Audit and Risk Recruitment is currently seeking a high-calibre Cyber Security Assurance Specialist for a high-profile scientific and research organisation. This role is critical in securing a hybrid digital estate that spans enterprise IT, Cloud, and high-impact Operational Technology (OT).
The Mission
In this cross-functional role, you will act as a bridge between technical architecture and risk governance. You will provide the subject matter expertise required to embed \"Secure-by-Design\" principles across large-scale infrastructure and research platforms, ensuring the client’s posture meets rigorous government and industry standards.
Key Responsibilities
* Technical Assurance: Conduct internal reviews aligned to GovAssure, CAF, and ISO 27001 domains.
* Risk Management: Perform technical risk assessments on IT/OT/Cloud systems and maintain the quarterly security risk register.
* Architecture Advisory: Review critical technical changes (network reconfig, app onboarding) and provide secure design guidance.
* Framework Alignment: Maintain control traceability against NIST, Cyber Essentials+, and NCSC guidelines.
* Security Standards: Develop secure configuration guidance for platforms including Entra ID, Azure, and M365.
Technical Requirements
* Risk Frameworks: Proven experience with GovAssure, CAF, ISO 27001, and NIST.
* Cloud & Infrastructure: Deep proficiency in securing Microsoft 365 E5, Entra ID (Azure AD), and Azure IaaS/PaaS.
* Security Tooling: Hands-on experience with SIEM, EDR/XDR, and vulnerability management platforms.
* Supply Chain: Experience reviewing secure software supply chains and CI/CD security.
* Methodologies: Working knowledge of ISO 31000, FAIR, or OWASP risk rating.
Qualifications (Highly Desirable)
* Security Assurance certifications (e.g., CCP, SIRA).
* Industry-standard certs: CISSP, CISM, CRISC, CCSP, or SABSA.
* Experience within regulated government, energy, or national infrastructure environments.
Interested in securing the future of scientific innovation?
If you have the technical depth and the communication skills to articulate risk to senior stakeholders, we want to hear from you.