At a Glance
- Tasks: Lead security audits and risk assessments for complex government systems.
- Company: Join a forward-thinking tech firm dedicated to enhancing public services.
- Benefits: Enjoy 30 days annual leave, flexible hours, and wellness support.
- Other info: Be part of a diverse team committed to innovation and continuous improvement.
- Why this job: Make a real impact on national security while mentoring others.
- Qualifications: Must hold a recognised audit credential; experience with UK security frameworks is a plus.
The predicted salary is between 60000 - 75000 £ per year.
Key Responsibilities
- Design and lead security audits across complex government systems, combining automated scanning with manual testing, producing findings that are clearly framed around risk and remediation rather than just compliance status.
- Drive continuous compliance monitoring against applicable standards and regulations such as Cyber Essentials, the NCSC Cyber Assessment Framework, Gov Assure, UK GDPR, and NIS Regulations, feeding posture data into governance and risk reporting rather than treating it as a point‑in‑time exercise.
- Lead risk assessments and threat‑modelling sessions, selecting proportionate methodologies (ISO 27005, NIST RMF, STRIDE, MITRE ATT&CK) and ensuring findings feed into programme governance rather than remaining in documentation alone.
- Communicate security findings and risk clearly to a range of audiences – providing technical detail for engineering teams and risk‑framed summaries for senior stakeholders – structuring reports around the decisions people need to make.
- Embed security as a continuous engineering concern, supporting threat modelling and security reviews throughout delivery, challenging designs that create unnecessary risk, and mentoring colleagues on secure‑by‑default practices.
- Support and assess supply‑chain and third‑party security, creating proportionate assurance processes aligned with recognised standards and helping clients identify and address gaps in how they manage vendor and software supply‑chain risk.
- Mentor and coach colleagues and client team members, pairing on complex assurance work, sharing knowledge across the practice, and actively contributing to the capability of everyone around you.
- Contribute to the commercial and strategic health of engagements, staying alert to unmet client needs, managing scope within contracted boundaries, and surfacing opportunities or risks to account leadership as they arise.
Skills, Knowledge & Expertise
Essential
- Hold a recognised audit and assurance practitioner credential, such as Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP), or an equivalent qualification.
Desirable
- Certified in Risk and Information Systems Control (CRISC).
- Certified Information Systems Security Professional (CISSP).
- Experience advising clients on UK government security frameworks (Gov Assure, the NCSC Cyber Assessment Framework, Cyber Essentials Plus, and the HMG Security Policy Framework) and their practical interactions.
- Experience leading risk assessments using structured methodologies (ISO 27005, NIST RMF, or FAIR) and embedding risk outputs into programme governance.
- Demonstrated ability to design security controls and governance approaches for cloud environments, with an understanding of how compliance requirements apply in AWS, Azure, or GCP contexts.
- Working knowledge of incident response planning – establishing policies, assessing team readiness, and mentoring others on preparedness – ideally in a government or regulated environment.
- Experience conducting or leading supply‑chain security assessments, including third‑party risk and software provenance, referencing recognised standards.
- Familiarity with tools used for continuous compliance monitoring, automated controls testing, or cloud security posture management (e. g., CSPM tooling, SIEM platforms, vulnerability management tools).
- Evidence of actively shaping your own development – a T‑shaped specialism, seeking and acting on feedback, and sharing learning openly with colleagues and the wider practice.
- Experience contributing reusable assets – playbooks, templates, tooling, or patterns – back into a practice or community rather than leaving knowledge within a single engagement or team.
- Experience running or contributing to structured mentoring relationships, pairing sessions, or retrospectives that measurably improved team capability or ways of working.
- Experience co‑designing solutions with clients and stakeholders – engaging them in the process rather than presenting conclusions for approval – and delivering value anchored to outcomes rather than outputs.
- Experience conducting skills‑based assessment of candidates, contributing to interview scripts, or calibrating assessment criteria to ensure fair and consistent evaluation.
- What You’ll Bring
- Contextual judgement over formulaic approaches – you think carefully about what is proportionate for each engagement and articulate trade‑offs clearly to help clients understand the reasoning behind your recommendations.
- A team‑first mindset – you take your own work seriously and support the growth of others equally, pairing, sharing, coaching, and creating a safe environment for questions and gaps.
- Confidence communicating across boundaries – you present risk findings to senior civil servants as comfortably as you work through a threat model with an engineering team, adjusting style without losing substance or clarity.
- Genuine ownership – you take responsibility for the outcomes of your work, maintaining momentum through ambiguity, escalating risks early, and seeing significant pieces of work through from start to finish.
- Job Benefits
- 30 days paid annual leave.
- Flexible working hours.
- Flexible parental leave options.
- Part‑time remote working available for all staff.
- Paid counselling, financial and legal advice.
- Access to a flexible benefit platform that includes a Smart Tech scheme, Cycle‑to‑Work scheme, and an individual benefits allowance for a health‑care cash plan or pension plan.
- Optional social and wellbeing events calendar.
- SC Eligibility
All successful candidates must be eligible for an SC (Security Check) clearance, requiring five years of UK residency and employment or full‑time education history.
If eligibility cannot be proven during the interview process, the application will not progress.
Equal Opportunity Statement
We believe we can use technology to make public services better and that this is best achieved when our team reflects the society we serve.
We are committed to creating a culture that is happy, healthy, safe and inspiring for people of all backgrounds and experiences, and we encourage applicants from under‑represented groups.
We welcome reasonable adjustments and feedback to improve the application experience for all candidates.
#J-18808-Ljbffr