Position: CISO / Cyber Security Assurance Lead (EUC / MDM Focus), Hemel Hempstead
Client:
Refreshing Recruitment Ltd
Location:
Hemel Hempstead, United Kingdom
Job Category:
Other
EU work permit required:
Yes
Job Views:
2
Posted:
07.06.2025
Expiry Date:
22.07.2025
Job Description:
Security Clearance required. This role is based in Central London with hybrid working arrangements and is a 6+ month contract.
We are seeking a Cyber Security Assurance Lead, often referred to as a “mini CISO,” to join a specialist End User Compute (EUC) IT services provider. The role involves leading the modernisation of secure digital workplaces using Zero Trust and next-generation security principles for high-profile Central Government departments, hence the requirement for current SC clearance.
The successful candidate will drive end-to-end EUC security assurance for a transformational Machinery of Government project, focusing on macOS Developer Device Solutions.
Key responsibilities include:
1. Leading security assurance and governance throughout the solution lifecycle, from architecture design to build, deployment, and operational support.
2. Developing and maintaining risk management documentation such as RMADS, SyOps, DPIAs, threat models, and continuous threat assessments.
3. Ensuring compliance with assurance frameworks including Government Security Classifications (GSC), NCSC guidance, Cabinet Office requirements, GDPR, and ISO27001.
4. Conducting threat and vulnerability assessments for macOS devices, MDM platforms, developer tooling, remote access, and cloud-native infrastructure.
5. Promoting secure-by-design practices in collaboration with security architects, engineering, DevOps, and testing teams.
6. Engaging with stakeholders to obtain necessary approvals and accreditation.
7. Maintaining assurance registers and contributing to programme-wide risk management and reporting.
We welcome applications from candidates with a strong understanding of endpoint and device assurance, especially with macOS and MDM integration (e.g., Jamf, Intune, Workspace ONE). Candidates should also have:
* Professional certifications such as CISSP, CISM, CCSP, or ISO 27001 Lead Auditor.
* Experience leading security assurance in central government or similar high-assurance environments.
* Deep knowledge of security assurance frameworks, including NCSC Cloud Security principles, GDS Service Standards, and government accreditation processes.
* Hands-on experience producing RMADS, SyOps, DPIAs, and similar artefacts.
* Experience with security tooling for risk assessments, threat modeling, and vulnerability scanning.
* Active Security Clearance.
Preferred skills include experience in DevSecOps or agile environments, knowledge of Zero Trust architecture, IAM, and cloud-native security practices.
#J-18808-Ljbffr