Cyber Risk & Assurance Manager

The University of Surrey is a global community of ideas and people, dedicated to life-changing education and research. 

We are recruiting a Cyber Risk & Assurance Manager to provide a focal point for Information Security Assurance, providing guidance and support to colleagues within IT Services and across the business. 

As a senior risk professional, you will be leading on information security assurance, working with other security disciplines, technical teams and architects to overlay good practice and security controls in support of business activities. Using your business acumen, you will apply appropriate risk analysis principles to support the University mission.

What you’ll be doing: 

• Working with the Cyber Security leadership team to develop the University’s security and compliance frameworks, maintaining and developing accreditation for IT Services’ service catalogue
• Managing the PCI-DSS certification process, supporting all faculties / departments to ensure that their payment solutions are compliant
• Managing the annual certification activities associated with NHS DSP Toolkit
• Managing the annual certification activities associated with Cyber Essentials+
• Operating and continuously improving the cyber risk registers and management information, supporting the successful communication of business risk within the institutional risk framework and University committee structure
• Provide product ownership for GRC tooling

What you’ll have: 

• Substantial vocational and relevant management experience, and success in similar or related roles, supported by evidence of significant appropriate specialist knowledge
• Experience of administering vendor risk management processes, and prior experience of risk assessment
• Experience of working with external parties in relation to their specific information security assurance requirements, such as NHS England (NHS DSP Toolkit); ONS (ONS Secure Research Service)
• Experience of developing workflows in support of information governance and information security assurance; particularly any service development involving GRC processes and tooling (such as OneTrust)
• Appropriate IT Security/risk certifications (such as one or more of: CISSP, CISA, CISM, CRISC)
• Ability to work flexibly, including working outside of regular office hours upon occasion where incidents arise

What we can offer

In addition to a competitive salary you will receive 25 days annual leave, with 8 additional days for Bank Holidays and 7 for University closure days. We offer a generous pension, flexible working options, access to world-class leisure facilities, a range of travel schemes, and supportive family friendly benefits including an excellent on-site nursery.

How to apply

To apply, please upload your CV and a cover letter to the university website.

Informal enquiries should be directed to David Iveson via d.iveson@surrey.ac.uk

Interviews will be held 26th May.

Please note, we are not looking for any external agency support on this role at this time.

The University of Surrey is committed to providing an inclusive environment that offers equal opportunities for all. We value everyone in our community and are seeking to increase the diversity. Therefore, we particularly encourage applications from under-represented groups, such as people from Black, Asian and minority ethnic groups and people with disabilities. 

Advert information