head of IT and Security will be responsible for providing leadership of the IT infrastructure strategy and maturity to the IT operations, bringing your technical experience and expertise to help us build and deliver new capabilities within the infrastructure and security domain. You will be hands on as well as capable of managing technology projects and change management to improve the business process and IT systems.

You will be working closely with the wider technology team, stakeholders across all business areas and our suppliers to ensure successful delivery for our internal users and external customers (our members, PRI signatories, and our Academy customers).

The Head will report into and work closely with the Director of Technology and Infrastructure to embed the leadership in business partnering, people development, continuous improvement culture, and ideally with experience working for global organisation.

Core Responsibilities

Team management:

• Manage a team of IT support and security team to provide high quality support to the business users and signatories
• Manage staff development and performance to achieve balanced business knowledge through business partnering and participation of knowledge sharing sessions.
• Champion continuous process improvement culture, embedding best practices and ways of working across the organisation.
• Drive efficiency through the automation of common/frequent internal processes.
• Ensure all work is completed within budget and aligned with business planning, while managing costs efficiently to maximize savings.
• Contribute to the ongoing evolution of the technology operating model and its delivery, including team’s business plan and budget.
• Support the Director of Technology and Infrastructure in set the vision, purpose and culture of the Technology team.
• Provide regular reporting to the Director of Technology and Infrastructure and Chief of Operations Officer as required.

IT infrastructure & operations:

• Oversee IT Helpdesk and ensure SLAs are in place and tickets managed efficiently.
• Manage the team to provide effective technical support to the wider business, business with signatories’ issues and problem management as required
• Manage end-user hardware provisioning, updates, security, connectivity and configuration, and ensuring systems administration and maintenance are delivered to expectations (e.g. patching of servers, backup.)
• Provide 1 st and 2 nd line business applications support as required, e.g. Salesforce, Sage, Data Portal, Reporting Assessment, Collaboration Platform, Academy Learning System
• Manage resolution of technical problems escalated by the service desk as they arise with the extended technology team or via 3rd party support contracts.
• Management of 3rd party infrastructure partners ensuring services meet PRI needs in a cost effective manner.
• Manage the team to provide extended out of office hours support for critical or exceptional situation.
• Lead on responding to major technical incidents e.g. system outage, service disruption, cybersecurity, data breach, etc.
• In collaboration with the IT Leadership team, develop a Major Incident Management process, communications and mitigation plans.
• Act as the main IT lead for BCP and DRP, supporting the team and work closely with the Business Continuity Incident Team until services are back into full operational mode.

Projects:

• Provide technical expertise to the IT team and to business projects to ensure solutions are aligned to our technology roadmap and are secure, supportable and scalable.
• Manage infrastructure projects and enhancements (e.g. server upgrades, network enhancements, migration to Azure.)
• Manage other internal IT projects as needed (e.g. technology modernisation, security, operational resilience, ISO/IEC 27001 programme of work).
• Develop the IT service model, catalogue and the end-to-end ticketing process that enables effective triage resolution e.g. Reporting team, Signatory Experience team
• Develop the roadmap for end user computing and new ways of working (e.g. productivity enhancements, cooperative collaboration, enhanced ways to communicate)
• Develop the Infrastructure architecture roadmap that aligns with the Technology and Digital transformation programme with a focus on resilience, scalability and new ways of working.

Security and compliance:

• Support the roadmap for Cybersecurity to update our systems and services to be best in class for passive and active protection, including firewalls, antivirus, threat monitoring, spam/phishing
• Develop and implement Information Technology and Security policies, procedures, and protocols to ensure company’s IP are secured, and kept up-to-date
• Identify risks to systems and the IT infrastructure, creating mitigations and ensuring these are communicated and understood.
• Manage the development and implementation of the security strategies to achieve the targeted technology resilient and compliancy
• Ensure regular penetration testing occurs to maintain the security of our data and in support of obtaining and maintaining standards such as ISO/IEC 27001.
• Ensure that all business and signatory-facing applications, as well as the overall IT environment, adhere to regulatory requirements, industry standards, and best practices related to data security and privacy.

Person Specification

Criteria

• Leadership Skills (including role-modelling positive behaviours, being genuine and vulnerable, driving change and making things happen) and the ability to think strategically and systemically and act for the long-term benefit of the organisation.
• Well-developed people management skills (including providing feedback & challenge, coaching, and developing individuals) and the experience to build and lead high performing hybrid teams.
• Strong working experience in IT Operations, infrastructure and security domain such as:
  • Office365, Exchange Online, Intune, Azure Cloud, Azure AD, Windows Server, SQL
  • Technical and security policies, configurations, access management
  • Network security, networking, firewalls, DHCP, VLAN, VPN, Cisco Meraki, Wi-Fi
  • PaaS / IaaS / SaaS / cloud
  • Atlassian Jira, Asana (desirable)
• Strong working experience in IT and business projects delivery
• Demonstrable working experience in Crisis Management related to information and cyber-attack, phishing, data breach incidents, including participation in BCP and/or DRP exercise.
• Experience in developing IT policies and controls, IT and Data Governance, GDPR, SCO2 (desirable)
• Experience in managing cybersecurity and operational resilience domain, ability to develop risk mitigation plan and onboarding new technologies, services and applications
• Experience in security applications and tools (SIEM products), sound knowledge of security frameworks e.g. NIST, CIS controls, ISO/IEC 27001, Cyber Assessment Framework (desirable)
• Experience with managing suppliers and 3 rd party providers to ensure contractual commitments are met, including negotiating the scope of work, development, enhancement, upgrades.
• Experience in managing application solutions hosted both on traditional infrastructure and in the cloud is preferable and experience migrating products and services to the cloud is desirable.
• Excellent communication skills, confidently present and influence senior management to facilitate effective decision making.
• Excellent networking, relationship management and interpersonal skills and experience of building strong and productive relationships at all levels
• Very good programme management skills, with experience in delivering complex projects successfully, including directing others that may not be your direct reports.
• Experience at implementing and working in DevOps is an advantage.
• In-depth understanding of cloud-native architectures (ideally Azure), microservices, and API’s, is highly desirable.
• Ability to work with minimal supervision, managing work prioritisation with competing priorities and handling conflicts and/or difficult discussion.
• Ability to embrace and adapt changes, working with limited information and ambiguity in an ecosystem that is rapidly evolving.
• Demonstrates a commitment to developing others and a growth mindset, actively pursuing continuous profession and personal development.
• A collaborative and consultative approach to working with others, the ability to foster an inclusive working environment.

We particularly welcome candidates from under-represented groups, including Black, Asian, and other People of Colour, those with visible or non-visible disabilities, LGBTQ+ candidates and those who are neurodivergent.

The PRI is committed to offering flexibility to our employees, both formal (e.g. part-time work) and informal (e.g. a shift in hours to accommodate caring responsibilities). Please talk to us about how we could make this role flexible for you.

N.B. We reserve the right to close a vacancy in the event of an overwhelming response or a change in business priorities.

Please note this vacancy is being managed exclusively by Megan Dack at Goodman Masson. Please contact her directly for more details on the role:megan.dack@goodmanmasson.com

• PRI Association, 25 Camperdown Street, London, E1 8DZ, UK
• PRI DISCLAIMER
  The information contained on this website is meant for the purposes of information only and is not intended to be investment, legal, tax or other advice, nor is it intended to be relied upon in making an investment or other decision. All content is provided with the understanding that the authors and publishers are not providing advice on legal, economic, investment or other professional issues and services. PRI Association is not responsible for the content of websites and information resources that may be referenced. The access provided to these sites or the provision of such information resources does not constitute an endorsement by PRI Association of the information contained therein. PRI Association is not responsible for any errors or omissions, for any decision made or action taken based on information on this website or for any loss or damage arising from or caused by such decision or action. All information is provided “as-is” with no guarantee of completeness, accuracy or timeliness, or of the results obtained from the use of this information, and without warranty of any kind, expressed or implied.
  
  Content authored by PRI Association
  For content authored by PRI Association, except where expressly stated otherwise, the opinions, recommendations, findings, interpretations and conclusions expressed are those of PRI Association alone, and do not necessarily represent the views of any contributors or any signatories to the Principles for Responsible Investment (individually or as a whole). It should not be inferred that any other organisation referenced endorses or agrees with any conclusions set out. The inclusion of company examples does not in any way constitute an endorsement of these organisations by PRI Association or the signatories to the Principles for Responsible Investment. While we have endeavoured to ensure that information has been obtained from reliable and up-to-date sources, the changing nature of statistics, laws, rules and regulations may result in delays, omissions or inaccuracies in information.
  
  Content authored by third parties
  The accuracy of any content provided by an external contributor remains the responsibility of such external contributor. The views expressed in any content provided by external contributors are those of the external contributor(s) alone, and are neither endorsed by, nor necessarily correspond with, the views of PRI Association or any signatories to the Principles for Responsible Investment other than the external contributor(s) named as authors.