Overview

Principal Research Infrastructure Engineer (Security & Compliance) – IT Services – 106467 – Grade 9

Location: University of Birmingham, Edgbaston, Birmingham UK
Full time starting salary normally in the range £58,225 to £67,468 with potential progression to £87,974
Grade: 9
Full Time, Permanent
Closing date: 28 October 2025
UK travel may be required for this role

Role Summary

ARC’s Principal Research Infrastructure Engineer (PRIE S&C) plays a key role in shaping, advising and supporting ARC’s delivery of specialist infrastructure and services that enable the University’s researchers to carry out world class research. They will employ a risk-based approach to security appropriate to the breadth of computational research. The PRIE (S&C) will build relationships with researchers and external partners to understand requirements, advise at a strategic level, and develop ARC security policies, standards, and procedures to satisfy institutional and funder needs. The role is based on the University campus with an expectation of substantial time on campus each week.

Main Duties

• Strategic Planning and Governance: support the ARC leadership team to build and maintain the University's information security strategy, policies, and procedures to enable and protect research activity and external partnerships using ARC compute services.
• Risk Management: identify, assess, and manage security risks related to ARC services, design and implement mitigation measures, and escalate high priority threats or incidents as needed.
• Monitoring: identify emerging security risks and advise on long-term operational direction to prepare for future threats.
• Architecture: contribute to secure system designs, engage with peers internationally and with security advisory groups to assess new solutions.
• Incident Response: coordinate and support ARC’s incident response efforts to minimise impact.
• Training and Awareness: develop and deliver security training for University researchers where appropriate.
• Collaboration: work with academic and professional services to facilitate risk assessment, including during funding bids; advise senior colleagues on security risks at cross-area interfaces.
• Standards and Compliance: lead processes to achieve and maintain standards (including ISO 27001) and demonstrate suitability of ARC services to researchers and funders; meet tight deadlines and evolving requirements.
• Vendor Management: evaluate and manage security aspects of third-party vendors and providers.
• Communication: represent the University externally as an authoritative voice on cyber security and governance for centralised, high performance research computing.
• Equality, Diversity and Inclusion: monitor and actively challenge unacceptable behaviour; support sustainability and inclusive practices.
• Other duties as commensurate with the grade.

Required Knowledge, Skills, Qualifications, Experience

• Educated to degree level (or equivalent) in a subject with a strong Computer Science/technological base; higher degree where appropriate.
• Authoritative technical expertise in a relevant field; substantial experience in a complex computing environment with security responsibilities, ideally including academic research or HPC.
• Formal training or extensive experience in information security standards and best practice; experience with ISO 27001/2, NIST CSF, Cyber Essentials or similar.
• Proven experience in handling information security incidents and influencing policy in a large institution.
• Experience training or influencing colleagues to develop a security-aware culture.
• Broad knowledge of information security technologies (encryption, vulnerability testing, compliance checks, antivirus, firewall, IDS/IPS) and risk management systems.
• Ability to establish, track, and weigh information security risk, preferably in an academic research environment.
• Ability to build relationships with stakeholders at all levels; articulate a clear information security strategy that distinguishes enterprise IT from research computing.
• Excellent presentation and communication skills.
• Knowledge of national/international security standards and legislation relevant to academia and research (e.g., FoI, GDPR, DPA, RIPA, Human Rights Act, e-privacy regulations).
• Strategic thinking and planning skills; NHS information security policy experience would be an advantage; experience with security agencies (NCA, NCSC, MI5, GCHQ) would be an advantage.
• Active professional involvement in the research computing or cyber security sector; ongoing professional development.
• Ability to work with minimal supervision and apply expert understanding to University needs.
• Commitment to Equality, Diversity and Inclusion and ability to monitor and evaluate its application.
• DBS clearance and BPSS checks will be required prior to appointment.

DBS and BPSS

The University is committed to safeguarding and safe recruitment practice. All pre-employment checks, including DBS clearance, will be completed before appointment. BPSS checks will also apply.

Enquiries

Further particulars can be found here. Informal enquiries to Jon Wakelin at j.wakelin@bham.ac.uk.

Organisation and Values

We emphasise equality, diversity and inclusion and sustainability. Details on staff values and behaviours can be found on our website.