Security Assurance Officer in Sheffield

The University of Sheffield is a remarkable place to work. Our people are at the heart of everything we do. Their diverse backgrounds, abilities and beliefs make Sheffield a world-class university. We offer a range of benefits including annual leave, a generous pensions scheme, flexible working opportunities, and development and wellbeing support.

Main duties and responsibilities

• Support the Information Security Team: Assist in protecting University information assets by reporting security risk and compliance metrics and delivering improvements.
• Project Leadership: Lead information security projects to deliver technical and cultural changes to University assets and processes.
• Risk Assessment: Perform high- and low-level information security risk assessments.
• Policy & Procedure Development: Develop and implement new information security processes, procedures, and practices, and advise on or implement technologies to control risks.
• Control Monitoring: Track and improve information security controls across faculties, departments, and research groups.
• Lead Compliance Activities: Manage and lead assurance activities for standards such as Cyber Essentials +, PCI-DSS, NHS DSPT, ONS SRS AOC and GDPR.
• Risk Guidance: Provide support to manage risks, feeding into department and corporate risk registers and recommending suitable controls.
• Expert Advice: Respond to enquiries and provide expert support and guidance to all members of the University.
• Decision Making: Make recommendations on information security issues and potential developments to ensure the University's infrastructure and policies support security goals.
• Awareness & Training: Promote information security awareness and skills, providing tailored training solutions where necessary.
• Cross-Departmental Collaboration: Work with colleagues in IT security, data protection, and research data management to ensure consistency in information support and governance.
• Stay Current: Keep up to date with published standards, legislation, and guidelines relevant to information security.
• General Duties: Perform any other duties commensurate with the grade of the post.

Person Specification

Our diverse community recognises unique abilities, backgrounds and beliefs. We encourage applications even if past experience does not perfectly match all criteria. Please reference the application criteria in the application statement.

• Essential: Previous relevant experience in information security.
• Essential: A solid understanding of information security principles, techniques and compliance standards.
• Essential: Ability to work at speed, to a high standard and to deliver to agreed timescales.
• Essential: Ability to work at scale in a diverse technology environment and manage multiple supplier relationships.
• Essential: Professional, self-confident, innovative, organized with a commitment to professional development.
• Essential: Excellent communication skills, both written and verbal.
• Desirable: Experience with standards such as ISO/IEC 27001, PCI-DSS, GDPR/DPA 2018.
• Desirable: Experience collaborating with others to deliver information security value.
• Desirable: Experience delivering specialist training to others.
• Desirable: Relevant information security qualifications (e.g., CISSP, CompTIA Sec+, ISO 27001 Lead Implementer, PCI-DSS ISA).
• Desirable: Good understanding of information management principles and related IT systems.

Further Information

• Grade: 7
• Line manager: Security Assurance Manager
• Direct reports: None
• Disability and recruitment: We are a Disability Confident Employer. If you have a disability and meet the essential criteria, you will be invited to participate in the next stage.
• Criminal record: BPSS clearance will be needed for this role. Possession of a criminal record is not an automatic bar to employment; each case is considered on its own merits.