Security Assurance Manager - SC/DV Cleared
Whitehall Resources are currently looking for a Security Assurance Manager - SC/DV Cleared.
This role will be inside of IR35, so you will be required to use an FCSA Accredited Umbrella Company.
Must not have been outside of the UK for more than 6 months in the last 5 years.
Key Requirements
* As an Information Security Assurance Manager (iSAM) within the CISO’s Information & Technology Security function, you will play a pivotal role in safeguarding information systems and services.
* You will lead on the coordination and execution of information assurance activities across the enterprise, supporting both business as‑usual services and strategic change initiatives.
* This is a technically and strategically vital role requiring strong engagement across security, IT, engineering, programme delivery, and external regulatory stakeholders.
* You will guide Information Asset Owners, delivery teams, and partners in embedding security and compliance throughout the information lifecycle, and ensure systems are aligned with contractual, legislative and customer‑driven assurance obligations (e.g. JSP 453, DefStan 05-138, NIST 800-171, ISO 27001).
Key Responsibilities
* Lead and coordinate security assurance activities for information systems and services across business units.
* Interpret and apply relevant standards (e.g. JSP 453, NIST SP 800-171/53, ISO 27001, Cyber Essentials Plus) in support of project and BAU service delivery.
* Prepare and maintain security documentation, including SyOps, IARs, and Risk Assessments, ensuring traceability to control frameworks and policies.
* Represent the Client in assurance engagements with assurance authorities, customers, auditors, and statutory bodies.
* Attend and proactively help facilitate Security Working Groups with Information Asset Owners, Contract Managers and other subject‑matter experts.
* Deliver risk‑based assessments of IT change, cloud adoption, and digital transformation activities, supporting proportionate decision‑making.
* Support risk owners in identifying, documenting, mitigating, and tracking information risks in line with corporate risk governance.
* Advise and support the consistent application of security policies, classification schemes, and asset protection requirements across systems.
* Act as a trusted advisor to Information Asset Owners and Business Leads on secure use of IT services and data handling obligations.
* Collaborate across the security community to promote standardisation of assurance practices and risk treatment approaches.
* Support bid, commercial and programme teams in identifying security‑related delivery risks, resourcing needs, and costing impacts.
* Maintain visibility of emerging risks, regulatory change, and customer expectations relevant to systems and data assets.
* Contribute to the development of enterprise assurance frameworks, assurance models, and system design standards.
* Champion a culture of secure by‑design, promoting transparency, proportionate assurance, and effective governance in all activities.
* Support the information security Senior Leadership Team with other existing and emerging security needs, as required.
Key Experience
* At least three years’ experience working in an information security assurance or related business roles, with a good understanding of commercial operations.
* Strong understanding of technical risk assessment methodologies.
* Strong interpersonal skills with the ability to communicate technical and non‑technical audiences.
* Experience of working with UK Government classification and/or assurance standards and secure system lifecycle principles.
* Comfortable working independently and managing competing priorities across multiple programmes and projects.
* High capability to work alone with self‑management of workloads with ability to work with both strategic and detail‑oriented approaches, with strong organisational and analytical skills.
* Ability to analyse complex systems and identify security and compliance implications, with the ability to demonstrate this either verbally or in writing.
* Ability to build effective relationships across the business and deal with complex issues.
* Practical understanding of common global security frameworks, data protection and trade controls legislation.
* Security certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CCP SIRA/Architect.
* Experience working with stakeholders, JSP 453, NIST SP 800-171, DefStan 05-138, or similar.
* Awareness of Data Protection Act 2018, GDPR, Export Controls (ITAR, UK ECO), and associated compliance regimes.
* Familiarity with Cloud security assurance (e.g. Azure, M365, FedRAMP).
#J-18808-Ljbffr