Cloud Assurance Specialist
Division: Operations Department: Cyber and Operations Resilience (C&OR). Salary: National (£53,000-69,000) and London (£59,000-75,000). Role graded as Senior Associate – Regulatory.
Role responsibilities
* Oversee assurance activities for Microsoft Azure, evaluating security posture, architecture and control effectiveness across core cloud services.
* Provide cloud‑agnostic assurance oversight across AWS and key SaaS platforms (including Salesforce), ensuring consistent assessment standards regardless of technology stack.
* Act as a subject‑matter (SME) for platform security, offering guidance and challenge on security design, engineering decisions and control implementations.
* Deliver architectural security oversight across platform domains, identifying design weaknesses, control gaps and improvement opportunities early in the lifecycle.
* Reduce risk through pragmatic remediation, working with platform teams to prioritise issues, agree proportionate fixes and track actions through to closure.
* Promote sustained control maturity, assessing control performance over time and recommending enhancements to improve resilience and governance.
* Maintain independence from control ownership, providing objective assurance, effective second‑line challenge and credible risk‑based reporting.
* Collaborate across multiple platform teams and stakeholders within Cyber & Information Resilience (C&IR), aligning assurance outcomes to organisational risk appetite and resilience objectives.
Skills required
Minimum:
* Direct experience applying industry security best practices and frameworks such as NCSC, NIST, CIS and CSA across modern technology platforms, including cloud‑hosted and SaaS services (e.g., Azure, AWS, Salesforce) in a cloud‑agnostic manner.
* Demonstrated ability to translate complex security and technical risk issues for diverse audiences, including senior stakeholders, through clear written and verbal communication.
* Experience designing, operating or contributing to assurance processes, including the production and management of regular (e.g., monthly) risk and control reporting and conducting or contributing to comprehensive platform and cloud risk assessments with clear, risk‑based remediation recommendations.
Essential:
* Effective stakeholder management skills, with the ability to persuade and question platforms, engineering and delivery teams without direct control ownership.
* Demonstrable experience providing cloud and platform security architecture assurance, including assessing control design, implementation and effectiveness across multiple technology domains.
* Practical experience using Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) tools to identify misconfigurations, control gaps and systemic risk themes.
* Extensive experience carrying out platform and cloud risk assessments, from scoping through to reporting and remediation tracking.
* Experience defining, producing and maintaining security metrics, including Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to support senior level decision making.
* Experience assuring controls across endpoint, network, identity, logging and monitoring, vulnerability management or attack surface management domains.
* Exposure to secure software delivery / SSDLC assurance, including oversight of security controls embedded within delivery pipelines and/or experience working within a regulated, financial services or public sector environment.
Benefits
* 25 days annual leave plus bank holidays.
* Non‑contributory pension (8–12% depending on age) and life assurance at eight times your salary.
* Private healthcare with Bupa, income protection and 24/7 Employee Assistance.
* 35 hours paid volunteering annually.
* Hybrid model with a minimum of 40% office presence each month (expectation of 50% for senior leaders).
* A flexible benefits scheme designed around your lifestyle.
SC Clearance is required for this role (SC Guidance) – you will hold or will be required to obtain Security Check (SC) level vetting.
#J-18808-Ljbffr