Information Security Technical Assurance Lead

London
1 day ago
Create job alert

Job Title: Cyber Security Assurance Specialist (Application Security)
Client: Urenco
Rate: £700 per day
Location: Hybrid – Minimum 2 days per week in Paddington, London
Clearance: Active SC Clearance required

About the Client

Urenco is a world leader in the enrichment of uranium for use in the civil nuclear industry. Operating across the United Kingdom, United States, Netherlands, and Germany, Urenco plays a critical role in enabling the safe, sustainable use of nuclear technology worldwide.

The Group CISO function is responsible for continuously developing and enhancing Urenco’s cyber security portfolio to protect the organisation, its customers, and the public. The CISO team is structured across three core areas:

Governance, Risk & Compliance (GRC)
Operational Technology (OT) Cyber & Cyber Assurance
Threat Defence
This opportunity sits within the Cyber Assurance Team, reporting directly to the Head of Cyber Security Assurance.

Role Overview

We are seeking an experienced Cyber Security Assurance Specialist with a strong focus on application security across both on-premises and cloud environments.

You will play a key role in improving cyber security maturity across the organisation by providing assurance over security designs, assessing risk, and developing application security standards and policies. The role requires close collaboration with IT, Information Security, and business stakeholders, translating business requirements into secure, practical solutions.

This is a highly visible position requiring strong communication skills, sound business judgement, and the ability to operate effectively in agile delivery environments.

Key Responsibilities

  1. Security Design & Solution Assurance

    Review and assure technical designs against security policies and standards
    Identify security design gaps and recommend appropriate control improvements
    Author and review high-quality security documentation
    Provide security oversight for both on-premises and cloud-based solutions
    Act as a trusted advisor and security advocate across the business
    Communicate effectively with stakeholders to embed secure-by-design principles

  2. Security Risk Assessment & Control Assurance

    Produce formal security risk assessments in collaboration with GRC, architects, and IT teams
    Define and agree risk mitigations and compensating controls
    Assure implementation and effectiveness of technical controls
    Translate business strategy into secure architecture guidance
    Conduct supplier assurance across on-premises, cloud, and hybrid services

  3. Security Standards, Policies & Governance

    Develop and maintain application security policies, standards, and guidelines
    Align security frameworks with broader business strategy
    Track emerging security practices and ensure standards remain current
    Support the continuous improvement of cyber security maturity

    Essential Experience

    Minimum 5 years’ experience in Information Security Assurance with a focus on application security
    Experience working in a global organisation
    Strong knowledge of regulatory compliance and security frameworks such as:

    ISO 27000 series
    NIST SP 800 series
    NIST Cyber Security Framework

    Experience in:

    Secure application design and review
    Cloud security assurance
    Penetration testing and vulnerability management
    Supplier security assurance

    Desirable Experience

    Knowledge of nuclear industry regulations across the UK, US, Netherlands, and Germany
    Understanding of government information classifications
    Experience in OT security environments

    Technical Knowledge

    Strong understanding of security controls across multiple asset types including data, networks, devices, and users, covering:

    Software Asset Inventory & Control
    Data Protection
    Secure Configuration Management
    Continuous Vulnerability Management
    Audit Log Management
    Malware Defences
    Disaster Recovery
    Service Provider Security Management
    Application Security & Penetration Testing

    Qualifications & Certifications

    Degree (BS/MS) in Computer Science, Information Security, or equivalent experience
    Relevant certifications such as:

    CISSP
    CISA
    CSSLP
    OWASP ASVS / OWASP Top 10
    GIAC (GWAPT, GCSA)
    CASE
    Certified DevSecOps Professional

    Key Competencies

    Strong business acumen with ability to align security to organisational objectives
    Adaptable and responsive to changing risk landscapes
    Excellent written and verbal communication skills
    Strong analytical and decision-making capability
    Team-oriented with experience working across diverse stakeholders
    Self-motivated with a sense of urgency and delivery focus
    Organised and able to manage multiple priorities

    Additional Information

    Hybrid working model – minimum 2 days per week onsite in Paddington
    Occasional travel may be required
    Active SC clearance is mandatory

Related Jobs

View all jobs

Security Assurance Contractor

Information Security Programme Director

Cyber Security Consultants - DV Cleared

Senior or Principal Security Consultant (Risk Management)

Operational Technology Risk Manager

Information Security Assurance Analyst

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Careers

How Many Cyber Security Tools Do You Need to Know to Get a Cyber Security Job?

If you are trying to build or move forward in a cyber security career, it can feel like the list of tools you are expected to know never ends. One job advert asks for SIEM platforms, another mentions penetration testing tools, another lists cloud security, threat intelligence platforms, endpoint detection, scripting languages and compliance frameworks. Scroll LinkedIn and it gets worse. Everyone seems to “know” dozens of tools, certifications and platforms. Here is the reality most cyber security hiring managers agree on: they are not hiring you because you know every tool. They are hiring you because you understand risk, can think like an attacker and a defender, follow process, communicate clearly and make good decisions under pressure. Tools matter — but only when they support those outcomes. So how many cyber security tools do you actually need to know to get a job? For most job seekers, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific and how to focus your learning so you look credible, not overwhelmed.

Jobs

What Hiring Managers Look for First in Cyber Security Job Applications (UK Guide)

If you want to stand out in the highly competitive world of cyber security job applications, you need to understand what hiring managers look for before they even finish reading a CV. Cyber security hiring managers scan applications quickly and with specific priorities in mind. They assess not just your technical ability, but your judgement, professionalism, clarity, risk awareness and evidence of impact. This guide explains what hiring managers look for first in cyber security applications across roles like Security Analyst, Security Engineer, Penetration Tester, Incident Responder, Security Architect, Governance Risk and Compliance specialists and Cloud Security positions. Use this as a practical, step-by-step checklist to sharpen your CV, LinkedIn profile, cover letter and portfolio before you apply on www.cybersecurityjobs.tech .

Education

The Skills Gap in Cyber Security Jobs: What Universities Aren’t Teaching

Cyber security has become one of the most critical disciplines in the modern economy. From protecting financial systems and healthcare data to securing national infrastructure, cloud platforms and supply chains, cyber security professionals now sit at the frontline of digital trust. Demand for cyber security talent in the UK has surged. Job vacancies remain high, salaries continue to rise, and organisations across every sector report difficulty hiring skilled professionals. Yet despite this demand, many graduates struggle to break into cyber security roles and employers consistently report that candidates are not job-ready. The problem is not intelligence, ambition or academic effort. It is a persistent and widening skills gap between university education and real-world cyber security work. This article explores that gap in depth: what universities teach well, what they routinely miss, why the gap exists, what employers actually want, and how jobseekers can bridge the divide to build sustainable careers in cyber security.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.