Information Security Technical Assurance Lead

Job Title: Cyber Security Assurance Specialist (Application Security)
Client: Urenco
Rate: £700 per day
Location: Hybrid – Minimum 2 days per week in Paddington, London
Clearance: Active SC Clearance required

About the Client

Urenco is a world leader in the enrichment of uranium for use in the civil nuclear industry. Operating across the United Kingdom, United States, Netherlands, and Germany, Urenco plays a critical role in enabling the safe, sustainable use of nuclear technology worldwide.

The Group CISO function is responsible for continuously developing and enhancing Urenco’s cyber security portfolio to protect the organisation, its customers, and the public. The CISO team is structured across three core areas:

Governance, Risk & Compliance (GRC)
Operational Technology (OT) Cyber & Cyber Assurance
Threat Defence
This opportunity sits within the Cyber Assurance Team, reporting directly to the Head of Cyber Security Assurance.

Role Overview

We are seeking an experienced Cyber Security Assurance Specialist with a strong focus on application security across both on-premises and cloud environments.

You will play a key role in improving cyber security maturity across the organisation by providing assurance over security designs, assessing risk, and developing application security standards and policies. The role requires close collaboration with IT, Information Security, and business stakeholders, translating business requirements into secure, practical solutions.

This is a highly visible position requiring strong communication skills, sound business judgement, and the ability to operate effectively in agile delivery environments.

Key Responsibilities

1. Security Design & Solution Assurance

Review and assure technical designs against security policies and standards
Identify security design gaps and recommend appropriate control improvements
Author and review high-quality security documentation
Provide security oversight for both on-premises and cloud-based solutions
Act as a trusted advisor and security advocate across the business
Communicate effectively with stakeholders to embed secure-by-design principles

2. Security Risk Assessment & Control Assurance

Produce formal security risk assessments in collaboration with GRC, architects, and IT teams
Define and agree risk mitigations and compensating controls
Assure implementation and effectiveness of technical controls
Translate business strategy into secure architecture guidance
Conduct supplier assurance across on-premises, cloud, and hybrid services

3. Security Standards, Policies & Governance

Develop and maintain application security policies, standards, and guidelines
Align security frameworks with broader business strategy
Track emerging security practices and ensure standards remain current
Support the continuous improvement of cyber security maturity

Essential Experience

Minimum 5 years’ experience in Information Security Assurance with a focus on application security
Experience working in a global organisation
Strong knowledge of regulatory compliance and security frameworks such as:

ISO 27000 series
NIST SP 800 series
NIST Cyber Security Framework

Experience in:

Secure application design and review
Cloud security assurance
Penetration testing and vulnerability management
Supplier security assurance

Desirable Experience

Knowledge of nuclear industry regulations across the UK, US, Netherlands, and Germany
Understanding of government information classifications
Experience in OT security environments

Technical Knowledge

Strong understanding of security controls across multiple asset types including data, networks, devices, and users, covering:

Software Asset Inventory & Control
Data Protection
Secure Configuration Management
Continuous Vulnerability Management
Audit Log Management
Malware Defences
Disaster Recovery
Service Provider Security Management
Application Security & Penetration Testing

Qualifications & Certifications

Degree (BS/MS) in Computer Science, Information Security, or equivalent experience
Relevant certifications such as:

CISSP
CISA
CSSLP
OWASP ASVS / OWASP Top 10
GIAC (GWAPT, GCSA)
CASE
Certified DevSecOps Professional

Key Competencies

Strong business acumen with ability to align security to organisational objectives
Adaptable and responsive to changing risk landscapes
Excellent written and verbal communication skills
Strong analytical and decision-making capability
Team-oriented with experience working across diverse stakeholders
Self-motivated with a sense of urgency and delivery focus
Organised and able to manage multiple priorities

Additional Information

Hybrid working model – minimum 2 days per week onsite in Paddington
Occasional travel may be required
Active SC clearance is mandatory