We’re Civica, and we create software that helps deliver critical services for citizens all around the world. From local government, to education, health, and care, over 5,000 public bodies across the globe use our software to provide essential services to over 100 million citizens.
Our aspiration is to be a GovTech champion everywhere we work, supporting the needs of citizens and those who serve them every day. Building on 21 years of continuous growth and success, we're at a pivotal point in our journey to realise that aspiration.
Why you will love this opportunity as Cyber Assurance Specialist at Civica
The Cyber Assurance Specialist plays a vital role in safeguarding the organisation’s reputation and customer trust by ensuring robust cyber governance, compliance, and the continuous improvement of security practices. This position enables secure business growth and supports the organisation’s digital transformation.
The Cyber Assurance Specialist supports the organisation’s cyber assurance and governance activities by maintaining key documentation, assisting with audits and due diligence, and contributing to awareness and training initiatives. The role is pivotal in ensuring the organisation’s security posture remains transparent, compliant, and continuously improving.
What you will do to be successful in this role
Key Responsibilities:
Documentation & Knowledge Management
* Curate and maintain internal knowledge bases and external Trust Centre articles.
* Ensure content is accurate, accessible, and aligned with current cyber policies and standards.
* Collaborate with subject matter experts to update documentation in response to regulatory or operational changes.
Policy, Risk & Governance Support
* Assist in the development, review, and maintenance of cyber security policies and procedures.
* Support the Head of Cyber Governance in maintaining and improving ISO 27001 controls and other compliance frameworks (e.g., NIST, CIS).
* Support risk identification, assessment, and reporting, collaborating with risk owners and business units.
Audit & Assurance Activities
* Prepare and coordinate evidence for internal and external audits.
* Conduct assurance activities against ISO 27001 and other relevant standards.
* Maintain audit trails and track remediation of findings.
* Proactively suggest improvements to controls and processes based on lessons learnt.
Customer & Supply Chain Due Diligence
* Respond to customer security questionnaires and due diligence requests.
* Support supply chain assurance activities, including supplier risk assessments and documentation.
* Maintain a repository of standard responses and evidence for reuse.
Cyber Awareness & Training
* Assist in the development and rollout of security training materials for staff.
* Support the planning and execution of phishing simulations and cyber awareness campaigns.
* Track engagement and effectiveness of awareness initiatives through metrics and reporting.
Incident Response Support
* Assist with incident response documentation and post-incident reviews.
SharePoint & Information Management
* Develop and Maintain Cyber SharePoint sites to ensure content is current and well-organised.
* Ensure documentation is version-controlled and accessible to relevant stakeholders.
Tooling & Automation
* Support the adoption and optimisation of GRC/assurance tooling (e.g., Microsoft Purview, OneTrust).
Continuous Improvement
* Proactively identify and recommend improvements to controls, processes, and training.
Stakeholder Engagement
* Build strong relationships with stakeholders across the business, IT, and external partners to ensure alignment and effective communication.
Requirements
* Knowledge & Application: Extensive knowledge of cyber security governance, risk management, and compliance principles, practices, and technologies (ISO 27001, NIST, CIS, GDPR).
* Complexity & Problem Solving: Strong analytical and problem-solving skills to address complex security challenges and incidents.
* Collaboration & Interaction: Excellent communication and interpersonal skills to collaborate effectively with various departments and senior leadership.
* Technical Breadth: Awareness of cloud security principles and controls.
* Strong written communication skills, with experience in technical writing or documentation.
* Working knowledge of ISO 27001 and other cyber security standards.
* Experience supporting audits or compliance activities.
* Familiarity with SharePoint or similar content/document management platforms.
* Ability to manage multiple tasks and prioritise effectively.
* Experience in a cyber assurance, governance, or compliance role.
* Understanding of data protection regulations (e.g., GDPR).
* Experience with phishing simulation platforms and awareness tools.
* Knowledge of risk management and supplier assurance processes.
* Experience in Microsoft Purview, UpGuard, or similar tools.
* Basic scripting or automation skills (desirable).
Experience:
* Minimum three years’ experience in cyber security, with at least two years in a GRC consultancy or assurance role.
* Certifications (Desirable): CompTIA Security+, SSCP, CISA, ISO 27001 Lead Implementer/Auditor, or similar.
* Sector Experience (Desirable): Experience in regulated sectors (public sector, health, finance) is a plus.
We Want You to Bring Your Whole Self to Work
There is no such thing as the perfect candidate, so if you think you have what it takes but don't necessarily meet every single point on the list above, please still get in touch. We'd love to have a chat and see if you could be a great fit.
Why You'll Love Working with Us
As a company, we're passionate about what we do and the citizens we serve. If you, too, want to champion the use of technology in public services to improve outcomes for citizens and public sector organizations, then Civica is the right place for you. We will help you unlock the best version of yourself, achieve career growth, and make a real difference to people and communities.
We know that when our people are happy, they work better and have greater job satisfaction. Here's what you can expect:
Benefits
Time Off & Work-Life Balance
✔ 25 Days Annual Leave + bank holidays – plus the option to buy up to 10 extra days!
✔ Days of Difference – Up to 3 extra days off for volunteering.
Financial Well-being & Security
✔ Pension Contributions – 5% employer match to support your future.
✔ Income Protection – Up to 75% salary cover for long-term illness.
✔ Life Assurance – 4x salary tax-free lump sum.
✔ Critical Illness Cover – £25,000 lump sum (extendable to dependents).
Health & Perks
✔ Private Medical Insurance – Fast access to private healthcare.
✔ Health Cash Plan – Claim back physio, therapies & more.
✔ Dental Insurance – Cover for routine & emergency care.
✔ Affinity Groups – Join employee-led communities.
✔ Bounty Bonus – Refer a friend & get rewarded.
At Civica, we are committed to building an inclusive and diverse workplace where everyone feels valued and supported. We believe that a variety of perspectives drives innovation and excellence, and we welcome applicants from all backgrounds, cultures, and experiences.
We are an equal opportunity employer. We do not discriminate based on race, ethnicity, religion, gender, sexual orientation, disability, age, or any other legally protected characteristic. Our recruitment process is designed to ensure fairness and transparency, so every candidate has an equal chance to contribute to our mission.
If you need any adjustments or accommodations to participate in our recruitment process, please let us know. We are here to support you.