Security Governance Risk and Compliance Officer

The SGRC Officer is part of the team which has responsibility for the delivery of the governance, risk management and compliance elements of the information security strategy through helping to create information security policies, managing information security risk, providing training and reviewing information security arrangements.

The SGRC Officer will work closely with the rest of the Information Security team to implement, maintain and assure the information security policy framework ensuring it is aligned to University objectives, legislative requirements and industry good practice.

The SGRC Officer will provide support, training and advice to the collegiate University and proactively work with units to implement information security practices.

The ideal candidate will have experience of managing information security activities or managing risk within a University environment, a good knowledge of information security management and the ability to articulate meaningful information security policies.

Essential selection criteria

  • Proven track record of supporting the development of information security policies, procedures and guidance which are easily understood and implemented
  • Knowledge of industry-standard information security management systems, frameworks, controls and standards such as ISO 27001/27002, PCI-DSS, Cyber Essentials and NHS Information Governance Toolkit
  • Demonstrable experience in assessing and managing information security risk in a complex environment
  • Demonstrable experience in delivering information security training and awareness activities to a diverse range of stakeholders
  • Thorough understanding of the principles of end-to-end information security
  • Proven track record of providing pragmatic, practical and actionable advice and support to stakeholders from a range of backgrounds to achieve their operational and/or strategic objectives
  • Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • High level of personal integrity, as well as the ability to handle confidential matters and show an appropriate level of judgment and maturity
  • Excellent written and oral communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences
  • An awareness of relevant legislation such as the Freedom of Information Act and Data Protection Act
  • Proven ability to work effectively as part of a diverse team and a commitment to core team values such as taking responsibility for pace and quality of work, prioritising high-value work, developing personal networks and relationships and seeking, offering and responding to constructive feedback
  • Graduate calibre with appropriate qualifications, such as CISA, CISM, CISSP