Security Assurance Lead

• Attack Surface Management:

Job Title: Security Assurance Lead

Salary: £53,300 - £71,300

Location: Cambridge/Hybrid with a minimum 2 days a week in the office

Contract: Permanent, Full-time (35 hours per week)

The Security Assurance Lead is crucial to staying ahead of emerging threats and ensuring our information remains secure. This role demands a professional who excels at identifying vulnerabilities and ensuring compliance with industry standards. If you have the expertise and drive to elevate our security, we are eager to welcome you to our team.

We are Cambridge University Press & Assessment, a world-leading academic publisher and assessment organisation and a proud part of the University of Cambridge.

About the role

The Security Assurance Lead plays a key role in safeguarding Cambridge University Press & Assessment's information assets and ensuring compliance with industry standards, regulations, and best practices. This role involves leading security assurance initiatives, conducting risk assessments, driving compliance activities, and implementing controls to enhance the organisation's security.

Key accountabilities:

• Assurance and Testing:
• Develop and improve security policies and guidance related to security assurance testing.
• Coordinate and manage vulnerability assessments, penetration testing, and other technical evaluations.
• Collaborate with technology teams to implement robust security controls and provide guidance on remediation.
• Perform third-party vendor risk assessments and report findings to relevant stakeholders.
• Risk Management:
• Conduct regular risk assessments to identify vulnerabilities and associated risks.
• Develop and implement risk mitigation strategies.
• Define and report key risk metrics for security assurance.
• Maintain a comprehensive risk register.
• Attack Surface Management:
• Collaborate on assurance initiatives to identify, monitor, and reduce exposed vulnerabilities.
• Monitor the external threat landscape and integrate attack surface management capabilities.
• Security Governance and Compliance:
• Develop and maintain information security policies, standards, and procedures.
• Ensure compliance with legal, regulatory, and contractual obligations.
• Act as the primary liaison for assurance audits and external security assessments.
• Incident Response and Preparedness:
• Collaborate with key teams to investigate security incidents.
• Prepare and execute simulated exercises to test resilience.

About you

We are looking for a candidate with:

• 5+ years of experience in security testing and assurance.
• A degree in computer science or similar experience.
• Relevant professional qualifications such as CISSP or Accredited Security Testing Professional.
• Strong understanding of information security principles, emerging threats, compliance frameworks, and risk management practices.
• Proven experience in developing and managing security risks and mitigations within medium to large organisations.
• Excellent communication and presentation skills, with the ability to influence at all levels of the organisation.
• Analytical skills to measure the effectiveness of vulnerability management plans.
• Self-motivation, proactivity, and the ability to manage multiple projects simultaneously

If you would like to know more about this opportunity and what will make you successful, please see the full job description attached to the bottom of this vacancy on our careers site.

Rewards and benefits

We will support you to be at your best in work and to live well outside of it. In addition to competitive salaries, we offer a world-class, flexible rewards package, featuring family-friendly and planet-friendly benefits including:

• 28 days annual leave plus bank holidays
• Private medical and Permanent Health Insurance
• Discretionary annual bonus
• Group personal pension scheme
• Life assurance up to 4 x annual salary
• Green travel schemes

We are a hybrid working organisation, and we offer a range of flexible working options from day one. We expect most hybrid-working colleagues to spend 40-60% of their time at their dedicated office or location. We will also consider other work arrangements if you wish to work more flexibly or require adjustments due to a disability.

Ready to pursue your potential? Apply now.

We review applications on an ongoing basis, with a closing date for all applications being 15th May 2025 although we may close it earlier if suitable candidates are identified. Interviews are scheduled to take place shortly after.

Please note that successful applicants will be subject to satisfactory background checks including DBS due to working in a regulated industry.

Cambridge University Press & Assessment is an approved UK employer for the sponsorship of eligible roles and applicants under the Skilled Worker visa route. Please refer to the gov.uk website for guidance to understand your own eligibility based on the role you are applying for.

Why join us

Joining us is your opportunity to pursue potential. You'll belong to a collaborative team that's exploring new and better ways to serve students, teachers and researchers across the globe - for the benefit of individuals, society and the world. Sharing our mission will inspire your own growth, development and progress, in an environment which embraces difference, change and aspiration.

Cambridge University Press & Assessment is committed to being a place where anyone can enjoy a successful career, where it's safe to speak up, and where we learn continuously to improve together. We welcome applications from all candidates, regardless of demographic characteristics (age, disability, educational attainment, ethnicity, gender, marital status, neurodiversity, religion, sex, gender identity and sexual identity), cultural, or social class/background.

We believe better outcomes come through diversity of thought, background and approach. We welcome applications from people from all backgrounds and communities, actively seeking to employ people from a wide range of different communities.

#LI-SW1