Security Assurance Officer in Sheffield

IT Services at the University of Sheffield provide a full range of complex IT and technology‑enabled services that support education, research, workplace, corporate services and infrastructure enablers to all staff and students. The Information Security team in IT Services is seeking a Security Assurance Officer in the Security Operations team to contribute to its ongoing mission to keep the University safe and secure. The role involves working with the Security Assurance Manager to provide assurance to the University and its partners that information can be protected.

Core Responsibilities

• Support the Information Security Team: Assist in protecting University information assets by continually reporting on security risk and compliance metrics and delivering improvements.
• Project Leadership: Lead information security projects designed to deliver technical and cultural changes to University assets and processes.
• Risk Assessment: Perform high‑ and low‑level information security risk assessments.
• Policy & Procedure Development: Develop and implement new information security processes, procedures, and practices, and advise on or implement technologies to control risks.
• Control Monitoring: Track, monitor, and deliver improvements to information security controls across various faculties, departments, and research groups.
• Lead Compliance Activities: Manage and lead assurance activities for standards such as Cyber Essentials+, PCI‑DSS, NHS DSPT, ONS SRS AOC and GDPR.
• Risk Guidance: Provide support to manage risks, feeding into departmental and corporate risk registers and recommending suitable controls.
• Expert Advice: Respond to enquiries and provide expert support and guidance to all members of the University.
• Decision Making: Make recommendations on information security issues and potential developments to ensure the University's infrastructure and policies support security goals.
• Awareness & Training: Promote information security awareness and skills, providing tailored training solutions where necessary.
• Cross‑Departmental Collaboration: Work with colleagues in IT security, data protection, and research data management to ensure consistency in information support and governance.
• Stay Current: Keep up to date with published standards, legislation, and guidelines relevant to information security.
• General Duties: Perform any other duties commensurate with the grade of the post.

Essential Criteria

• Previous relevant experience in information security.
• A solid understanding of information security principles, techniques and compliance standards.
• Ability to work at speed, to a high standard and to deliver to agreed timescales.
• Ability to work at scale, in a diverse technology environment and while managing multiple supplier relationships at once.
• Professional approach to work; being self‑confident, innovative, organised and having a commitment to ongoing professional development.
• Excellent communication skills, both written and verbal.

Desirable Criteria

• Experience in working to, and evidencing compliance of relevant standards and frameworks such as ISO/IEC 27001, PCI‑DSS, GDPR/DPA 2018.
• Experience collaborating with others, at all levels, to deliver information security value.
• Experience of and ability to deliver specialist training to others, at all levels.
• Relevant information security qualifications (e.g., CISSP, CompTIA Sec+, ISO 27001 Lead Implementer, PCI‑DSS ISA).
• A good understanding of information management principles and related information systems in an IT context.

Disability Confident Employer

The University of Sheffield is a Disability Confident Employer. If you have a disability and meet the essential criteria for this role you will be invited to take part in the next stage of the selection process.

Security Clearance

BPSS clearance will be required for this role. Possession of a criminal record is not an automatic bar to employment; each case is examined in its own right.