Salary: £12,000 - 13,000 per year Requirements: We require active DV clearance. We are looking for strong experience in Information Assurance, Cyber Security Assurance, or GRC. We need proven experience in risk management, POA&M remediation, and assurance governance. We need working knowledge of NIST RMF and NIST CSF. We expect knowledge of Secure by Design principles. Experience in defence assurance environments is highly desirable. We need someone who is comfortable working on-site in a secure facility. We need a clear communicator who can engage effectively with technical and senior stakeholders. Responsibilities: We support Secure by Design documentation uplift across prime and supplier environments. We validate security control compliance using CSF tracker maturity assessments. We identify, document, and articulate assurance gaps and observations. We conduct risk assessments for control deficiencies arising from ST&V failures and CSF maturity shortfalls. We create and maintain Risk Detail Records in line with JSP 892. We manage and track POA&Ms, ensuring clear ownership, timelines, and evidence-based closure. We support compliance activities aligned to Secure by Design, NIST RMF, and NIST CSF v2.0. We review and uplift system assurance documentation, including System Operating Procedures and Codes of Connection. We support cyber resilience and incident preparedness, including incident response playbooks, tabletop exercises, and post-exercise assurance capture. Technologies: Support JSP Security More: We are supporting a critical defence programme with a high-impact Information Assurance Engineer role focused on strengthening assurance capability across secure systems. This is a delivery-focused, on-site position working closely with Security Leads, system owners, and enterprise stakeholders to close assurance gaps, manage cyber risk, and ensure systems are secure, compliant, and accreditation-ready. We offer meaningful assurance work within a clear governance framework, alongside experienced security and delivery professionals, with a competitive inside-IR35 rate reflecting the DV-cleared, on-site nature of the role. last updated 22 week of 2026