About the Directorate
At IT&D, we are shaping the University of tomorrow by co-designing innovative ways of working, boosting productivity, reducing complexity, fostering innovation, and delivering actionable insights to drive ongoing improvement. As we embrace a digital future and evolve as a modern university, we work in close partnership with academic and Professional Services colleagues to deliver impactful digital services that empower the University to meet its strategic goals across teaching and research, both nationally and globally.
About the Department
The IT & Digital (ITD) department is central to the delivery of high-quality, secure, and responsive services that support the success of our staff and students. Our work is integral to creating outstanding learning experiences and supporting professional achievements across the University.
About the Team
Joining the Information Security team means becoming part of a growing function dedicated to enhancing governance, risk management, compliance, and operational security. We work closely with IT, Cyber Security teams, and business stakeholders to integrate practical and effective security controls across the institution. Our hybrid working model balances virtual collaboration with on-campus presence for enhanced engagement and teamwork.
About the Role
As a Governance, Risk, and Compliance Analyst, you will play a pivotal role in shaping, implementing, and refining operational security controls and processes within the University. You will bridge the gap between security strategies and day-to-day operations, ensuring that security policies, controls, and compliance activities are practical, effective, and meet regulatory and sector standards. Your contributions will strengthen the University’s overall security posture by influencing how security is integrated across systems, services, and suppliers.
Reporting to the Head of Information Security – Governance, Risk, and Compliance, you will collaborate closely with professionals from IT, Cyber Security, and business teams to ensure that security becomes an intrinsic part of all university activities.
Key Responsibilities
- Develop and maintain operational security architectures aligned with best practices, such as NCSC and UCISA.
- Ensure compliance with regulatory and legal requirements, including GDPR, the Data Protection Act, and PCI-DSS.
- Design and implement security processes across identity management, access control, vulnerability management, and incident response.
- Lead internal audits and support external assurance efforts, including Cyber Essentials certifications.
- Identify security control gaps and drive remediation plans with IT teams and key stakeholders.
- Create and maintain security policies, standards, and guidelines across the University.
- Perform risk assessments and maintain the University’s information security risk register.
- Oversee third-party assurance activities and manage supplier security risks.
- Investigate security incidents and uncover opportunities to enhance resilience and control measures.
- Deliver security-awareness training and cultivate a strong security-first culture across the institution.
- Provide expert security advice to projects, governance boards, and operational teams.
Key Skills
To excel in this role, you should demonstrate the following expertise:
- Solid hands-on experience in operational security, encompassing architecture design, compliance, and control development.
- Thorough knowledge of security frameworks such as NIST CSF, CIS Controls, and ISO 27001.
- Familiarity with security practices for both cloud-based and on-premises systems.
- Experience with audit processes, compliance initiatives, and risk assessment activities.
- Strong stakeholder engagement skills, with the ability to influence both technical and non-technical audiences effectively.
- Proficiency in simplifying complex security concepts and presenting them as actionable guidance.
- Professional certifications like CISSP, CISM, ISO 27001, CCSP, or CRISC, or equivalent expertise.
To explore this exciting opportunity further and discover the benefits of working with us, please review the JD and Candidate Pack (accessible via the ‘Apply’ button on the university website).
Assessment Process
To apply, please submit your CV and a detailed covering letter outlining your suitability via the application portal.
For any informal inquiries, contact Hannah Burling at [email protected].
Interviews are scheduled for w/c 20 July 2026.
If working with motivated colleagues to drive impactful change aligns with your ambitions, we encourage you to apply!
A Commitment to Inclusivity and Diversity
At Manchester Metropolitan University, we foster a culture of belonging, celebrating diversity and promoting equity. Our goal is to create a workforce with diverse perspectives and ideas, welcoming applications from local and international communities, including those from Black, Asian, and Minority Ethnic backgrounds, disabled individuals, and LGBTQ communities.
We support flexible working arrangements, including hybrid schedules, tailored hours, and accommodations to promote work-life balance. Should you need reasonable adjustments during the hiring process or within your role, we are committed to providing the support you need.
Our focus on inclusivity extends to programs such as mentoring opportunities, accessibility resources, and professional development pathways to empower and uplift underrepresented groups.
As a Disability Confident Leader, we strive to offer interviews to disabled applicants who meet the essential criteria outlined in the Job Description. We look forward to welcoming talented, diverse individuals who share our vision and values