Job Title: Security Governance Analyst
Salary: GBP 29,700 : GBP 38,500
Location: Cambridge / Hybrid with 2 days a week in office
Contract: Permanent
Hours: Full time 35 hours per week
Joining us as a Security Governance Analyst offers the opportunity to contribute directly to strengthening our security governance, ensuring our organisation continues to deliver responsibly, securely, and effectively.
We are Cambridge University Press and Assessment, a world:leading academic publisher and assessment organisation and a proud part of the University of Cambridge.
About the role
This role supports the development and oversight of security governance practices across the organisation. You will maintain security documentation, support internal and external audits, contribute to supplier assurance processes, and provide essential security governance support to the wider Group Security team. Your work will help ensure compliance, strengthen our ISMS, and uphold high security standards.
Additional responsibilities include: Supporting the development and documentation of security policies and guidelines. Assisting with ISO 27001 and Cyber Essentials audit preparation and evidence collation. Maintaining supplier assurance tools and conducting supplier security assessments Monitoring compliance and contributing to relevant governance reporting. Supporting risk management processes, including maintaining risk registers Providing administrative support to the Group Security team, including processing POs and maintaining the Security Connect page. This position has been classified as a hybrid role, requiring the selected candidate to typically spend 40:60 of their time collaborating and connecting face:to:face at their dedicated location. Aside from our hybrid principles, other flexible working requests will be considered from the first day of employment, including other work arrangements should you require adjustments due to a disability or long:term health condition.
About You
You will bring: A minimum of 2 years experience or demonstrated capability in information security governance, risk, or compliance. Working knowledge of ISMS frameworks such as ISO 27001 and Cyber Essentials. Familiarity with supply chain and third:party security management. Knowledge of security threats and mitigation strategies. Strong organisational, communication, and stakeholder engagement skills. If you meet the above minimum requirements, we encourage you. Your application will be even stronger if you can also demonstrate the following desirable criteria: ISO 27001 Foundation or Information Security Fundamentals certification. 27001 Lead Auditor certification (or willingness to work towards it). Experience delivering security awareness programmes. Experience working with security risk frameworks. For a detailed job description, please refer to the link at the bottom of the advert on our careers site.
We are a Disability Confident (DC) employer that is committed to equality and inclusion ensuring our recruitment process is accessible to all. The DC schemes Offer of an Interview commitment applies to applicants who opt in, and disclose a disability or a long:term health condition, and best meet the minimum criteria for the role. In instances where interviewing all qualifying candidates is not practicable, we prioritise those who best meet the minimum criteria, as we would for applicants who do not have a disability or long:term health condition.
Please note, Cambridge University Press and Assessment is unable to sponsor this role under the Skilled Worker Visa route as it does not meet the minimum skill requirements.
Rewards and benefits
We will support you to be at your best in work and to live well outside of it. In addition to competitive salaries, we offer a world:class, flexible rewards package, featuring family:friendly and planet:friendly benefits including: 28 days annual leave plus ba