The association for the people and businesses of Sheffield's digital industries.

mentoring for talent development

Join the mentoring scheme

Security Assurance Officer

  • Full Time
  • Temporary
  • Sheffield/Hybrid
  • £38,784-£47,389 GBP / Year

Website sheffielduni IT Services, The University of Sheffield

Job Id:  2457

Contract type: FTC for 12 months / Hybrid

Closing Date:  25/05/2026
 

Overview

IT Services at the University of Sheffield provide a full range of complex IT and technology-enabled services that support education, research, workplace, corporate services and infrastructure enablers to all our staff and students.

The Information Security team in IT Services is seeking a Security Assurance Officer in the Security Operations team to contribute to its ongoing mission to keep the University safe and secure.

This is an exciting opportunity for you to work with the Security Assurance Manager to provide assurance to the University and its partners that we can protect information. You will support our staff and students to make sure they can work safely whilst getting the best out of the information under their control. This will include leading information security projects, the development and dissemination of policies as well as responding to requests for advice and guidance.

Experience with recognised information security standards and frameworks such as ISO/IEC 27001, PCI-DSS and Cyber Essentials will be particularly advantageous. You will be required to liaise with external stakeholders to satisfy their information security requirements.

You will be exposed to key, strategic initiatives, including the development and implementation of the University’s Information Security Management System (ISMS) and providing research compliance support across a range of activities.

Main duties and responsibilities

Core Responsibilities

  • Support the Information Security Team: Assist in protecting University information assets by continually reporting on security risk and compliance metrics and delivering improvements.
  • Project Leadership: Lead information security projects designed to deliver technical and cultural changes to University assets and processes.
  • Risk Assessment: Perform high- and low-level information security risk assessments.
  • Policy & Procedure Development: Develop and implement new information security processes, procedures, and practices, and advise on or implement technologies to control risks.
  • Control Monitoring: Track, monitor, and deliver improvements to information security controls across various faculties, departments, and research groups.
  • Lead Compliance Activities: Manage and lead assurance activities for standards such as Cyber Essentials +, PCI-DSS, NHS DSPT, ONS SRS AOC and GDPR
  • Risk Guidance: Provide support to manage risks, feeding into departmental and corporate risk registers and recommending suitable controls.
  • Expert Advice: Respond to enquiries and provide expert support and guidance to all members of the University.
  • Decision Making: Make recommendations on information security issues and potential developments to ensure the University’s infrastructure and policies support security goals.
  • Awareness & Training: Promote information security awareness and skills, providing tailored training solutions where necessary.
  • Cross-Departmental Collaboration: Work with colleagues in IT security, data protection, and research data management to ensure consistency in information support and governance.
  • Stay Current: Keep up to date with published standards, legislation, and guidelines relevant to information security.
  • General Duties: Perform any other duties commensurate with the grade of the post.

Person Specification 

Our diverse community of staff and students recognises the unique abilities, backgrounds, and beliefs of all. We foster a culture where everyone feels they belong and is respected. Even if your past experience doesn’t match perfectly with this role’s criteria, your contribution is valuable, and we encourage you to apply. Please ensure that you reference the application criteria in the application statement when you apply.

Criteria

  • Previous relevant experience in information security.
  • A solid understanding of information security. principles, techniques and compliance standards.
  • Ability to work at speed, to a high standard and to deliver to agreed timescales.
  • Ability to work at scale, in a diverse technology environment and while managing multiple supplier relationships at once
  • Professional approach to work; being self-confident, innovative, organised and having a commitment to ongoing professional development
  • Excellent communication skills, both written and verbal
  • Experience in working to, and evidencing compliance of relevant standards and frameworks such as ISO/IEC 27001, PCI-DSS, GDPR/DPA 2018
  • Experience collaborating with others, at all levels, to deliver information security value
  • Experience of and ability to deliver specialist training to others, at all levels
  • Relevant information security qualifications (e.g., CISSP, CompTIA Sec+, ISO 27001 Lead Implementer, PCI-DSS ISA)
  • A good understanding of information management principles and related information systems in an IT context.

To apply for this job please visit jobsite.sheffield.ac.uk.