Outside IR35, £700 per day
Security Clearance required
Central London, hybrid working
6+ month contract.
A Cyber Security Assurance Lead, “a mini CISO” is sought to join a specialist End User Compute (EUC) IT services provider, leading the modernisation of secure digital workplaces with Zero Trust and next-gen security principles for high profile Central Government departments – hence the need for current SC clearance.
As Cyber Security Assurance Lead, you will drive end-to-end EUC security assurance for a transformational Machinery of Government, macOS Developer Device Solution.
Key accountabilities include:
* Leading security assurance and governance throughout the solution lifecycle. (architecture design, through build, deployment & operational support).
* Development and maintenance of risk management documentation (RMADS, SyOps, DPIAs, threat models, and continuous threat models).
* Ensure alignment with assurance frameworks (Government Security Classifications (GSC), NCSC guidance, Cabinet Office requirements, GDPR, ISO27001).
* Conduct threat and vulnerability assessments for macOS devices, MDM platforms, developer tooling, remote access, and cloud-native infrastructure.
* Drive secure-by-design practices, working with the security architects, engineering devops, and testing teams.
* Interface with stakeholders to gain necessary approvals and accreditation.
* Maintain assurance registers and contribute to programme-wide risk management & reporting.
We are seeking applications from candidates with a strong understanding of endpoint and device assurance, ideally with macOS and integration with MDM (ie Jamf, Intune, Workspace ONE) and :
* Professional certifications ie CISSP, CISM, CCSP, or ISO 27001 Lead Auditor
* Experience leading security assurance in central government, or similar high assurance environments.
* Deep understanding of security assurance frameworks, including NCSC Cloud Security principles, GDS Service Standards, and government accreditation processes.
* Hands-on experience producing RMADS, SyOps, DPIAs and equivalent artefacts.
* Security tooling for risk assessments, threat modelling & vulnerability scanning.
* Security Clearance
Other preferred skills include experience in DevSecOps or agile environments, knowledge of Zero Trust architecture, IAM and cloud native security practices.
Apply now to progress!