Cyber Risk and Assurance Manager

🔒 Confidential Employer
Posted 23 April 2026
LOCATION
Glasgow
TYPE
Full-time
LEVEL
Mid-Senior level
SALARY
£58,225 / year
CATEGORY
IT Security
This employer holds a UK Home Office sponsor license — sponsorship for this specific role is at the employer’s discretion

SKILLS

Risk Assessment Cyber Security Governance ISO27001 GDPR Security Control Risk Management

FULL DESCRIPTION

Cyber Risk and Assurance Manager

Please note this vacancy is only open to current [Employer hidden — view at passion-project.co.uk] employees

Job Purpose

The Cyber Risk and Assurance Manager will provide knowledge and leadership for security assurance, identifying and managing the University compliance requirements against external standards and ensuring operational compliance with internal institution policies.

The postholder will support creation and deployment of best practice security control framework and lead on the management and oversight of policy and governance processes, cyber awareness for students and contribute to the overall security strategy.

This role will be responsible for the development of a risk and assurance function taking any necessary actions and decisions regarding the management of the function, referring matters of an exceptionally complex and sensitive nature to the Chief Information Security Officer.

Main Duties and Responsibilities

  • Facilitate and manage the development, implementation, and continuous improvement of the University wide cyber security controls framework.
  • Develop and maintain the institution cyber security policies and standards.
  • Manage and conduct cyber security risk and control assessments monitoring compliance with key controls requirements (such as Cyber Essentials, ISO27001/2) and make recommendations on improvement plans.
  • Work with College stakeholders to agree, evaluate and document security risks and present progress against agreed plans.
  • Engage with wider risk community to collate and deliver key risk reporting to the Information Services management team, Risk Director, College management teams and other governance forums as required, providing recommendations on strategic direction and prioritisations.
  • Provide specialist and strategic advice in developing IT Security controls and making effective use of controls to reduce overall risk.
  • Act as an advocate for Cyber Security team while building relationships with key stakeholders at all levels of the institution.
  • Represent the University at internal and external committees, events and meetings.

Knowledge, Qualifications, Skills and Experience

Knowledge/Qualifications

Essential:

  • A1 Ability to demonstrate the competencies required to undertake the duties associated with this level of post having acquired the necessary professional knowledge and management skills in a similar or number of different specialist roles. Or: Scottish Credit and Qualification Framework level 9,10 or 11 (Ordinary/Honours Degree, Post Graduate Qualification), or equivalent, including being professionally qualified in relevant discipline, with a broad range of professional experience in a management role(s).
  • A2 Detailed and authoritative knowledge of risk and legislative frameworks (such as GDPR, Cyber Essentials) and be able to relate business needs to security protocols.
  • A3 Extensive knowledge of governance and assurance best practices including 3 lines of defence models.
  • A4 Excellent understanding of information and cyber security concepts, processes and industry best practices.

Desirable:

  • B1 Accreditation in Risk and Governance or related disciples.
  • B2 Appreciation of all areas of technology and accompanying disciplines (architecture, development etc).

Skills

Essentials:

  • C1 Demonstrable ability to work within risk and governance framework suggesting enhancements and improvements.
  • C2 Proven ability to perform risk assessments of technology assets, business processes and produce remediation plans.
  • C3 Highly developed and demonstrable track record of assessing priorities and managing own workload effectively.
  • C4 Excellent interpersonal skills: with ability to communicate and liaise effectively with other technical specialists, business stakeholders and senior academics on complex problems and to provide clear and informative explanations.
  • C5 Produce clear and concise assessments of technology and security risk; explaining technical subject matter to a non-technical audience.
  • C6 Use considerable judgment, lateral thinking and discretion to provide professional, specialised innovative and practical solutions.

Experience

Essential:

  • E1 Substantial experience of designing, improving, and enhancing risk and governance frameworks, embedding them into daily operations and tracking effectiveness.
  • E2 Proven track record of translating security risks into business improvement plans and presenting progress regularly to forums with different levels of technology knowledge.
  • E3 Experience of security control testing, defining expected control outputs and defining control regimes to aid in retaining accreditations such as Cyber Essentials.
  • E4 Experience working in fast paced diverse technology environment with emphasis on security technologies.
  • E5 Experience of making informed decisions whilst under pressure by balancing requirements with technical risk.

Desirable:

  • F1 Experience of working in educational or public sector institutions.
  • F2 Experience of supplier and contract management.
  • F3 Experience of working on large complex IT projects and applying security principles.

Terms and Conditions

Salary will be Grade 8, £50,253 - £58,225 per annum.

This post is full time (35 hours p/w) and open ended.

Closing date: 15 April 2026

Sign up free — access 45,000+ UK sponsor-licensed jobs