Information Security Technical Assurance Lead
Listed on 2026-07-14
-
IT/Tech
Cybersecurity, Information Security, IT Consultant, Data Security
Responsibilities
We produce and review technical security documentation to support secure solution delivery. We partner with business stakeholders to understand requirements and embed strong security practices across initiatives. We act as trusted advisors and security advocates, promoting a security‑first culture across the organisation. We review technical designs against security standards and policies, identifying gaps and recommending improvements to controls. We provide assurance across both on‑premises and cloud environments, ensuring consistent security coverage.
We collaborate with GRC teams, security architects, and business stakeholders to conduct risk assessments, define mitigations, and document outcomes. We work closely with IT teams to validate and assure the effectiveness of technical controls against identified threats. We translate business strategy and requirements into secure architectural approaches, clearly communicating risk and enabling appropriate control solutions. We conduct supplier assurance activities across on‑premises, cloud, and hybrid services, providing clear, actionable recommendations.
We develop and maintain application security policies, standards, and guidelines. We ensure alignment between security frameworks, architectural standards, and overall business strategy. We stay current with emerging threats, technologies, and industry best practices, continuously enhancing our security posture.
We require a degree in Computer Science, Information Security, or a related discipline, or equivalent industry experience. We value one or more relevant cybersecurity certifications such as CISSP, CISA, CSSLP, GWAPT, GCSA, CASE, or Certified Dev Sec Ops Professional. We need strong familiarity with OWASP, including Top
10 and ASVS. We require at least five years of experience in information security assurance, with a strong focus on application security. We need hands‑on experience with information security frameworks and regulatory compliance, such as ISO
27001 and the NISTSP
800 series / Cybersecurity Framework. We prefer knowledge of regulatory requirements within the nuclear industry across the United States, United Kingdom, Netherlands, and Germany. We prefer understanding of government security classifications and associated handling requirements. The successful candidate must be able to obtain and maintain SC clearance.
- Cloud Dev Sec Ops Support
- OWASP Security
- ASP.NET Web
- 27 days annual leave
- Bonus scheme
- Family‑friendly policies
- Pension contributions
- Hybrid working
- Flexible hours
- Life assurance
- Income protection
- Volunteering time
- Private medical and dental insurance
This is a hybrid role based at our Paddington Head Office in London, with a minimum expectation of two days per week in the office and occasional travel as needed. The role sits within our CISO function and Cyber Security Assurance team, where we focus on strengthening our cyber security capabilities to protect our business, customers, and the wider public. We are committed to diversity, inclusion, and creating an open workplace where every voice is heard and people thrive.
#J-18808-LjbffrTo Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: