I

Information Security & Assurance Officer

Ipswich
1 hour ago
Full-time
On-site
Ipswich, Suffolk
£45,000 - £55,000 GBP yearly
Security
Our client are at the forefront of the Sizewell C nuclear power station development - one of the UK’s largest and most exciting infrastructure programmes.

They’re responsible for preparing the foundations of the entire site: designing and constructing cut‑off walls, retaining structures, soil improvements and more. Using advanced geotechnical engineering and world‑class construction technologies, this is a rare opportunity to contribute to a national project that will shape the UK’s clean‑energy future.

The Role

The Information Security & Assurance Officer is responsible for ensuring that business implements and maintains all mandatory information and cyber‑security controls required under the client Information Security Management Plan (ISMP), associated security documentation and governance agreements with parent companies.

The role provides assurance across corporate and project systems, oversees integration with client security operations, ensures subcontractor compliance, and leads the development and operation of a robust Information Security Management System (ISMS) aligned to ISO/IEC 27001. You will act as the central authority for information security governance, incident management and continuous improvement across the organisation.

What You'll Be Doing

* Governance & Compliance: Implement and enforce client ISMP requirements across GSA, including security assurance levels, export control, information classification and data‑handling rules. Maintain governance documentation, audit evidence and subcontractor security flow‑downs, and support client, partner and third‑party security reviews.

* Security Assurance & ISMS Ownership: Own and operate the ISMS, including policies, standards and procedures. Complete and manage required security and privacy assessments (e.g. TPSA, SRA, DPIA, ECIA), track remediation actions, review suppliers, and ensure alignment with UK GDPR, DPA 2018, NIS2 (where applicable) and sector‑specific standards.

* O365 & Technical Security Oversight: Provide assurance over O365 and core IT controls, including identity and access management, MFA, endpoint protection, logging, monitoring and baseline security configuration across office and operational locations.

* SOC Integration & Incident Management: Oversee security monitoring, log availability, alerting and incident response processes, ensuring effective integration with the client SOC and any managed security service providers. Lead or support incident response, root‑cause analysis and post‑incident reviews.

* Stakeholder Engagement & Awareness: Act as a trusted adviser to IT, project teams and business units, translating technical risk into clear business impact. Deliver security awareness initiatives, phishing simulations and ongoing engagement with suppliers, auditors, MSSPs and SOC partners.

* Continuous Improvement: Identify opportunities to optimise and automate security controls, contribute to the cyber‑security roadmap and maintain awareness of emerging threats, technologies and industry best practice.

You will promote company and client values and support a positive safety and security culture across all activities.

What We’re Looking For

Essential

* Demonstrable experience in information security assurance and technical cyber‑security operations within a UK organisation

* Strong working knowledge of ISO/IEC 27001, Cyber Essentials Plus, NIST CSF and UK GDPR / DPA 2018

* Hands‑on experience with modern security tooling, including Microsoft Defender, SIEM (e.g. Sentinel), EDR/XDR and vulnerability management tools

* Experience leading or supporting security incident response, root‑cause analysis and post‑incident reviews, including working with SOC teams (internal or MSSP)

* Ability to produce clear assurance reports, security documentation and executive‑level dashboards

* Strong stakeholder management skills, with the ability to translate technical risk into pragmatic business actions

Desirable

* Degree (or equivalent experience) in computer science, cyber security or a related discipline

* Familiarity with SANS Top 20 Critical Security Controls and UK Cyber Essentials requirements

* Experience operating in complex, regulated or safety‑critical environments

Why Join The Team

When you join the world’s largest specialist geotechnical contractor, you’re part of an international community of over 10,000 experts, based in 31 countries around the world. You’ll have the opportunity to contribute to prestigious, ground-breaking projects, using the very latest tools and technology to solve complex problems, constantly learn new skills and take your career in any direction.

As well as being part of a landmark project and working in a collaborative alliance environment, we offer:

* Discretionary annual bonus (based on personal/project performance)

* Salary Sacrifice Pension Scheme (min. 5% company contribution)

* Enhanced Sick Pay (after probation)

* Income Protection, Private Medical Insurance and Life Assurance

* Employee Assistance Programme

* 25-days annual leave + Bank Holidays per year (increasing with service)

* Option to purchase additional annual leave

* Paid annual professional memberships

* Volunteering days

* Professional growth and development