Cyber Security Assurance Specialist in Oxford

We are currently looking for a Cyber Security Assurance Specialist for our government client. This role is hybrid, based between working 3 days per week on site in Abingdon Oxfordshire and the remainder of the week working remotely. There is no further flexibility with the on-site requirement. The contract for this position is until December 2026, with potential to extend, operating inside IR35.

Security Clearance: eligible for Security Check ("SC Clearance")

Essential skills/experience required:

• Demonstrable experience in designing and implementing secure infrastructure or cloud architectures.
• Proven experience with risk assessment methodologies and maintaining enterprise risk registers.
• Working knowledge of risk assessment methodologies (e.g. ISO 31000, FAIR, OWASP risk rating).
• Strong understanding of Gov Assure, CAF, ISO 27001, Cyber Essentials, and NIST frameworks.
• Experience conducting or supporting security audits and implementing remediation plans.
• Proficiency in assessing and securing platforms such as Entra ID (Azure AD), Microsoft 365 E5, Azure IaaS/PaaS, Windows/Linux/Unix.
• Strong knowledge of security tooling such as SIEM, endpoint detection (EDR/XDR), and vulnerability management platforms.
• Hands-on experience with policy development, access control models and logging standards.
• Experience supporting assurance activities or government-mandated reviews (e.g. GovAssure, Secure by Design).
• Knowledge of Incident Management, Vulnerability Assessments, SIEM & SOC Systems.
• Familiarity with ITSM workflows and change control procedures.
• Experience designing or reviewing secure software supply chain and CI/CD security.
• Ability to interpret CVEs, CVSS scores, and threat intelligence feeds.
• Strong stakeholder engagement and communication skills with an ability to produce technical reports and articulate risk to non-specialists.
• Excellent written and verbal communication skills with the ability to present to senior stakeholders.

Role / Responsibilities:

• Conduct technical risk assessments on IT/OT/cloud systems.
• Provide secure design guidance to digital projects (cloud/infra/app).
• Maintain and update the security risk register quarterly.
• Evaluate 2 critical technical changes for architectural risk (e.g., network reconfig, app onboarding).
• Document evidence gathering and remediation planning for Secure-by-design, CAF and GovAssure.
• Conduct internal technical assurance reviews aligned to GovAssure/CAF/ISO27001 domains.
• Maintain traceability of security controls to frameworks (NIST, CE+, NCSC).
• Evaluate Suppliers against internal and external risk criteria for Assurance.
• Contribute to the adoption of Zero Trust principles in platform design.
• Provide secure-by-design input into infrastructure/cloud/app initiatives.
• Define security control templates for new deployments (e.g., SaaS, Azure service, OT upgrade).
• Deliver knowledge sessions to technical teams (secure config, threats, compliance).
• Develop secure configuration guidance for platforms (e.g. Entra ID, Linux, M365).
• Represent Cyber Security in architecture/design authorities.
• Produce and maintain technical security reports for assurance cycles.
• Support compliance audit evidence packs (GovAssure/CAF, CE+, ISO 27001).
• Develop or update security standard documents (e.g. threat modelling, vulnerability mgmt).
• Support cyber input for IT, research or OT programmes.
• Work with IT teams to co-author and test secure configuration standards and playbooks.
• Support security policy application in hybrid cloud, infra, and app settings.
• Support audit and compliance activities with reporting and evidence gathering.

If you are interested in the above role, please click Apply Now and send a CV for quick review. Should you require reasonable adjustments at any point during the recruitment process or if there is a better way for us to communicate, please do let us know.