Cyber Security Assurance Analyst at University of Bath

We are seeking a Cyber Security Assurance Analyst to join our Digital, Data & Technology Group.

About the role 

The Security Assurance Analyst is part of a team responsible for a broad range of Information Security tasks and activities including support and maintenance of the University’s Information Security Management System (ISMS), operating and applying security controls in line with standard frameworks – ISO 27001, NIST CSF, Cyber Essentials and facilitating risk-based decision making to ensure maintenance of security posture. 

You will need to be responsible for crafting new policy, implementing policy changes and updates and ensuring existing policy remains in step with university practices and current ways of working. You will undertake risk assessments and software security assurance and ensure security governance is applied at all stages of the project delivery and development lifecycles. You will be expected to review security processes, systems and capabilities that affect the security of our most critical assets. 

You will proactively work with colleagues to identify areas of weakness and exposures and create recommendations for improvements. 

As appropriate, you will take part in change approval boards, oversee the security elements of delivering new products and services into live University environments and work closely with vendors. 

This role is offered on a full time (36.5 hours per week) permanent basis.

About you 

• A broad of knowledge of security risk and assurance practices including detailed knowledge of security controls frameworks: ISO 27001/Cyber Essentials/NIST /CSF/NIS/CIS Top 20/OWASP. 
• A broad technical knowledge of various security assessment tools, how to apply them and interpret the output. 
• In depth experience of performing risk assessments, gap analysis and software security assurance. Skilled in reviewing policy and security documentation, understanding penetration test reports and recommending remediating actions.
• Skilled in authoring security policy and standards and ensuring it reflects the University’s strategy and objectives, is readable, understandable and easily accessed. 
• Excellent practical experience and knowledge of measuring performance and effectiveness of security controls to reduce incidents, safeguard sensitive data and improve overall security posture. 
• Knowledge and understanding of reducing risk and exposure across third parties and throughout the supply chain.