Cyber Security Assurance Specialist

Cyber Security Assurance Specialist

Location: Culham, Oxfordshire (2–3 days onsite per week)
Contract Length: Until 18 December 2026
Rate: £55 per hour (Umbrella)
IR35 Status: In Scope
Security Clearance: Active SC (or lapsed within last 24 months) – mandatory
CV Deadline: Tuesday 28th at 12:00

About the Role

We are seeking an experienced Cyber Security Assurance Specialist to support a high-profile programme focused on advancing sustainable energy solutions. This role operates within a complex, hybrid technology environment spanning enterprise IT, Operational Technology (OT), and research platforms.

You will play a key role in strengthening cyber security posture across the organisation, combining hands-on technical expertise with strategic advisory input. The focus will be on security assurance, risk management, and embedding secure-by-design principles across infrastructure, cloud, and application landscapes.

Key Responsibilities

Conduct technical risk assessments across IT, OT, and cloud environments

Provide secure design guidance for infrastructure, cloud, and application projects

Maintain and update enterprise security risk registers

Lead security assurance reviews aligned to frameworks such as GovAssure, CAF, and ISO 27001

Evaluate architectural risks associated with key technical changes

Support vulnerability management and remediation planning

Embed risk-aligned security controls across platforms and services

Develop and maintain security standards, templates, and documentation

Support internal and external audits, including compliance evidence gathering

Contribute to Zero Trust architecture initiatives

Assess third-party suppliers against defined security criteria

Deliver knowledge-sharing sessions to technical teams

Represent Cyber Security within design and architecture governance forums

Essential Skills & Experience

* Proven experience designing and implementing secure cloud or infrastructure architectures

* Strong background in cyber risk assessment and enterprise risk management

* Familiarity with risk methodologies (e.g. ISO 31000, FAIR, OWASP risk rating)

* Solid understanding of security frameworks, including:

* GovAssure

* Cyber Assessment Framework (CAF)

* ISO 27001

* Cyber Essentials / CE+

* NIST

* Experience supporting audits and driving remediation activities

* Hands-on experience securing platforms such as:

* Microsoft Entra ID (Azure AD)

* Microsoft 365 E5

* Azure IaaS/PaaS

* Windows, Linux, Unix environments

* Knowledge of security tooling (SIEM, EDR/XDR, vulnerability management platforms)

* Experience with access control models (RBAC, ABAC) and logging standards

* Understanding of incident management, threat intelligence, CVEs, and CVSS scoring

* Familiarity with ITSM processes and change control

* Experience with secure software supply chain and CI/CD security

* Strong stakeholder engagement and communication skills

Desirable Skills & Qualifications

* Degree in Cyber Security, IT, or related STEM discipline

* Industry certifications such as CISSP, CISM, CRISC, CCSP, SABSA, GIAC, CCP, or SIRA

* Experience in government, regulated, or critical infrastructure environments

* Knowledge of OT / ICS / SCADA security

Additional Information

No flexibility on pay rate or security clearance requirements

Maximum of 2 CVs per supplier

Role may close early with minimal notice if sufficient applications are received

Interview process conducted via MS Teams or face-to-face