IT Security – Governance Risk and Compliance Analyst

at  University of Glasgow

JOB PURPOSE

The Governance Risk and Compliance Analyst will provide analytical expertise to inform the Cyber Risk and Assurance Manager and the wider Information Security Team.
The post holder will support the deployment and maturity of the Security Controls Framework and provide analytical reporting to inform policy, governance, strategy and cyber awareness.
The role will be responsible for developing and maintaining a catalogue of controls, processes and procedures across Information Services and will support the response to audit and University funding requests. They will also support new and existing Information Security Resilience processes to ensure compliance is met internally.

MAIN DUTIES AND RESPONSIBILITIES

1. Support the development of University Information Security Policies and Frameworks.
2. Innovate to develop governance frameworks and influence key stakeholders to adopt them.
3. Manage Information Security Risk registers and action trackers
4. Measure and maintain a catalogue of security control responses
5. Provide regular reporting updates suitable for senior stakeholders.
6. Contribute to Information Security PI planning, delivery and improvements.
7. Conduct regular data analysis of our security monitoring systems, report on relationships between our security controls, operational incidents and vulnerabilities to provide transparency and inform decision-making.
8. Partnership working with the Information Security teams to provide holistic and accurate reporting on our security status.
9. Partnership working with the Information Services teams and broader University departments to make improvements to our Cyber Security.
10. Support the Risk and Assurance Manager on all internal and external communications.
11. Liaise with external partners to ensure our requirements are fully understood and tested.
12. Support the growth and maturity of the Information Security team through procurement processes.