Job Description

Assurance Directorate - Information Security

We are seeking a

GRC and Data Protection Technology Officer

to perform a critical role in ensuring the delivery and successful implementation of improvements to cyber security and data protection processes.

Location:

Central Oxford, onsite position

Salary:

39,424 - 47,779 per annum

Contract:

Full Time/ Fixed Term Contract (2 years)

About Us

Spanning the historic streets of the "city of dreaming spires," the University of Oxford has been ranked the world's leading university for nine consecutive years. A place where centuries of tradition meet world-changing innovation, we offer you the chance to shape the future while working in an inspiring environment that promotes excellence. Here, you'll contribute to ground-breaking research that tackles global challenges - from advancing sustainability to pioneering healthcare solutions - and join a diverse, inclusive community that champions your wellbeing, development, and aspirations. Apply now to become part of our extraordinary legacy.

The Assurance Directorate

Delivering professional risk, compliance, assurance, information compliance and information security services across the University

What We Offer

Working at the University of Oxford offers several exclusive benefits, such as:

38 days of annual leave (inclusive of public holidays) to support your wellbeing, with the option to purchase up to 10 extra days and additional leave after long service.

One of the most generous family leave schemes in UK higher education, offering up to 26 weeks of full-pay maternity and adoption leave, plus 12 weeks of full-pay paternity/partner leave.

A commitment to hybrid and flexible working to suit your lifestyle.

An excellent contributory pension scheme.

Affordable and sustainable commuting options, including a cycle loan scheme, discounted bus travel, and season ticket loans.

Access to a vibrant community through our social, cultural, and sports clubs.

About the Role

Lead the implementation, configuration and optimisation of the SureCloud GRC platform.

Serve as the University's functional expert and primary point of contact for GRC software.

Provide guidance on GRC processes such as risk registers, DPIAs, asset management and third-party assessments.

Analyse system performance, prepare reports, and present findings to governance committees.

Deliver training, coaching and mentoring on GRC tools and processes to staff across the University.

Maintain knowledge of legal frameworks, sector standards and University policies to ensure compliance.

Act as an ambassador for the effective use of GRC technology across departments.

About You

Experience working with SaaS platforms and understanding of how they operate.

Knowledge of Security GRC processes and previous experience implementing GRC tools.

Familiarity with UK data protection legislation and Data Protection Impact Assessments (DPIAs).

The ability to engage stakeholders and communicate complex technical information clearly.

An organised, proactive approach with the confidence to take ownership of implementation and support activities.

Desirable skills include

Experience with risk registers, ISO27001 controls, or third-party security assessments.

Understanding of records management, PCI-DSS, or the NHS Data Security and Protection Toolkit.

Experience working in a compliance or regulatory environment such as HE, public sector or charity settings.

Application Process

To apply, please upload:

A covering letter/supporting statement

Your CV

The details of two referees


The closing date for applications is 12 noon on 13th November

Interviews will take place in mid to late November, and will be held face-to-face