Cyber Security Assurance Analyst
Department: Digital, Data & Technology Group
Salary: Starting from £37,099, rising to £44,263
Closing date: Sunday 18 February 2024
We are seeking a Cyber Security Assurance Analyst to join our Digital, Data & Technology Group.
About the role
The Security Assurance Analyst is part of a team responsible for a broad range of Information Security tasks and activities, including support and maintenance of the University’s Information Security Management System (ISMS), operating and applying security controls in line with standard frameworks – ISO 27001, NIST CSF, Cyber Essentials and facilitating risk-based decision making to ensure the maintenance of security posture.
You will need to be responsible for crafting new policy, implementing policy changes and updates and ensuring existing policy remains in step with university practices and current ways of working. You will undertake risk assessments and software Security Assurance and ensure security governance is applied at all stages of the project delivery and development lifecycles. You will be expected to review security processes, systems and capabilities that affect the security of our most critical assets.
You will proactively work with colleagues to identify areas of weakness and exposure and create recommendations for improvements.
As appropriate, you will take part in change approval boards, oversee the security elements of delivering new products and services into live University environments and work closely with vendors.
This role is offered on a full-time (36.5 hours per week), permanent basis.
About you
- A broad of knowledge of security risk and assurance practices including detailed knowledge of security controls frameworks: ISO 27001/Cyber Essentials/NIST /CSF/NIS/CIS Top 20/OWASP.
- A broad technical knowledge of various security assessment tools, how to apply them and interpret the output.
- In-depth experience of performing risk assessments, gap analysis and software Security Assurance. Skilled in reviewing policy and security documentation, understanding penetration test reports and recommending remediating actions.
- Skilled in authoring security policy and standards and ensuring it reflects the University’s strategy and objectives, is readable, understandable and easily accessed.
- Excellent practical experience and knowledge of measuring performance and effectiveness of security controls to reduce incidents, safeguard sensitive data and improve overall security posture.
- Knowledge and understanding of reducing risk and exposure across third parties and throughout the supply chain.
What we can offer you:
- a very generous employer contributory pension scheme
- generous annual leave allowance with an additional 5 discretionary days so that you can enjoy a positive work-life balance
- we are a family-friendly University and with an increasingly agile workforce, are open to flexible working arrangements
- an excellent reward package that recognises the talents of our diverse workforce
- a wide range of personal and professional development opportunities
- a number of support options available for new and existing staff to help with the cost of some immigration expenses which you may be eligible for: Relocation allowance, Visa Reimbursement, Interest-Free Loan.
We consider ourselves to be an inclusive university, where difference is celebrated, respected and encouraged. We have an excellent international reputation with staff from over 60 different nations and have made a positive commitment towards gender equality and intersectionality receiving a Silver Athena SWAN award. We truly believe that diversity of experience, perspectives, and backgrounds will lead to a better environment for our employees and students, so we encourage applications from all genders, backgrounds, and communities, particularly from under-represented groups, and value the positive impact that will have on our teams.
We are very proud to be an autism-friendly university and are an accredited Disability Confident Leader; committed to building disability confidence and supporting disabled staff.
Find out from our staff what makes the University of Bath a great place to work. Follow us on Twitter for more information.
Other organisations may call this role Cyber Security Analyst, Cyber Security Threat Analyst, Cyber Defence Analyst, Threat and Vulnerability Analyst, Vulnerability Management Analyst, Threat Detection Analyst, or IT Security Analyst.
So, if you'd like to join us as a Cyber Security Assurance Analyst, please apply via the button shown.