CCL Global are currently recruiting for a Cyber Security Assurance Specialist to support high-profile, security-critical environments. This role will play a key part in strengthening security posture, ensuring compliance, and supporting assurance activities across complex digital and infrastructure systems.
Type of Contract: Contract (Inside IR35)
Location: Oxfordshire OX14 3DB (Hybrid working available)
Key Duties Will Include:
* Design and implement secure infrastructure and cloud architectures across enterprise environments.
* Conduct and support risk assessments, maintaining enterprise risk registers and ensuring alignment with industry methodologies.
* Lead or contribute to security assurance activities, including audits, reviews, and remediation planning.
* Apply and interpret security frameworks such as ISO 27001, NIST, CAF, Cyber Essentials, and GovAssure.
* Assess and secure platforms including Entra ID (Azure AD), Microsoft 365 E5, Azure IaaS/PaaS, and Windows/Linux/Unix systems.
* Utilise security tooling such as SIEM, EDR/XDR, and vulnerability management platforms to monitor and improve security posture.
* Develop and implement security policies, access control models (RBAC, ABAC), and logging standards.
* Support incident management, vulnerability assessments, and SOC-related activities.
* Contribute to secure software supply chain practices, including CI/CD security reviews.
* Interpret threat intelligence, CVEs, and CVSS scores to inform risk-based decision making.
* Collaborate with stakeholders across technical and non-technical teams, clearly articulating risks and solutions.
* Support government or regulatory assurance processes such as Secure by Design and GovAssure.
Requirements:
* Proven experience in cyber security assurance, secure architecture design, or related disciplines.
* Strong knowledge of risk assessment methodologies (ISO 31000, FAIR, OWASP risk rating).
* Hands-on experience with enterprise security frameworks including ISO 27001, NIST, CAF, and Cyber Essentials.
* Experience conducting security audits and implementing remediation strategies.
* Technical expertise across cloud and enterprise platforms (Azure, M365, operating systems).
* Familiarity with SIEM, SOC operations, endpoint detection, and vulnerability management tools.
* Knowledge of ITSM processes, change control, and governance frameworks.
* Experience with CI/CD security and software supply chain assurance.
* Understanding of OT/ICS/SCADA environments is highly desirable.
* Strong analytical, problem-solving, and organisational skills.
* Excellent communication skills, with the ability to engage senior stakeholders and produce high-quality reports.
* Degree in Cybersecurity, IT, or a related STEM field (or equivalent experience).
* Relevant certifications such as CISSP, CISM, CRISC, CCSP, SABSA, SANS GIAC, CCP, or SIRA are desirable.
* Experience working in regulated, government, or critical infrastructure environments is advantageous