Cyber Assurance Lead

The University of Surrey is a global community of ideas and people, dedicated to life-changing education and research.

We are recruiting a Cyber Assurance Lead to provide a focal point for Information Security Assurance, providing guidance and support to colleagues within IT Services and across the business.

As a senior risk professional, you will be leading on information security assurance, working with other security disciplines, technical teams and architects to overlay good practice and security controls in support of business activities. Using your business acumen, you will apply appropriate risk analysis principles to support the University mission.

What you’ll be doing:

• Working with the Head of Information Security to develop the University’s security and compliance frameworks, maintaining and developing accreditation for IT Services’ service catalogue
• Managing the PCI-DSS certification process, supporting all faculties / departments to ensure that their payment solutions are compliant
• Managing the annual certification activities associated with NHS DSP Toolkit

• Managing the annual certification activities associated with Cyber Essentials+
• As lead for governance within Cyber Security team, operate and continuously improve the cyber risk registers and management information, supporting the successful communication of business risk within the institutional risk framework and University committee structure
• Provide product ownership for OneTrust (GRC platform) and Bitsight (Security Performance Management; Third Party Risk)

What you’ll have:

• Substantial vocational and relevant management experience, and success in similar or related roles, supported by evidence of significant appropriate specialist knowledge
• Experience of administering vendor risk management processes, and prior experience of risk assessment
• Experience of working with external parties in relation to their specific information security assurance requirements, such as NHS England (NHS DSP Toolkit); ONS (ONS Secure Research Service)
• Experience of developing workflows in support of information governance and information security assurance; particularly any service development involving GRC processes and tooling (such as OneTrust)
• Appropriate IT Security/risk certifications (such as one or more of: CISSP, CISA, CISM, CRISC)
• Ability to work flexibly, including working outside of regular office hours upon occasion where incidents arise

What’s in it for you?

We think Surrey is an amazing place to work, and we are carefully crafting a dynamic, flexible, and fun place to work and thrive.

Our campus is a beautiful, leafy environment with carefully designed gardens, vibrant green playing fields, and a picturesque lake. With the buzz of student life and superb working facilities, the University of Surrey is a global community of ideas and people, dedicated to life-changing education and research in an inspiring, innovative and diverse environment.

Alongside our gorgeous campus setting, collegiate on-site atmosphere and plentiful development opportunities, we also offer:

• Competitive Salary
• 20 Days annual leave rising by 1 day per year of service + 7 University Days + Bank Holidays
• Travel & Family benefits including subsidised rail fare, cycle to work scheme and on-site childcare
• Access to on site world-class leisure facilities at discounted rates

For more information or to be considered for the role, please apply via the University of Surrey Website.

The University of Surrey is committed to providing an inclusive environment that offers equal opportunities for all. We place great value on diversity and are seeking to increase the diversity within our community. Therefore, we particularly encourage applications from under-represented groups, such as people from Black, Asian and minority ethnic groups and people with disabilities.

Closing Date: 20 Nov 2024

Area: Operate Surrey

Salary: £45,585 to £66,857