Meet the team: Sarah Waters

Information Security Governance Risk and Compliance Officer

29 August 2023
Sarah Waters

How long have you worked at the University and why did you choose to join?   

I’ve worked for the University for over 8 years now. I’d been doing a variety of things since getting my degree, I’d tried to stay in Kent but found that the jobs on offer were few and far between. When I finally decided to give up and return to my hometown of Oxford, I wasn’t really sure what I wanted to do. Anecdotally, I’d heard a lot of good things about the University of Oxford, and after working in the US for 6 months, the holiday entitlement was very alluring. But more seriously, I saw that the University was a place that would allow me to grow in a place that I love.  

How did you get to where you are today?  

A number of years ago, I would have said by chance or sheer luck! But Springboard helped me to see that I had a bit more agency than that. I’m someone who likes to keep busy, and in the process from time to time bite off more than I can chew but that’s served me well on the whole as I’ve got involved in things I never would have imagined. I had no clue what I wanted to do after graduating from university with a degree in Social Anthropology (like a lot of other people I think). I’d had some part-time administrative roles and when I returned to Oxford, I began applying for a whole bunch of things. Whilst temping with the Law Faculty, I was told about the Oxford Temporary Staffing Service (OTSS) and after signing up, I quickly had some options.  

My first University contract was as a part-time receptionist for IT Services through OTSS, but I was determined to get something more permanent and made that clear from the outset. My line manager at the time, Jo Wilby, was very supportive, and as well as giving me time to go to interviews, suggested a number of jobs to apply for within IT Services. She suggested that I apply for the Information Security Administrator role. I’d initially ruled it out because one of the desirable criteria was “an understanding of the principles of information security” now that I’ve sat on the other side of the desk – I can see how silly that was!  

Once I was in post, I felt like I was in the right place at the right time. The role was great because it meant that I had a good overview of what was going on within the team, and that I could get involved with all sorts of activities. Just through proof-reading, and minute making I started picking things up, and it snowballed. I’ve had some amazing managers who really saw the potential in me and trusted me with tasks that allowed to me learn and grow.  

As I learnt more, my work drifted further into the Governance, Risk and Compliance side of things. At some point, it hit me that I couldn’t put off making some real career decisions anymore but that I didn’t know what I wanted or how to start making a choice. Not having a trajectory of any sort was quite stressful and I was recommended Springboard. I highly recommend personal development courses and the timing couldn’t have been better for me. It was nice to be in a room with women who seemed just as confused as I was and as we went through the course, I saw that I could give myself more credit as to what I’d achieved so far. It was interesting to see that by the end, a lot of our cohort had made some pretty big decisions. As our time came to a close, I technically had a new job, as we’d updated my job description to accurately reflect my work creating the Junior Security Governance Risk and Compliance role.  

It took me a while to get the confidence and realise that I was ready to apply for the Security Governance Risk and Compliance Officer position. I’ve been in the role since March 2019. The administrative side of my role was becoming a bit of a comfort blanket, and I knew it was time to move onwards and upwards. It was good to start shedding those aspects and pass them on to new members of the team. Putting my CV together and preparing for an interview again was a good experience in itself. I could see on paper how far I’d come, I have some professional qualifications through courses I’d been on whilst here and I could even drop some of my pre-University experience. It was the first interview that I walked out of feeling that it was a good interview and that I’d really done the best I can do. I’ve come a long way and I’m starting to work out what’s next and how to get there.  

What does an average day entail, and what do you like the most about your job?   

What I love about my job is the variety, no one day is the same. (It also helps that I have some amazing supportive colleagues).  There are core services that the security, governance, risk and compliance team offer that everyone in the team gets involved in. These include supporting projects, third party security assessments, and 1 day a week, we’re on rota responding to queries. Providing pragmatic, practical and actionable advice is rewarding, enabling researchers to do world-class research and IT support staff to run secure systems. My focus these days is the Medical Sciences Division Information Governance Office and I’m continually amazed by the volume and breadth of the research going on within the Division. Helping navigate the NHS Data Security Protection Toolkit and other funding requirements can be difficult but it’s satisfying to be able to provide specific expertise. As well as the business as usual activities, we are continually looking to improve our processes and services and I’m usually involved in some way with anything to do with online training and third party security assessments.  I’m looking forward to working on some of the Information Security Programme work streams.  

If you weren’t working in your current role, what would you like to be doing?   

That’s a hard one - if I had to choose, I quite like the idea of being an event planner of some variety. I’m a people person, and while my desk is a mess, I love organisational tools, and am quite comfortable with some excel wizardry…There’s something satisfying in seeing something come into being from paper/screen into reality.  

What would you say to someone thinking about applying to work at the University?  

Go for it! I never would have imagined that after graduating with a degree in Social Anthropology that I’d be working in Information Security. Though I’m not the only one: I’ve had colleagues who started in marine biology, astrophysics and linguistics so it’s a field that attracts a wide variety of people. I guess my route hasn’t been typical, but the University has the structures in place to support this kind of development.   

Headshot of Sarah Waters

We're hiring!