IR35 Status: In Scope
Security Clearance: Active SC (or lapsed within last 24 months) – mandatory
About the Role
We are seeking an experienced Cyber Security Assurance Specialist to support a high‑profile programme focused on advancing sustainable energy solutions. This role operates within a complex, hybrid technology environment spanning enterprise IT, Operational Technology (OT), and research platforms.
You will play a key role in strengthening cyber security posture across the organisation, combining hands‑on technical expertise with strategic advisory input. The focus will be on security assurance, risk management, and embedding secure‑by‑design principles across infrastructure, cloud, and application landscapes.
Key Responsibilities
Conduct technical risk assessments across IT, OT, and cloud environments.
Provide secure design guidance for infrastructure, cloud, and application projects.
Maintain and update enterprise security risk registers.
Lead security assurance reviews aligned to frameworks such as GovAssure, CAF, and ISO 27001.
Evaluate architectural risks associated with key technical changes.
Support vulnerability management and remediation planning.
Embed risk‑aligned security controls across platforms and services.
Develop and maintain security standards, templates, and documentation.
Support internal and external audits, including compliance evidence gathering.
Contribute to Zero Trust architecture initiatives.
Assess third‑party suppliers against defined security criteria.
Deliver knowledge‑sharing sessions to technical teams.
Represent Cyber Security within design and architecture governance forums.
Qualifications
* Proven experience designing and implementing secure cloud or infrastructure architectures.
* Strong background in cyber risk assessment and enterprise risk management.
* Familiarity with risk methodologies (e.g. ISO 31000, FAIR, OWASP risk rating).
* Solid understanding of security frameworks, including GovAssure, Cyber Assessment Framework (CAF), ISO 27001, and NIST.
* Experience supporting audits and driving remediation activities.
* Hands‑on experience securing platforms such as Microsoft 365 E5.
* Knowledge of security tooling (SIEM, EDR/XDR, vulnerability management platforms).
* Experience with access control models (RBAC, ABAC) and logging standards.
* Understanding of incident management, threat intelligence, CVEs, and CVSS scoring.
* Familiarity with ITSM processes and change control.
* Experience with secure software supply chain and CI/CD security.
* Strong stakeholder engagement and communication skills.
Desirable Skills & Qualifications
* Degree in Cyber Security, IT, or related STEM discipline.
* Industry certifications such as CISSP, CISM, CRISC, CCSP, SABSA, GIAC, CCP, or SIRA.
* Experience in government, regulated, or critical infrastructure environments.
* Knowledge of OT / ICs / SCADA security.
#J-18808-Ljbffr