Cyber Security Assurance Specialist
Location: Culham, Oxfordshire (2–3 days onsite per week)
Contract Length: Until 18 December 2026
Rate: £55 per hour (Umbrella)
IR35 Status: In Scope
Security Clearance: Active SC (or lapsed within last 24 months) – mandatory
CV Deadline: Tuesday 28th at 12:00
About the Role
We are seeking an experienced Cyber Security Assurance Specialist to support a high-profile programme focused on advancing sustainable energy solutions. This role operates within a complex, hybrid technology environment spanning enterprise IT, Operational Technology (OT), and research platforms.
You will play a key role in strengthening cyber security posture across the organisation, combining hands-on technical expertise with strategic advisory input. The focus will be on security assurance, risk management, and embedding secure-by-design principles across infrastructure, cloud, and application landscapes.
Key Responsibilities
Conduct technical risk assessments across IT, OT, and cloud environments
Provide secure design guidance for infrastructure, cloud, and application projects
Maintain and update enterprise security risk registers
Lead security assurance reviews aligned to frameworks such as GovAssure, CAF, and ISO 27001
Evaluate architectural risks associated with key technical changes
Support vulnerability management and remediation planning
Embed risk-aligned security controls across platforms and services
Develop and maintain security standards, templates, and documentation
Support internal and external audits, including compliance evidence gathering
Contribute to Zero Trust architecture initiatives
Assess third-party suppliers against defined security criteria
Deliver knowledge-sharing sessions to technical teams
Represent Cyber Security within design and architecture governance forums
Essential Skills & Experience
* Proven experience designing and implementing secure cloud or infrastructure architectures
* Strong background in cyber risk assessment and enterprise risk management
* Familiarity with risk methodologies (e.g. ISO 31000, FAIR, OWASP risk rating)
* Solid understanding of security frameworks, including:
* GovAssure
* Cyber Assessment Framework (CAF)
* ISO 27001
* Cyber Essentials / CE+
* NIST
* Experience supporting audits and driving remediation activities
* Hands-on experience securing platforms such as:
* Microsoft Entra ID (Azure AD)
* Microsoft 365 E5
* Azure IaaS/PaaS
* Windows, Linux, Unix environments
* Knowledge of security tooling (SIEM, EDR/XDR, vulnerability management platforms)
* Experience with access control models (RBAC, ABAC) and logging standards
* Understanding of incident management, threat intelligence, CVEs, and CVSS scoring
* Familiarity with ITSM processes and change control
* Experience with secure software supply chain and CI/CD security
* Strong stakeholder engagement and communication skills
Desirable Skills & Qualifications
* Degree in Cyber Security, IT, or related STEM discipline
* Industry certifications such as CISSP, CISM, CRISC, CCSP, SABSA, GIAC, CCP, or SIRA
* Experience in government, regulated, or critical infrastructure environments
* Knowledge of OT / ICS / SCADA security
Additional Information
No flexibility on pay rate or security clearance requirements
Maximum of 2 CVs per supplier
Role may close early with minimal notice if sufficient applications are received
Interview process conducted via MS Teams or face-to-face
:quality(80))
:quality(80))
:quality(80))