Head of Information Security & IT

What you'll be doing

• Define and lead the organisation’s Information Security strategy, ensuring alignment with business objectives and regulatory requirements.
• Own and maintain the security governance framework, including policies, standards, and controls.
• Ensure ongoing compliance with relevant security and regulatory frameworks such as ISO27001, SOC2, PCI-DSS, and other applicable standards.
• Lead security risk management activities including risk assessments, threat modelling, and mitigation planning.
• Establish strong security assurance processes, ensuring the organisation can clearly demonstrate security capability and compliance through structured reporting, evidence gathering, and audit readiness.
• Provide clear and transparent security reporting to executive leadership, ensuring confidence in the organisation’s security posture and the effectiveness of controls.
• Oversee operational security capabilities including vulnerability management, incident response, threat detection, and security monitoring.
• Work closely with engineering and platform teams to embed secure architecture principles and security-by-design practices into the software and platform lifecycle.
• Lead the delivery of secure and reliable corporate IT services supporting the day-to-day operations of the organisation.
• Operate and maintain identity and access management services, including robust Joiner–Mover–Leaver (JML) processes, user provisioning, role changes, and timely removal of access through platforms such as Microsoft Entra.
• Manage a mixed endpoint estate across Windows and macOS, ensuring devices are securely configured, hardened, compliant with corporate standards, and effectively managed through Microsoft Intune and Jamf.
• Build and lead a high-performing Information Security and IT function, ensuring the team operates with clear priorities, defined objectives, and measurable outcomes aligned with the wider technology strategy.
• Act as a trusted advisor to the CTO and senior leadership team on security strategy, risk posture, and internal technology capability, while supporting customer, partner, and regulatory engagements related to security assurance, audits, and compliance activities.
• Drive continuous improvement in the organisation’s security maturity and resilience.

What we are looking for

• Significant experience in Information Security and IT leadership roles, ideally within high-scale technology platforms or regulated environments.
• Strong technical background with the ability to remain hands-on, guiding teams on security architecture, operational controls, and incident response.
• Proven experience leading both Information Security and Corporate IT functions, including endpoint management, identity services, and internal technology platforms.
• Strong expertise across the Microsoft security ecosystem, including Microsoft Defender, Microsoft Sentinel, Microsoft Entra, Conditional Access, endpoint security, device compliance, and identity protection.
• Strong working knowledge of Microsoft E5 security capabilities, including identity protection, endpoint security, collaboration security, and data protection.
• Experience managing modern enterprise endpoint environments, including mixed Windows and macOS estates, using platforms such as Microsoft Intune and Jamf.
• Strong experience running day-to-day IT operations, including service desk, incident and request management, problem management, and continuous service improvement.
• Experience designing and implementing Zero Trust security models, incorporating identity, device trust, and conditional access controls.
• Strong understanding of modern security practices, including identity and access management, cloud and platform security, security monitoring and incident response, vulnerability and patch management, endpoint protection, and privileged access management.
• Experience operating within recognised security and compliance frameworks such as ISO27001, SOC2, PCI-DSS, or similar regulated environments.
• Strong leadership capability, with experience managing technical teams and improving operational maturity across security and IT functions.
• Excellent communication and stakeholder management skills, with the ability to clearly articulate security posture, risk, and assurance to senior leadership and external stakeholders.

What we can offer you

• A friendly, flexible and trust-based approach to working
• 25 days annual leave, plus 8 bank holidays and usually a generous Christmas break
• Fully matched private pension scheme (up to 8%)
• Bupa private healthcare from day one, including cash plan benefits, dental and optical cover (covers all pre-existing conditions)
• Life assurance cover of 4x your annual salary
• Employee Assistance Programme (via Bupa), providing confidential support and practical advice whenever you might need it
• Access to Calm – the #1 app for meditation and sleep
• Innovation and learning – space to develop skills, try new ideas and experiment, with an annual hackathon where some ideas make it into real work.
• A work-owned mobile phone or tablet of your choice, with the monthly contract covered by us
• A great office setup – free snacks and drinks every day, plus regular food vans from some of the best places in Newcastle
• Bede Bucks – exclusive colleague discounts and access to a wellbeing platform
• Lots of social events – both in and outside of working hours
• Referral programme – help us grow the team and receive a referral bonus of up to £3,000 (pre-tax, subject to scheme terms)
• Bede swag – including hoodies, t-shirts and our much-loved Bede socks
• Bede Holidays – extra discretionary days off through the year as a thank-you for the great work our teams do