Please note, this vacancy is open to current University of Glasgow employees only 

​

Job Purpose

 The Governance Risk and Compliance Analyst will provide analytical expertise to inform the Cyber Risk and Assurance Manager and the wider Information Security Team.

The post holder will support the deployment and maturity of the Information Security Control Framework and provide analytical reporting to inform policy, governance, strategy and risk awareness.

The role will be responsible for developing and maintaining a catalogue of risks and controls processes and procedures across Information Services and will support the response to audit and University funding requests from an information security perspective. They will also support new and existing Information Security Resilience processes to ensure compliance is met internally.

Main Duties and Responsibilities

1.     Innovate and Support the development of University Information Security Risk, Policies and Frameworks.

2.     Innovate to develop risk governance frameworks and influence key stakeholders to adopt them.

3.     Manage a catalogue of information security controls, Risk registers, audit and action trackers and work in partnership with accountable stakeholders to ensure actions are followed through.

4.     Provide regular reporting updates suitable for senior stakeholders (extensive use of PowerPoint required).

5.     Analyse data to determine risk status and provide summaries to inform the wider team and a variety of stakeholders (includes extensive use of excel)

6.     Conduct regular data analysis of our security monitoring systems, report on relationships between our security controls, operational incidents and vulnerabilities to provide transparency and inform decision-making.

7.     Analyse legal documentation (such as university contracts), identify risk state and report findings to immediate team and relevant stakeholders.

8.     Coordinating Risk Management forums including setting up and managing meeting cadences (extensive use of O365).

9.     Partnership working with the Information Security teams to provide holistic and accurate reporting on our risk status.

10.   Partnership working with the Information Services teams and broader University departments to make improvements to our Information Security Risks.

11.   Support the Risk and Assurance Manager on all internal and external communications.

12.   Liaise with internal/external partners to ensure our requirements are fully understood and tested.

13.   Support the growth and maturity of the Information Security team through procurement processes.

14.   Support the growth and maturity of all activities pertaining to Information Security Risk Governance & Compliance.

Knowledge, Qualifications, Skills and Experience

Knowledge/Qualifications

Essential:

A1 Scottish Credit and Qualification Framework level 9, 10, 11 (Degree, Post Graduate Qualification) or equivalent, including being professionally qualified in relevant discipline, with a broad range of professional experience in a management role(s) OR Ability to demonstrate the competencies required to undertake the duties associated with this level of post, having acquired the necessary professional knowledge and management skills similar or number of different specialist roles.

A2 Knowledge of risk and legislative frameworks (such as GDPR) and be able to relate business needs to security protocols.

A3 Knowledge of governance and assurance best practices.

A4 Computer literate, with up-to date knowledge of and experience of working with Office 365.

A5 Demonstrable working knowledge of information compliance issues/challenge.

Desirable:

B1 Accreditation in Risk and Governance or related disciples.

B2 Appreciation of all areas of technology and accompanying disciplines (architecture, development etc).

B3 Knowledge of information and cyber security concepts, processes and industry best practices.

Detailed knowledge of University structure, policies and procedures.

Demonstrable experience of University specific IT systems e.g. Ivanti.

Skills

Essentials:

C1 Ability to pay attention to detail and work with accuracy.

C2 Excellent interpersonal skills: (i) to communicate clearly and effectively, both verbally and in writing (ii) to communicate and liaise effectively with other technical specialists, business stakeholders on complex problems and to provide clear and informative explanations.

C3 Demonstrable ability to work effectively both independently and as part of a team.

C4 Discretion and diplomacy.

C5 Demonstrable ability to prioritise and problem-solve under pressure and manage own workload effectively.

C6 Numeracy.

C7 Demonstrable ability to exercise judgement and show initiative to resolve problems independently.

C8 Demonstratable intuitivist in handling and analysing data with high risk.

C9 Demonstrable track record of working within risk and governance frameworks suggesting enhancements and improvements .

C10 Proven ability to use analytical software (including excel), summarise findings and present suggestive improvements.

C11 Excellent communication skills being able to influence stakeholders in a risk. Governance and Compliance setting.

C12 Produce clear and concise assessments of security risks through analytics; explaining technical subject matter to a non-technical audience.

Experience

Essential:

E1 Experience of improving risk and governance processes.

E2 Experience in translating security risks into business improvement plans.

E3 Experience working in fast paced diverse technology environment.

E4 Experience of making informed decisions whilst under pressure by balancing requirements with technical risk.

E5 Experience of maintaining a risk log.

E6 Experience of coordinating and influencing large and diverse groups of stakeholders.

E7 Experience extracting critical information to inform risk, through stakeholder engagement, information gathering and review.

F8 Experience of comprehensively using Power BI or other similar analytical tools (Tableau, Excel, Splunk etc.) within a work setting and track record of using it to inform senior management on decision making.

Desirable:

F1 Experience of working in educational or public sector institutions.

F2 Experience of partnering with supplier and contract management.

F3 Experience of working on large complex IT projects and applying security principles.

F4 Experience of writing user story/business requirements in a format suitable for both technical and non-technical experienced colleagues.

Terms and Conditions

Salary will be Grade 7, £41,064 - £46,049 per annum.

This post is full time and open ended.

Closing date: 23:45 8th October 2025

The University of Glasgow has a responsibility to ensure that all employees are eligible to live and work in the UK.  If you require a Skilled Worker visa to work in the UK, you will be required to meet the eligibility requirements of the visa route to be assigned a Certificate of Sponsorship.

Please note that this post may be eligible to be sponsored under the Skilled Worker visa route if tradeable points can be used under the Skilled Worker visa rules. For more information please visit: https://www.gov.uk/skilled-worker-visa.

As a valued member of our team, you can expect:

1 A warm welcoming and engaging organisational culture, where your talents are developed and nurtured, and success is celebrated and shared.

2 An excellent employment package with generous terms and conditions including 41 days of leave for full time staff, pension - pensions handbook https://www.gla.ac.uk/myglasgow/payandpensions/pensions/, benefits and discount packages.

3 A flexible approach to working.

4 A commitment to support your health and wellbeing, including a free 6-month UofG Sport membership for all new staff joining the University  https://www.gla.ac.uk/myglasgow/staff/healthwellbeing/.

We believe that we can only reach our full potential through the talents of all. Equality, diversity and inclusion are at the heart of our values. Applications are particularly welcome from across our communities and in particular people from the Black, Asian and Minority Ethnic (BAME) community, and other protected characteristics who are under-represented within the University. Read more on how the University promotes and embeds all aspects of equality and diversity within our community https://www.gla.ac.uk/myglasgow/humanresources/equalitydiversity/.

We endorse the principles of Athena Swan https://www.gla.ac.uk/myglasgow/humanresources/equalitydiversity/athenaswan/ and hold bronze, silver and gold awards across the University.

We are investing in our organisation, and we will invest in you too. Please visit our website https://www.gla.ac.uk/explore/jobs/ for more information.