Senior Cyber Risk and Assurance Lead in Glasgow

As part of the newly launched 3-year Cyber Improvement Programme, an exciting opportunity has arisen to join the Cybersecurity Team as a Senior Cyber Risk & Assurance Lead at the University of Strathclyde. This is a new role which is a permanent position offering the chance to play a pivotal role in strengthening the University's cyber resilience by leading the development of risk, governance, and assurance capabilities across a complex and devolved environment.

You will lead the University's approach to cyber risk management and assurance, ensuring risks are clearly understood, appropriately managed, and effectively communicated to senior stakeholders. You will be responsible for embedding a structured and consistent approach to risk and control assurance, aligned to recognised frameworks such as the NCSC Cyber Assessment Framework (CAF), CIS Controls and Cyber Essentials Plus.

Working closely with colleagues across Faculties and Professional Services, you will undertake assurance reviews, support compliance activities, and provide expert guidance on the design and effectiveness of security controls. You will also play a key part in strengthening supplier assurance, supporting audit readiness, and developing clear reporting that enables informed, risk-based decision-making at an institutional level.

This is a broad and varied role that demands both depth in cyber risk and a genuine understanding of the technology underpinning a modern university. You will be well-versed in vulnerability management and comfortable working with CVSS scoring, applying this knowledge to manage the University's outsourced penetration testing programme - from scoping and coordination through to tracking remediation and reporting outcomes.

Beyond testing, you will develop and lead tabletop exercises (TTX) and test scenarios for backup and recovery, using these activities to build cyber awareness, validate resilience assumptions, and hold departments accountable for managing their cyber risk effectively. You will translate findings into practical recommendations and ensure that risk ownership is clearly embedded across the institution.

You will also take a leading role in developing the University's supply chain assurance function, establishing the processes and frameworks needed to give the University full visibility of supplier risk, from onboarding assessments through to ongoing monitoring.

This role is suited to an experienced cybersecurity professional with a background in risk, governance, and assurance. You will be confident engaging with stakeholders at all levels, capable of providing constructive challenge, and able to translate complex technical risks into clear business impact.

You will have a sound understanding of enterprise technologies and IT infrastructure, enabling you to assess how controls operate in practice across areas such as servers, endpoints, identity, and cloud services including Microsoft 365, Defender, and Entra ID. This technical grounding will allow you to provide informed challenge, credible advice, and pragmatic recommendations to IT teams across the University.

We are looking for someone who combines strong analytical capability with excellent communication skills and a collaborative approach. You will be comfortable operating in a federated environment, working with diverse stakeholders to embed a culture of shared responsibility for cyber risk, while maintaining the independence and objectivity that effective assurance demands.

This is an excellent opportunity to contribute to a high-profile programme of work that is critical to protecting the University's systems, data, and research. You will help shape the University's cyber maturity journey and drive sustainable, long-term improvements in security posture.

If you are looking for a role where your expertise will make a tangible difference - protecting the people, systems, and world-class research that underpin one of Scotland's leading universities - we would be delighted to hear from you.

In return, you will receive 'on-the-job' training, a generous holiday package and be eligible to subscribe to a variety of schemes associated with being an employee of the University including: generous employer contributions to your pension; a world-class Sport Centre; family friendly policies; and various additional incentives including a Cycle Scheme. The University also has on-site childcare and parking for which you can apply.

All successful candidates must be willing to be located in the UK.

Please note the vacancy for this role does not meet the requirements for sponsorship under the Skilled Worker visa route. Candidates are welcome to apply if they have an alternative right to work for this role.