Head of Security Governance, Risk & Compliance - 5880

Join to apply for the Head of Security Governance, Risk & Compliance - 5880 role at Cambridge University Press & Assessment

Head of Security Governance, Risk & Compliance - 5880

Join to apply for the Head of Security Governance, Risk & Compliance - 5880 role at Cambridge University Press & Assessment

Get AI-powered advice on this job and more exclusive features.

Job Title: Head of Security Governance, Risk & Compliance

Salary: £70,400 - £94,100

Location: Cambridge/Hybrid Minimum 2 days a week in the office

Contract: Permanent

The Head of Security GRC is a senior leadership role within the Security SMT, tasked with driving the organisation's security governance, risk, and compliance strategy. This position engages across all levels of the business, ensuring regulatory compliance, effective risk management, and robust assurance processes to support decision-making by the Senior Leadership Team.

You will deliver a robust Security Assurance Framework, oversee supplier assurance activities, and maintain relevant ISO and Cyber Essentials certifications. Additionally, you'll drive the implementation of security standards, policies, governance reporting, and audit programmes to ensure robust controls are in place. You'll play a critical role in enabling informed decision-making and promoting a culture of security awareness across the organisation.

We are Cambridge University Press & Assessment, a world-leading academic publisher and assessment organisation and a proud part of the University of Cambridge.

About The Role

The position involves engaging at all organisational levels, managing security risks, ensuring regulatory compliance, and providing assurance on business practices to support informed decisions by the Senior Leadership Team and Security Board. Responsibilities include implementing and monitoring security standards, policies, AI governance, and audit programmes to ensure effective mitigations and controls. Additionally, the role entails designing and delivering the Security Assurance Framework, conducting supplier assurance activities and audits, leading the Awareness Community of Practice, and maintaining relevant ISO & Cyber Essentials certifications.

Key Accountabilities:

• Develops security standards, policies, and guidelines and ensures compliance across Cambridge.
• Leads the delivery of approved projects and investments to reduce risk and security exposure.
• Proactively identifies new threats, risks, and trends; reports mitigation progress to the Security Board and SLT.
• Collaborates with key stakeholders to create customer-centric security policies for products and services.
• Coordinates audits, regulatory inquiries, and external vendor activities to align with industry standards.
• Responsible for leading and managing the GRC team to achieve compliance and team success in the organisation.
• Oversees vendor relationships to ensure protection of Cambridge global people and assets.
• Aligns attack surface management (ASM) process with GRC objectives and provides updates on mitigation progress.
• Integrates AI governance with relevant GRC frameworks to meet regulatory standards.
• Manages certifications like ISO 27001, 42001, Cyber Essentials, and HMG Security Policy Framework.
  
  

• Proven experience managing an Information Security Management System (ISMS), including ISO 27001 certification.
• Strong working knowledge of security threats and proportionate mitigations, as well as supply chain security management systems.
• A minimum of 3 years' experience in a senior governance or risk management role.
• Active CRISC or ISO 27005 Risk Manager certification (or higher), with additional certifications such as ISO 27001/42001 Lead Auditor or Implementor being advantageous.
• Demonstrated experience in strategic governance of security, managing security risks in line with ISO 27005, and implementing ISO 27001 compliant systems.
• Expertise in auditing security controls for both internal operations and third parties.
• Exceptional stakeholder management skills, with the ability to build relationships across all organisational levels.
• Strong negotiation skills to influence decisions and achieve positive outcomes.
• Experience leading and developing teams, both within the UK and regionally.
  
  

• 28 days annual leave plus bank holidays
• Private medical and Permanent Health Insurance
• Discretionary annual bonus
• Group personal pension scheme
• Life assurance up to 4 x annual salary
• Green travel schemes
  
  

Seniority level

• Seniority level

  Executive

Employment type

• Employment type

  Full-time

Job function

• Job function

  Other, Information Technology, and Management

• Industries

  Book and Periodical Publishing, Higher Education, and E-Learning Providers

Referrals increase your chances of interviewing at Cambridge University Press & Assessment by 2x

Sign in to set job alerts for “Head of Security” roles.

Head of Security Governance, Risk & Compliance

Cambridge, England, United Kingdom 1 week ago

Croydon, England, United Kingdom 6 days ago

Babraham, England, United Kingdom 1 week ago

Security Services Group (SSG) - Security Technician

Croydon, England, United Kingdom 4 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.