At a Glance
- Tasks: Lead cyber risk management and assurance to strengthen the University's cyber resilience.
- Company: Join the University of Strathclyde's innovative Cybersecurity Team.
- Benefits: Generous holiday package, pension contributions, on-the-job training, and access to a world-class Sport Centre.
- Other info: Opportunity for career growth in a dynamic and collaborative environment.
- Why this job: Make a tangible difference in protecting systems and data at a leading Scottish university.
- Qualifications: Experienced in cybersecurity with strong analytical and communication skills.
The predicted salary is between 55000 - 65000 € per year.
As part of the newly launched 3-year Cyber Improvement Programme, an exciting opportunity has arisen to join the Cybersecurity Team as a Senior Cyber Risk & Assurance Lead at the University of Strathclyde. The following information provides an overview of the skills, qualities, and qualifications needed for this role.
This is a new role which is a permanent position offering the chance to play a pivotal role in strengthening the University's cyber resilience by leading the development of risk, governance, and assurance capabilities across a complex and devolved environment.
The Role
You will lead the University's approach to cyber risk management and assurance, ensuring risks are clearly understood, appropriately managed, and effectively communicated to senior stakeholders. You will be responsible for embedding a structured and consistent approach to risk and control assurance, aligned to recognised frameworks such as the NCSC Cyber Assessment Framework (CAF), CIS Controls and Cyber Essentials Plus.
Working closely with colleagues across Faculties and Professional Services, you will undertake assurance reviews, support compliance activities, and provide expert guidance on the design and effectiveness of security controls. You will also play a key part in strengthening supplier assurance, supporting audit readiness, and developing clear reporting that enables informed, risk-based decision-making at an institutional level.
This is a broad and varied role that demands both depth in cyber risk and a genuine understanding of the technology underpinning a modern university. You will be well-versed in vulnerability management and comfortable working with CVSS scoring, applying this knowledge to manage the University's outsourced penetration testing programme - from scoping and coordination through to tracking remediation and reporting outcomes.
Beyond testing, you will develop and lead tabletop exercises (TTX) and test scenarios for backup and recovery, using these activities to build cyber awareness, validate resilience assumptions, and hold departments accountable for managing their cyber risk effectively. You will translate findings into practical recommendations and ensure that risk ownership is clearly embedded across the institution. You will also take a leading role in developing the University's supply chain assurance function, establishing the processes and frameworks needed to give the University full visibility of supplier risk, from onboarding assessments through to ongoing monitoring.
About You
This role is suited to an experienced cybersecurity professional with a background in risk, governance, and assurance. You will be confident engaging with stakeholders at all levels, capable of providing constructive challenge, and able to translate complex technical risks into clear business impact. You will have a sound understanding of enterprise technologies and IT infrastructure, enabling you to assess how controls operate in practice across areas such as servers, endpoints, identity, and cloud services including Microsoft 365, Defender, and Entra ID.
This technical grounding will allow you to provide informed challenge, credible advice, and pragmatic recommendations to IT teams across the University. We are looking for someone who combines strong analytical capability with excellent communication skills and a collaborative approach. You will be comfortable operating in a federated environment, working with diverse stakeholders to embed a culture of shared responsibility for cyber risk, while maintaining the independence and objectivity that effective assurance demands.
Why Join Us
This is an excellent opportunity to contribute to a high-profile programme of work that is critical to protecting the University's systems, data, and research. You will help shape the University's cyber maturity journey and drive sustainable, long-term improvements in security posture. If you are looking for a role where your expertise will make a tangible difference - protecting the people, systems, and world-class research that underpin one of Scotland's leading universities - we would be delighted to hear from you.
In return, you will receive ‘on-the-job’ training, a generous holiday package and be eligible to subscribe to a variety of schemes associated with being an employee of the University including: generous employer contributions to your pension; a world-class Sport Centre; family friendly policies; and various additional incentives including a Cycle Scheme. The University also has on-site childcare and parking for which you can apply.
All successful candidates must be willing to be located in the UK.
Sponsorship and Skilled Worker Visa
Please note the vacancy for this role does not meet the requirements for sponsorship under the Skilled Worker visa route. Candidates are welcome to apply if they have an alternative right to work for this role.
Senior Cyber Risk And Assurance Lead in Newbury employer: University of Strathclyde
The University of Strathclyde is an exceptional employer, offering a unique opportunity to lead in the field of cybersecurity within a vibrant academic environment. With a strong commitment to employee development, you will benefit from on-the-job training, generous holiday allowances, and access to a world-class Sport Centre, alongside family-friendly policies and additional incentives. Join us to make a meaningful impact on the University's cyber resilience while enjoying a supportive work culture that values collaboration and innovation.
StudySmarter Expert Advice🤫
We think this is how you could land Senior Cyber Risk And Assurance Lead in Newbury
✨Tip Number 1
Network like a pro! Reach out to your connections in the cybersecurity field, especially those at the University of Strathclyde. A friendly chat can sometimes lead to insider info about the role or even a referral.
✨Tip Number 2
Prepare for the interview by brushing up on your knowledge of risk management frameworks like NCSC CAF and CIS Controls. We want you to show off your expertise and how it aligns with the University's goals!
✨Tip Number 3
Don’t just talk about your skills; share real-life examples of how you've tackled cyber risks in previous roles. This will help us see your practical experience and how you can make an impact at the University.
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets the attention it deserves. Plus, we love seeing candidates who are proactive about their job search.
We think you need these skills to ace Senior Cyber Risk And Assurance Lead in Newbury
Some tips for your application 🫡
Tailor Your Application:Make sure to customise your CV and cover letter to highlight your experience in cyber risk management and assurance. We want to see how your skills align with the role, so don’t hold back on showcasing your relevant achievements!
Showcase Your Technical Know-How:Since this role requires a solid understanding of enterprise technologies, be sure to mention your familiarity with frameworks like NCSC Cyber Assessment Framework and tools like Microsoft 365. We love seeing candidates who can bridge the gap between technical details and business impact.
Communicate Clearly:Your ability to translate complex risks into clear, actionable insights is key. Use straightforward language in your application to demonstrate your communication skills. Remember, we’re looking for someone who can engage with stakeholders at all levels!
Apply Through Our Website:We encourage you to submit your application through our website. It’s the best way to ensure your application gets the attention it deserves. Plus, it’s super easy to do—just follow the prompts and you’ll be set!
How to prepare for a job interview at University of Strathclyde
✨Know Your Cyber Risk Frameworks
Familiarise yourself with the NCSC Cyber Assessment Framework, CIS Controls, and Cyber Essentials Plus. Be ready to discuss how these frameworks can be applied in a university setting and share examples of how you've used them in past roles.
✨Engage with Stakeholders
Prepare to demonstrate your ability to communicate complex technical risks to non-technical stakeholders. Think of specific instances where you successfully engaged with different levels of management and how you translated cyber risks into business impacts.
✨Showcase Your Technical Knowledge
Brush up on your understanding of enterprise technologies and IT infrastructure, especially around servers, endpoints, and cloud services like Microsoft 365. Be prepared to discuss how you would assess security controls in these areas.
✨Prepare for Scenario-Based Questions
Expect questions that require you to think critically about risk management scenarios. Practice articulating your thought process on how you would handle various cyber risk situations, including supplier assurance and vulnerability management.
