Information Assurance Specialist in Derby

AMS is a global workforce solutions partner committed to creating inclusive, dynamic, and future-ready workplaces. We help organisations adapt, grow, and thrive in an ever-evolving world by building, shaping, and optimising diverse talent strategies. Our Contingent Workforce Solution (CWS) is one way we support our clients. Acting as an extension of their recruitment teams, we connect them with skilled interim and temporary professionals, fostering workplaces where everyone can contribute and succeed.

On behalf of our globally respected client who develop cutting-edge technologies that deliver clean, safe and competitive solutions to meet the planet's vital power needs, we are looking for an Information Assurance Specialist for a 12 month contract based in Derby. Please note this role is a hybrid position in which you would be required to work onsite 3 days per week and work from home 2 days per week.

Purpose of the role:

In this role you will be providing Information Assurance through the application of policy, standards and best practice to support the IT product teams. You will also be required to work with other IA specialists to ensure a common approach to cyber security issues is developed and documented.

What you'll do:

• Support the development and continual improvement of Information Security policies, standards and procedures in line with ISO/IEC 27000, promoting a secure by design culture informed by business impact assessments, risk appetite and regulatory requirements.
• Serve as the Cyber Security representative on major programmes and product teams, providing authoritative guidance and approvals to ensure secure design, build and operation across IT, OT and AI enabled systems.
• Represent Cyber Security across strategic initiatives including research collaborations, joint ventures and supply chain engagements ensuring security requirements and secure by design principles are embedded from concept through delivery.
• Assess organisational and technical compliance with security policies and standards, conduct configuration and architecture reviews, and evaluate adherence to legal, regulatory and industry obligations.
• Prioritise remediation using business impact assessments.
• Provide expert advice on the selection, implementation and assurance of security controls, ensuring alignment with NIS2, aerospace standards, export controls and emerging AI regulatory expectations.
• Advise stakeholders on risk reduction strategies, promote secure behaviours and support security awareness initiatives to strengthen secure by design engineering and decision making.
• Identify, assess and manage cyber security risks and concessions, ensuring decisions are guided by business impact assessments and integrated into enterprise risk and operational safety processes.
• Contribute to broader cyber security initiatives and capability uplifts, including OT security maturity, AI assurance, supply chain resilience and secure development lifecycle improvements.
• Apply and oversee security controls required by policy, risk assessment and regulatory drivers, ensuring the confidentiality, integrity and availability of business systems, including ICS, connected manufacturing platforms and AI supported operational systems.

The skills you'll need:

• Strong overall understanding of information systems, their applications and lifecycle practices, with solid grounding in information security principles and governance.
• Proven ability to interpret and apply IT security compliance requirements while maintaining a pragmatic, risk-based approach to standards implementation.
• Effective communicator with the ability to influence stakeholders and build consensus in formal and cross-functional environments.
• Broad knowledge of cyber and information security, supported by relevant professional qualifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor).
• Experience or strong awareness of enterprise cloud technologies, architectures and capabilities (e.g., Azure, AWS, GCP).
• Understanding of Operational Technology (OT) environments and the unique security considerations associated with industrial control systems.
• Experience with Governance, Risk and Compliance (GRC) tooling (e.g., Zen, Archer, ServiceNow GRC, OneTrust, MetricStream), including managing risk registers, control frameworks and compliance workflows at scale.

Next steps:

We will only accept workers operating via an Umbrella or PAYE engagement model. If you are interested in applying for this position and meet the criteria outlined above, please click the link to apply and we will contact you with an update in due course.