Job Title: Security Risk Lead
Salary: £53,300 - £71,300
Location: Cambridge/Hybrid with 2 days a week minimum in the office
Contract: Permanent
Hours: 35 hour per week
Join our organisation as a Security Risk Lead. Utilise your expertise and drive to safeguard operations in this impactful role.
We are Cambridge University Press & Assessment, a world-leading academic publisher and assessment organisation and a proud part of the University of Cambridge.
About the role
The Security Risk Lead plays a pivotal role by driving Cambridge University Press & Assessment's security risk management strategy. This position is responsible for identifying, assessing, and mitigating operational, financial, and strategic security risks across the organisation to ensure a resilient and compliant security framework.
Overseeing the Security Risk Manager, the Security Risk Lead will work closely with senior stakeholders to develop and embed risk management processes that align with the organisation's priorities. They will also take the lead on key initiatives to reduce the organisation's risk exposure, delivering critical risk insights, reports
• Lead and improve the security risk management strategy, in line with Enterprise risk strategy, identifying, analysing, and evaluating risks that may affect the organisation.
• Implement controls to mitigate risks and ensure effective execution.
• Manage and support the Security Risk Manager. Prepare and present regular risk reports for senior management.
• Oversee the analysis and monitoring of risks, ensuring emerging risks are flagged. Ensure compliance with regulatory requirements.
• Monitor industry trends and best practices.
• Collaborate with the Head of Security GRC and teams to manage incidents and propose corrective actions.
• Provide risk management training and develop a risk-aware culture.
• Support the development of security risk policies and frameworks.
• Collect data for risk assessments and foster a collaborative risk management approach. Provide risk management input on key projects.
• Represent the organisation in industry forums.
This position has been classified as a hybrid role, requiring the selected candidate to typically spend 40-60% of their time collaborating and connecting face-to-face at their dedicated location. Aside from our hybrid principles, other flexible working requests will be considered from the first day of employment, including other work arrangements should you require adjustments due to a disability or long-term health condition.
About You
We are looking for someone with extensive knowledge of security risk management frameworks and methodologies (e.g., ISO 31000, 27001, 27005, NIST) and regulatory requirements in the industry
The ideal candidate will have a relevant degree in Risk Management, Finance, Business, or a related field, or appropriate business experience, along with active CRISC or 27005 Risk Manager certification
You should have a minimum of 5 years or demonstrated experience in a governance, risk, or compliance role within an information security context
Strong analytical and problem-solving abilities, excellent written and verbal communication skills, and proficiency in risk management software and MS Office Suite are essential
You should be detail-oriented with strong organisational and project management skills, and able to work well in a team-oriented environment and build relationships with stakeholders
If you meet the above minimum requirements, we encourage you to apply.
Your application will be even stronger if you can also demonstrate the following desirable criteria:
• Design or implementation of parts of or all of a Risk Management Framework
• Managed risks within an operational environment
• Developed risk management recommendations for senior leadership
• Managed and maintained a comprehensive risk management framework, including risks registers, control tracking, governance fora and reporting measures
For a detailed job description, please refer to the link at the bottom of the advert on our careers site.
We are a Disability Confident (DC) employer that is committed to equality and inclusion ensuring our recruitment process is accessible to all. The DC scheme's Offer of an Interview commitment applies to applicants who opt in, and disclose a disability or a long-term health condition, and best meet the minimum criteria for the role. In instances where interviewing all qualifying candidates is not practicable, we prioritise those who best meet the minimum criteria, as we would for applicants who do not have a disability or long-term health condition.
Cambridge University Press & Assessment is an approved UK employer for the sponsorship of eligible roles and applicants under the Skilled Worker visa route. Please refer to the gov.uk website for guidance to understand your own eligibility based on the role you are applying for.
Rewards and benefits
We will support you to be at your best in work and to live well outside of it. In addition to competitive salaries, we offer a world-class, flexible rewards package, featuring family-friendly and planet-friendly benefits including:
• 28 days annual leave plus bank holidays
• Private medical and Permanent Health Insurance
• Discretionary annual bonus
• Group personal pension scheme
• Life assurance up to 4 x annual salary
• Green travel schemes
Apply : https://careers.cambridge.org/jobs/vacancy/security-risk-lead-cambridge/7079/description/