Tyrogen

Careers

Explore Tyrogen role descriptions rendered directly from our public markdown source documents.

Current roles
12
Explore the opportunities currently described on our careers page.
Explore
Leadership, governance and specialist roles
Select any role to view the full description, responsibilities and requirements.
Roles
Appeals Panel Member View role details Compliance Lead View role details DPO Function / Data Protection Lead View role details External Accountant / Accounting Support View role details Finance Lead View role details Governing Body / Board of Directors View role details Head of Assessment & Standards (HoA&S) View role details Independent Technical Reviewer View role details Malpractice & Maladministration Panel Member View role details Operations Lead View role details Responsible Officer (RO) View role details Security / Technology Lead View role details
Scroll for more

Security / Technology Lead

Role details
Back to all roles

Security / Technology Lead

Company: Tyrogen Limited (16884876)
Function: Information security, technology control, resilience, and incident coordination
Reports to: Responsible Officer
Accountable to: Responsible Officer and the relevant risk, compliance, and governance oversight route
Role type: Security / technology / control role
Engagement model: Retained internal role with contracted specialist support
Remuneration basis: Monthly retainer, with separate day-rate or incident/project support where required, as set out centrally in Role Profiles section 4.4
Review cycle: At least annual, and on any material technology, security, delivery-model, or scope change

Role purpose

The Security / Technology Lead owns the information-security, resilience, access-control, and technology-control arrangements that support Tyrogen's regulated awarding activity. The role ensures that systems, user access, incident handling, continuity measures, and supporting assurance arrangements are controlled, proportionate, and auditable.

Role scope

The Security / Technology Lead has responsibility across Tyrogen's regulated technology and security environment. The role covers:

  • access control and user-permission management,
  • information-security controls and assurance,
  • logging, monitoring, and incident coordination,
  • resilience, backup, recovery, and continuity support,
  • supplier and platform-security oversight where relevant,
  • and support for evidence retrieval and technical assurance.

Key responsibilities

The Security / Technology Lead will:

  • maintain security and technology controls supporting regulated operations,
  • oversee user access, permissions, and privileged-access discipline,
  • support the secure handling of learner, assessment, and operational information,
  • coordinate the response to security, resilience, and technology incidents,
  • ensure incidents are contained, recorded, escalated, and followed up appropriately,
  • support continuity, recovery, and restoration readiness,
  • oversee or coordinate backup, recovery, and resilience measures,
  • monitor or support assurance over logging, access activity, and technical controls,
  • work with suppliers or service providers to maintain proportionate security expectations,
  • support technical evidence retrieval and production where investigations, audits, or incidents require it,
  • identify technology or security weaknesses, risks, or control gaps and escalate them appropriately,
  • and contribute to a secure, stable, and defensible operational environment.

Decision-making and authority

The Security / Technology Lead has authority to:

  • require secure access-control practices and corrective action where weaknesses are identified,
  • coordinate containment, escalation, and remediation actions during technology or security incidents,
  • recommend or implement proportionate technical control improvements within approved authority,
  • require visibility of supplier or platform-security issues relevant to Tyrogen's operations,
  • require preservation and retrieval of technical evidence where incidents, audits, investigations, or regulator requests depend on it,
  • and escalate material control failures, vulnerabilities, or resilience concerns through the appropriate governance route.

The role does not replace governance, privacy, or independent adjudication routes and must not allow technology convenience or commercial pressure to weaken the security or integrity of regulated operations.

Regulatory and control context

The Security / Technology Lead operates within Tyrogen's regulated control framework as the role responsible for protecting the confidentiality, integrity, and availability of systems, records, learner data, and confidential assessment materials. In particular, the role supports:

  • the adequate-resources, security, and resilience expectations that sit behind Ofqual Criteria C.1 and the wider control environment,
  • the security, incident, and confidentiality expectations reflected in Information Security Policy, Incident Response Playbook, and the Ofqual Handbook expectations linked to A5, A6, A7, B3, B4, and G4,
  • preservation of evidence, logging, and secure retrieval where Tyrogen must investigate incidents, support governance review, or respond to Ofqual audit or information requests,
  • supplier and platform assurance where third-party services underpin regulated operations or sensitive information handling,
  • and prompt escalation where a security, resilience, confidentiality, or evidence-availability issue may create learner, regulatory, or public-confidence risk.

Where a technology or security issue may affect assessment confidentiality, results integrity, personal data, operational continuity, or Ofqual-facing evidence readiness, the role must escalate through the incident, privacy, governance, or regulator-liaison route rather than treating the matter as a purely technical defect.

Working relationships

The Security / Technology Lead works closely with:

  • the Responsible Officer,
  • the Compliance Lead,
  • the Operations Lead,
  • the DPO / Data Protection Lead,
  • the Finance Lead where supplier or risk implications arise,
  • the Head of Assessment & Standards where technical delivery controls affect standards integrity,
  • external suppliers, developers, hosts, or security specialists,
  • and any incident, audit, or assurance participants requiring technical coordination.

Person specification

The role-holder is expected to demonstrate:

Essential

  • understanding of access control, logging, incident handling, resilience, backup, and recovery,
  • ability to manage security and technology controls proportionate to organisational scale,
  • ability to identify, triage, and escalate material technology or security risk,
  • sound judgement in balancing usability, continuity, and security,
  • clear communication during incidents or control issues,
  • ability to maintain accurate technical and incident records,
  • awareness of the importance of protecting confidential learner, assessment, and governance information,
  • and ability to work effectively with internal and external technology stakeholders.

Desirable

  • experience in information security, systems administration, platform operations, or resilience management,
  • experience with incident response, supplier assurance, or recovery planning,
  • and familiarity with controlled or regulated service environments.

Independence and conflicts requirements

  • The role-holder must declare actual, potential, and perceived conflicts of interest.
  • Supplier, platform, or commercial conflicts relevant to security decisions, assurance work, or technical recommendations must be identified and managed.
  • Security or technology decisions must not be distorted by convenience, delivery pressure, or undisclosed supplier interests.
  • Any remuneration or commercial arrangement that could distort objective security judgement must be declared and managed.

Measures of success / KPIs

The effectiveness of the Security / Technology Lead may be evidenced through:

  • access-control records maintained accurately and reviewed appropriately,
  • technology and security incidents identified, contained, escalated, and followed up in a timely way,
  • backup, recovery, and resilience arrangements remaining demonstrably available and usable,
  • reduction in avoidable access, configuration, or control weaknesses,
  • timely escalation of material vulnerabilities or service risks,
  • clear incident documentation and follow-up actions,
  • supplier or platform-security issues being tracked and addressed appropriately,
  • and evidence retrieval being supported effectively when required for audit, investigation, or assurance.

Outputs and records

The role is expected to contribute to or oversee:

  • access-control and permission records,
  • security and incident logs,
  • resilience and recovery records,
  • technical control and assurance records,
  • supplier-security follow-up records,
  • incident escalation and corrective-action records,
  • and technical evidence retrieval or audit support records.

Appointment, induction, and review

Appointment to the role should be supported by:

  • role definition and authority clarity,
  • access to relevant systems, policies, and incident procedures,
  • conflicts declarations,
  • induction to Tyrogen's security, continuity, escalation, and evidence expectations,
  • and periodic review of capability, capacity, and specialist support sufficiency.

Linked documents

  • Role Profiles
  • Information Security Policy
  • Incident Response Playbook
  • Ofqual Audit Access and Evidence Production
  • Ofqual Regulator Liaison
  • Governance Change and Incident Management
  • Delegation of Authority
  • Organisation Structure
  • Resourcing Plan for Regulated Awarding
Ready to continue with this role?