KEY ACCOUNTABILITIES:

• Assurance and Testing:
• Develop and improve security policies and guidance related to security assurance testing.
• Coordinate and manage vulnerability assessments, penetration testing, and other technical evaluations.
• Collaborate with technology teams to implement robust security controls and provide guidance on remediation.
• Perform third-party vendor risk assessments and report findings to relevant stakeholders.
• Risk Management:
• Conduct regular risk assessments to identify vulnerabilities and associated risks.
• Develop and implement risk mitigation strategies.
• Define and report key risk metrics for security assurance.
• Maintain a comprehensive risk register.
• Attack Surface Management:
• Collaborate on assurance initiatives to identify, monitor, and reduce exposed vulnerabilities.
• Monitor the external threat landscape and integrate attack surface management capabilities.
• Security Governance and Compliance:
• Develop and maintain information security policies, standards, and procedures.
• Ensure compliance with legal, regulatory, and contractual obligations.
• Act as the primary liaison for assurance audits and external security assessments.
• Incident Response and Preparedness:
• Collaborate with key teams to investigate security incidents.
• Prepare and execute simulated exercises to test resilience.

ABOUT YOU

We are looking for a candidate with:

• 5+ years of experience in security testing and assurance.
• A degree in computer science or similar experience.
• Relevant professional qualifications such as CISSP or Accredited Security Testing Professional.
• Strong understanding of information security principles, emerging threats, compliance frameworks, and risk management practices.
• Proven experience in developing and managing security risks and mitigations within medium to large organisations.
• Excellent communication and presentation skills, with the ability to influence at all levels of the organisation.
• Analytical skills to measure the effectiveness of vulnerability management plans.
• Self-motivation, proactivity, and the ability to manage multiple projects simultaneously

If you would like to know more about this opportunity and what will make you successful, please see the full job description attached to the bottom of this vacancy on our careers site.

WHY JOIN US

Joining us is your opportunity to pursue potential. You’ll belong to a collaborative team that’s exploring new and better ways to serve students, teachers and researchers across the globe – for the benefit of individuals, society and the world. Sharing our mission will inspire your own growth, development and progress, in an environment which embraces difference, change and aspiration.
Cambridge University Press & Assessment is committed to being a place where anyone can enjoy a successful career, where it’s safe to speak up, and where we learn continuously to improve together. We welcome applications from all candidates, regardless of demographic characteristics (age, disability, educational attainment, ethnicity, gender, marital status, neurodiversity, religion, sex, gender identity and sexual identity), cultural, or social class/background.
We believe better outcomes come through diversity of thought, background and approach. We welcome applications from people from all backgrounds and communities, actively seeking to employ people from a wide range of different communities.

LI-SW1

The Security Assurance Lead plays a key role in safeguarding Cambridge University Press & Assessment’s information assets and ensuring compliance with industry standards, regulations, and best practices. This role involves leading security assurance initiatives, conducting risk assessments, driving compliance activities, and implementing controls to enhance the organisation’s security.