Overview
Governance Risk and Compliance Analyst – University of Glasgow. Location: Glasgow. Salary grade 7, £41,064 - £46,049 per annum. Closing date: 23:45 8 October 2025. This role is full time and open ended.
Job Purpose
The Governance Risk and Compliance Analyst will provide analytical expertise to inform the Cyber Risk and Assurance Manager and the wider Information Security Team. The post holder will support the deployment and maturity of the Information Security Control Framework and provide analytical reporting to inform policy, governance, strategy and risk awareness. The role will be responsible for developing and maintaining a catalogue of risks and controls, processes and procedures across Information Services and will support responses to audit and University funding requests from an information security perspective. They will also support new and existing Information Security Resilience processes to ensure internal compliance.
Main Duties And Responsibilities
* Innovate and support the development of University Information Security Risk, Policies and Frameworks.
* Innovate to develop risk governance frameworks and influence key stakeholders to adopt them.
* Manage a catalogue of information security controls, risk registers, audit and action trackers and work with accountable stakeholders to ensure actions are followed through.
* Provide regular reporting updates suitable for senior stakeholders (extensive use of PowerPoint).
* Analyse data to determine risk status and provide summaries to inform the wider team and stakeholders (extensive use of Excel).
* Conduct regular data analysis of security monitoring systems, report on relationships between security controls, incidents and vulnerabilities to inform decision-making.
* Analyse legal documentation (such as university contracts), identify risk state and report findings to the team and relevant stakeholders.
* Coordinate Risk Management forums including setting up and managing meeting cadences (extensive use of Office 365).
* Partner with Information Security teams to provide holistic and accurate reporting on risk status.
* Partner with Information Services teams and broader University departments to improve Information Security Risks.
* Support the Risk and Assurance Manager on internal and external communications.
* Liaise with internal/external partners to ensure requirements are understood and tested.
* Support the growth and maturity of the Information Security team through procurement processes.
* Support all activities pertaining to Information Security Risk Governance & Compliance.
Knowledge / Qualifications
Essential
* A1 Scottish Credit and Qualification Framework level 9, 10, 11 (Degree, Postgraduate Qualification) or equivalent, including professional qualification in a relevant discipline, with broad experience in a management role OR ability to demonstrate the competencies to undertake the duties with suitable professional knowledge and management skills.
* A2 Knowledge of risk and legislative frameworks (e.g., GDPR) and ability to relate business needs to security protocols.
* A3 Knowledge of governance and assurance best practices.
* A4 Computer literate with up-to-date knowledge of Office 365.
* A5 Demonstrable working knowledge of information compliance issues/challenges.
Desirable
* B1 Accreditation in Risk and Governance or related disciplines.
* B2 Appreciation of technology areas including architecture and development.
* B3 Knowledge of information and cyber security concepts, processes and industry best practices.
* Knowledge of University structure, policies and procedures.
* Demonstrable experience with University IT systems (e.g., Ivanti).
Skills
Essentials
* C1 Attention to detail and accuracy.
* C2 Excellent interpersonal skills to communicate clearly with stakeholders and technical colleagues.
* C3 Ability to work independently and as part of a team.
* C4 Discretion and diplomacy.
* C5 Ability to prioritise and problem-solve under pressure and manage workload.
* C6 Numeracy.
* C7 Ability to exercise judgement and take initiative to resolve problems.
* C8 Ability to analyse data with risk awareness.
* C9 Track record of working within risk and governance frameworks and suggesting improvements.
* C10 Proficient in analytical software (including Excel) and presenting findings for management decisions.
* C11 Excellent communication skills to influence stakeholders in a risk, governance and compliance setting.
* C12 Produce clear assessments of security risks through analytics for non-technical audiences.
Experience
Essential
* E1 Experience of improving risk and governance processes.
* E2 Experience translating security risks into business improvement plans.
* E3 Experience in fast-paced diverse technology environments.
* E4 Experience making informed decisions under pressure balancing requirements with risk.
* E5 Experience maintaining a risk log.
* E6 Experience coordinating and influencing large and diverse groups of stakeholders.
* E7 Experience extracting critical information to inform risk through stakeholder engagement and information gathering.
* F8 Experience of using Power BI or other analytical tools (Tableau, Excel, Splunk, etc.) to inform senior management decisions.
Desirable
* F1 Experience in educational or public sector institutions.
* F2 Experience partnering with supplier and contract management.
* F3 Experience on large complex IT projects applying security principles.
* F4 Experience writing user stories/business requirements for both technical and non-technical audiences.
Terms and Conditions
Salary: Grade 7, £41,064 - £46,049 per annum. This post is full time and open-ended. Closing date: 8 October 2025 at 23:45. The University of Glasgow requires eligibility to work in the UK and may sponsor Skilled Worker visas where applicable. For more information, see gov.uk.
As a valued member of our team, you can expect a welcoming culture, generous leave, pension and benefits, and support for health and wellbeing. Equal opportunity and diversity statements apply; Athena SWAN is endorsed. For more information, visit the University’s careers site.
#J-18808-Ljbffr