Governance, Risk & Compliance Analyst - (9029)

About the Directorate 

As IT&D, we help to create the University of the future by co-designing new ways of working, enhancing productivity, reducing complexity, supporting innovation, and providing the insights to drive continual improvement. Embracing a digital future in an evolving modern university, you will be working in partnership with our academic and Professional Services colleagues to deliver digital services that help the University achieve its strategic objectives in teaching and research, nationally & globally. 

About the Department 

IT & Digital (ITD) plays a central role in delivering high‑quality, responsive, and secure services that support our staff and students. Our work directly shapes the learning and professional experience across the University.  

About the Team 

As part of the Information Security team, you will join a growing function focused on strengthening governance, risk, compliance, and operational security across the University. The team works closely with IT, Cyber Security, and business stakeholders to embed practical, effective security controls. We operate a hybrid working model, with time on campus to support collaboration and engagement.

About the Role 

As a Governance, Risk and Compliance Analyst, you will play a key role in designing, embedding, and continuously improving the University's operational security controls and processes.

You will act as a bridge between security strategy and day-to-day operations, ensuring that security policies, controls, and compliance activities are practical, effective, and aligned to regulatory and sector expectations. You will influence how security is implemented across systems, services, and suppliers, helping to strengthen the University's overall security posture.

You will report to the Head of Information Security – Governance, Risk and Compliance and work closely with colleagues across IT, Cyber Security, and business areas to ensure security is embedded into everything we do

Key responsibilities include: 

• Develop and maintain operational security architectures aligned to best practice (e.g. NCSC, UCISA)
• Ensure compliance with regulatory and legal requirements (e.g. GDPR, Data Protection Act, PCI-DSS)
• Design and implement security processes across identity, access control, vulnerability management, and incident response
• Lead internal audits and support external assurance activities (e.g. Cyber Essentials)
• Identify control weaknesses and drive remediation with IT and stakeholders
• Develop and maintain security policies, standards, and guidance across the organisation
• Conduct risk assessments and maintain the information security risk register
• Support third-party assurance and supplier security risk management
• Investigate incidents and identify opportunities to improve controls and resilience
• Deliver security awareness training and promote a strong security culture
• Provide expert advice to projects, governance forums, and operational teams on security matters

Key Skills  

You will need to demonstrate how you can meet the key skills required for this role: 

• Strong operational security experience across architecture, compliance, and control design
• Excellent understanding of security frameworks (e.g. NIST CSF, CIS Controls, ISO 27001)
• Knowledge of cloud and on-premises security controls and architectures
• Experience of audit, compliance, and risk assessment activities
• Strong stakeholder engagement skills, able to influence both technical and non-technical audiences
• Ability to translate complex security concepts into clear, practical guidance
• Professional security certification (e.g. CISSP, CISM, ISO 27001, CCSP, CRISC) or equivalent experience 

To learn more about this exciting opportunity and benefits we offer, please read the JD and Candidate Pack provided below. 

Assessment Process: 

• To apply, please submit a CV and covering letter detailing your suitability, on the application portal. 
• For informal enquiries, about this vacancy, please contact Hannah Burling on h.burling@mmu.ac.uk 
• Interviews will take place w/c  20 July 2026 

If you would like to join our people and share our ambition, we would love to hear from you! 

Manchester Metropolitan University fosters an inclusive culture of belonging that promotes equity and celebrates diversity. We value a diverse workforce for the innovation and diversity of thought it brings and welcome applications from local and international communities, including those from Black, Asian, and Minority Ethnic backgrounds, disabled people, and LGBTQ+ individuals. 

We support a range of flexible working arrangements, including hybrid and tailored schedules, which can be discussed with your line manager. If you require reasonable adjustments during the recruitment process or in your role, please let us know so we can provide appropriate support. 

Our commitment to inclusivity includes mentoring programmes, accessibility resources, and professional development opportunities to empower and support underrepresented groups. 

Manchester Met is a Disability Confident Leader and, under this scheme, aims to offer an interview to disabled people who apply for the role and meet the essential criteria as listed in the attached Job Description for that vacancy.