Security Assurance Officer

IT Services at the University of Sheffield provide a full range of complex IT and technology enabled services that support education, research, workplace, corporate services and infrastructure enablers to all staff and students. The Information Security team in IT Services is seeking a Security Assurance Officer in the Security Operations team to contribute to its ongoing mission to keep the University safe and secure. The role involves working with the Security Assurance Manager to provide assurance to the University and its partners that information can be protected. Responsibilities include leading information security projects, developing and disseminating policies, and responding to requests for advice and guidance.

• Support the Information Security Team: Assist in protecting University information assets by continually reporting on security risk and compliance metrics and delivering improvements.
• Project Leadership: Lead information security projects designed to deliver technical and cultural changes to University assets and processes.
• Risk Assessment: Perform high and low level information security risk assessments.
• Policy & Procedure Development: Develop and implement new information security processes, procedures, and practices, and advise on or implement technologies to control risks.
• Control Monitoring: Track, monitor, and deliver improvements to information security controls across various faculties, departments, and research groups.
• Lead Compliance Activities: Manage and lead assurance activities for standards such as Cyber Essentials+, PCI DSS, NHS DSPT, ONS SRS AOC and GDPR.
• Risk Guidance: Provide support to manage risks, feeding into departmental and corporate risk registers and recommending suitable controls.
• Expert Advice: Respond to enquiries and provide expert support and guidance to all members of the University.
• Decision Making: Make recommendations on information security issues and potential developments to ensure the University's infrastructure and policies support security goals.
• Awareness & Training: Promote information security awareness and skills, providing tailored training solutions where necessary.
• Cross Departmental Collaboration: Work with colleagues in IT security, data protection, and research data management to ensure consistency in information support and governance.
• Stay Current: Keep up to date with published standards, legislation, and guidelines relevant to information security.
• General Duties: Perform any other duties commensurate with the grade of the post.

• Previous relevant experience in information security.
• A solid understanding of information security principles, techniques and compliance standards.
• Ability to work at speed, to a high standard and to deliver to agreed timescales.
• Ability to work at scale, in a diverse technology environment and while managing multiple supplier relationships at once.
• Professional approach to work; being self confident, innovative, organised and having a commitment to ongoing professional development.
• Excellent communication skills, both written and verbal.

• Experience in working to, and evidencing compliance of relevant standards and frameworks such as ISO/IEC 27001, PCI DSS, GDPR/DPA 2018.
• Experience collaborating with others, at all levels, to deliver information security value.
• Experience of and ability to deliver specialist training to others, at all levels.
• Relevant information security qualifications (e.g., CISSP, CompTIA Sec+, ISO 27001 Lead Implementer, PCI DSS ISA).
• A good understanding of information management principles and related information systems in an IT context.

The University of Sheffield is a Disability Confident Employer. If you have a disability and meet the essential criteria for this role you will be invited to take part in the next stage of the selection process.

BPSS clearance will be required for this role. Possession of a criminal record is not an automatic bar to employment; each case is examined in its own right.