About the job

The Head of Security Governance, Risk & Compliance (GRC) at Cambridge University Press & Assessment is a senior leadership position responsible for driving the organisation’s information security governance, risk management, and compliance strategy. Based in Cambridge with a hybrid working model requiring a minimum of two days in the office, this permanent role focuses on ensuring robust regulatory compliance, managing supplier assurance, and delivering a comprehensive Security Assurance Framework. The role involves maintaining ISO and Cyber Essentials certifications, implementing AI governance aligned with regulatory frameworks, and overseeing audits and security standards across all business units. Key responsibilities include developing and enforcing security policies, identifying new threats and mitigation strategies, leading regulatory audit coordination, and managing certifications like ISO 27001 and 42001. The successful candidate will also align attack surface management processes with risk objectives, collaborate with internal teams to foster a culture of security awareness, and provide assurance reporting to the Senior Leadership Team. The ideal candidate should have a minimum of three years of experience in a senior GRC role, expertise in managing an ISMS, in-depth knowledge of ISO 27001 and ISO 27005, experience in internal and third-party security auditing, and active certifications such as CRISC or ISO 27005 Risk Manager. Additional desirable qualifications include ISO Lead Auditor or Implementer credentials. Excellent stakeholder engagement, team leadership, and strategic communication skills are essential. The role comes with a competitive salary between £70,400 and £94,100, plus a comprehensive benefits package including 28 days of annual leave, private medical and permanent health insurance, pension contributions, and more. Cambridge University Press & Assessment is an approved UK Skilled Worker visa sponsor and encourages applicants from diverse backgrounds, offering flexible work arrangements and an inclusive workplace culture committed to continuous learning, belonging, and innovation.