Cyber Security Assurance Analyst - Permanent - Hybrid
We are working with a leader in zero-waste energy to appoint a Cyber Security Assurance Analyst to support their security assurance function across programmes, projects, and steady-state services.
You will provide assurance to senior leadership on the design and operating effectiveness of security controls. This role focuses on embedding security early, applying sound judgement, and enabling delivery in complex, safety-critical environments.
You will work closely with risk management, project managers, architects, business analysts, and support teams to identify, assess, and mitigate security risks while supporting secure and resilient operations.
Key responsibilities:
* Define security controls and functional and non-functional security requirements from the outset of projects
* Perform threat modelling and technical risk assessments, translating findings into actionable design recommendations
* Review architecture and design documentation to identify security control gaps and propose remediation or mitigation strategies
* Validate the implementation of security controls through penetration testing, vulnerability scanning, and configuration assessments
* Manage compliance checks and ensure secure-by-design principles are consistently applied
* Handle exceptions to security policy, developing risk treatment plans and proposing pragmatic mitigating controls, particularly for legacy systems or regulatory constraints
* Coordinate and prioritise incoming assurance requests within the security team, working proactively with minimal oversight
* Build strong working relationships with project managers, architects, and delivery teams to ensure security solutions are practical and business-aware
* Resolve issues pragmatically, avoiding unnecessary escalations by offering clear options and mitigation strategies
Qualifications:
* Proven experience in security assurance, ideally within Critical National Infrastructure (CNI)
* Strong understanding of the Cyber Assessment Framework (CAF), with experience working with regulators and providing compliance updates for OT environments
* Confident in performing threat modelling, technical risk assessments, and security validation activities
* Strong written and verbal communication skills, able to engage both technical and non-technical stakeholders
* Practical experience with recognised security frameworks and standards, including NCSC Security Principles, NIST Cybersecurity Framework, ISO 27001 / ISO 27005, IEC 62443
* Comfortable coordinating workloads and interfacing with project and delivery teams
* Balanced, pragmatic approach to compliance and risk, aligned to operational and business realities
Interviews will commence swiftly. Speak soon!
#J-18808-Ljbffr