Governance, Risk & Compliance Analyst
About the Directorate
As IT&D, we help to create the University of the future by co-designing new ways of working, enhancing productivity, reducing complexity, supporting innovation, and providing the insights to drive continual improvement. Embracing a digital future in an evolving modern university, you will be working in partnership with our academic and Professional Services colleagues to deliver digital services that help the University achieve its strategic objectives in teaching and research, nationally & globally.
About the Department
IT & Digital (ITD) plays a central role in delivering high-quality, responsive, and secure services that support our staff and students. Our work directly shapes the learning and professional experience across the University.
About the Team
As part of the Information Security team, you will join a growing function focused on strengthening governance, risk, compliance, and operational security across the University. The team works closely with IT, Cyber Security, and business stakeholders to embed practical, effective security controls. We operate a hybrid working model, with time on campus to support collaboration and engagement.
About the Role
As a Governance, Risk and Compliance Analyst, you will play a key role in designing, embedding, and continuously improving the University's operational security controls and processes.
You will act as a bridge between security strategy and day-to-day operations, ensuring that security policies, controls, and compliance activities are practical, effective, and aligned to regulatory and sector expectations. You will influence how security is implemented across systems, services, and suppliers, helping to strengthen the University's overall security posture.
You will report to the Head of Information Security - Governance, Risk and Compliance and work closely with colleagues across IT, Cyber Security, and business areas to ensure security is embedded into everything we do.
Key responsibilities include:
- Develop and maintain operational security architectures aligned to best practice (e.g. NCSC, UCISA).
- Ensure compliance with regulatory and legal requirements (e.g. GDPR, Data Protection Act, PCI-DSS).
- Design and implement security processes across identity, access control, vulnerability management, and incident response.
- Lead internal audits and support external assurance activities (e.g. Cyber Essentials).
- Identify control weaknesses and drive remediation with IT and stakeholders.
- Develop and maintain security policies, standards, and guidance across the organisation.
- Conduct risk assessments and maintain the information security risk register.
- Support third-party assurance and supplier security risk management.
- Investigate incidents and identify opportunities to improve controls and resilience.
- Deliver security awareness training and promote a strong security culture.
- Provide expert advice to projects, governance forums, and operational teams on security matters.
Key Skills
You will need to demonstrate how you can meet the key skills required for this role:
- Strong operational security experience across architecture, compliance, and control design.
- Excellent understanding of security frameworks (e.g. NIST CSF, CIS Controls, ISO 27001).
- Knowledge of cloud and on-premises security controls and architectures.
- Experience of audit, compliance, and risk assessment activities.
- Strong stakeholder engagement skills, able to influence both technical and non-technical audiences.
- Ability to translate complex security concepts into clear, practical guidance.
- Professional security certification (e.g. CISSP, CISM, ISO 27001, CCSP, CRISC) or equivalent experience.
Find Your Best Opportunity
Tell them AcademicJobs.com sent you!










