Information Security Technical Assurance Lead

London
3 weeks ago
Create job alert

Job Title: Cyber Security Assurance Specialist (Application Security)
Client: Urenco
Rate: £700 per day
Location: Hybrid – Minimum 2 days per week in Paddington, London
Clearance: Active SC Clearance required

About the Client

Urenco is a world leader in the enrichment of uranium for use in the civil nuclear industry. Operating across the United Kingdom, United States, Netherlands, and Germany, Urenco plays a critical role in enabling the safe, sustainable use of nuclear technology worldwide.

The Group CISO function is responsible for continuously developing and enhancing Urenco’s cyber security portfolio to protect the organisation, its customers, and the public. The CISO team is structured across three core areas:

Governance, Risk & Compliance (GRC)
Operational Technology (OT) Cyber & Cyber Assurance
Threat Defence
This opportunity sits within the Cyber Assurance Team, reporting directly to the Head of Cyber Security Assurance.

Role Overview

We are seeking an experienced Cyber Security Assurance Specialist with a strong focus on application security across both on-premises and cloud environments.

You will play a key role in improving cyber security maturity across the organisation by providing assurance over security designs, assessing risk, and developing application security standards and policies. The role requires close collaboration with IT, Information Security, and business stakeholders, translating business requirements into secure, practical solutions.

This is a highly visible position requiring strong communication skills, sound business judgement, and the ability to operate effectively in agile delivery environments.

Key Responsibilities

  1. Security Design & Solution Assurance

    Review and assure technical designs against security policies and standards
    Identify security design gaps and recommend appropriate control improvements
    Author and review high-quality security documentation
    Provide security oversight for both on-premises and cloud-based solutions
    Act as a trusted advisor and security advocate across the business
    Communicate effectively with stakeholders to embed secure-by-design principles

  2. Security Risk Assessment & Control Assurance

    Produce formal security risk assessments in collaboration with GRC, architects, and IT teams
    Define and agree risk mitigations and compensating controls
    Assure implementation and effectiveness of technical controls
    Translate business strategy into secure architecture guidance
    Conduct supplier assurance across on-premises, cloud, and hybrid services

  3. Security Standards, Policies & Governance

    Develop and maintain application security policies, standards, and guidelines
    Align security frameworks with broader business strategy
    Track emerging security practices and ensure standards remain current
    Support the continuous improvement of cyber security maturity

    Essential Experience

    Minimum 5 years’ experience in Information Security Assurance with a focus on application security
    Experience working in a global organisation
    Strong knowledge of regulatory compliance and security frameworks such as:

    ISO 27000 series
    NIST SP 800 series
    NIST Cyber Security Framework

    Experience in:

    Secure application design and review
    Cloud security assurance
    Penetration testing and vulnerability management
    Supplier security assurance

    Desirable Experience

    Knowledge of nuclear industry regulations across the UK, US, Netherlands, and Germany
    Understanding of government information classifications
    Experience in OT security environments

    Technical Knowledge

    Strong understanding of security controls across multiple asset types including data, networks, devices, and users, covering:

    Software Asset Inventory & Control
    Data Protection
    Secure Configuration Management
    Continuous Vulnerability Management
    Audit Log Management
    Malware Defences
    Disaster Recovery
    Service Provider Security Management
    Application Security & Penetration Testing

    Qualifications & Certifications

    Degree (BS/MS) in Computer Science, Information Security, or equivalent experience
    Relevant certifications such as:

    CISSP
    CISA
    CSSLP
    OWASP ASVS / OWASP Top 10
    GIAC (GWAPT, GCSA)
    CASE
    Certified DevSecOps Professional

    Key Competencies

    Strong business acumen with ability to align security to organisational objectives
    Adaptable and responsive to changing risk landscapes
    Excellent written and verbal communication skills
    Strong analytical and decision-making capability
    Team-oriented with experience working across diverse stakeholders
    Self-motivated with a sense of urgency and delivery focus
    Organised and able to manage multiple priorities

    Additional Information

    Hybrid working model – minimum 2 days per week onsite in Paddington
    Occasional travel may be required
    Active SC clearance is mandatory

Related Jobs

View all jobs

Director of Group Cyber Security Services

Director of Operational Technology (OT) & Manufacturing Security

Head of Cyber Security Governance, Risk and Compliance

Security Assurance Contractor

Information Security Specialist - Technical Lead

Cyber Security Consultants - DV Cleared

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Penetration Tester Jobs in the UK: What Employers Actually Want in 2026

The demand for skilled professionals in cyber security has never been higher, and penetration testers sit at the very heart of this rapidly evolving industry. As organisations across the UK continue to digitise their operations, protect sensitive data, and defend against increasingly sophisticated threats, the need for ethical hackers has grown dramatically. If you are considering a career in this field—or looking to advance within it—it is essential to understand what employers are really looking for in 2026. This guide breaks down the current expectations, required skills, certifications, and practical experience that can help you stand out in a competitive job market.

Jobs

SOC Analyst Jobs UK 2026: Salaries, Skills & How to Get Hired

Cyber security is one of the UK's fastest-growing career paths — and SOC analyst is where most people begin. It's in high demand, genuinely accessible, and you don't need a degree or years of experience to get started. But knowing what UK employers actually want in 2026 — what they pay, which certs matter, and how to stand out — is a different matter. This guide covers all of it.

Careers

How Many Cyber Security Tools Do You Need to Know to Get a Cyber Security Job?

If you are trying to build or move forward in a cyber security career, it can feel like the list of tools you are expected to know never ends. One job advert asks for SIEM platforms, another mentions penetration testing tools, another lists cloud security, threat intelligence platforms, endpoint detection, scripting languages and compliance frameworks. Scroll LinkedIn and it gets worse. Everyone seems to “know” dozens of tools, certifications and platforms. Here is the reality most cyber security hiring managers agree on: they are not hiring you because you know every tool. They are hiring you because you understand risk, can think like an attacker and a defender, follow process, communicate clearly and make good decisions under pressure. Tools matter — but only when they support those outcomes. So how many cyber security tools do you actually need to know to get a job? For most job seekers, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific and how to focus your learning so you look credible, not overwhelmed.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.