Cyber Assurance Manager
London (with potential for travel)
Type of Contract
Who can Apply
Candidates with a minimum of 5 consecutive years experience working in security governance, risk management or compliance role. Ideally you will have experience providing consultancy and hold an industry recognised qualification such as CISSP, CISM or CISA. Working in our cyber team requires a high degree of security clearance, in order to meet this requirement you will need to have been living in UK for at least the last 5 years, be entitled to work in the country and be prepared to undergo background and records checks.
We assess all applications on individual merit. Our role criteria is a guideline, so if you don’t meet a requirement but still think you’ve got what you it takes – we’d like to hear from you.
You will be responsible for leading cyber assurance functions on complex delivery projects. You will be working with our delivery teams and Client stakeholders to identify cyber risks and advise them of options. You will be expected to volunteer expert guidance on compliance with statutory and regulatory requirements.
You will be an innovative problem-solver, who can adapt quickly to new circumstances. You will have experience deriving requirements from multiple different assurance objectives – including legislation, regulation, standards and frameworks, You will be capable of using your knowledge and intuition to identify real world security risks and helping stakeholders understand the best options they have available. You will already be experienced in cyber assurance and risk management, and be willing to take on further training as required.
This position will suit somebody with a methodical and hands-on approach to assurance. You will need to be a good listener and confident communicator with a consultative approach. You will be looking to gain experience in operational assurance in a fast-paced business. You will have been a subject matter expert in security management with a broad understanding of other cyber security domains – including architecture, engineering and operations. Service delivery and project management experience is desirable, particularly experience with agile delivery methods and DevOps models.
Your primary responsibilities will include:
- Identifying and analysing cyber security risks and providing advice to risk owners
- Conducting assurance reviews against standards-based compliance requirements
- Conducting Privacy Impact Assessments
- Management of continuous assurance lifecycle processes within operational environments
- Production of assurance evidence and reports for stakeholders
- Production and implementation of cyber security policies
- Evaluating the business impact of security incidents
- Providing advice and guidance on meeting security related statutory and regulatory requirements
- Assessment of security control designs and configurations for effectiveness in risk management
- Developing trusted relationships with security stakeholders
- Implementation and maintenance of security policies and processes
- Managing the delivery of security assurance services for projects
- Analysing security industry trends.
- Excellent working knowledge of the security risk management life cycle, preferably working with continuous assurance methods in Agile delivery – such as secureSDLC
- Excellent knowledge on a variety of different security technologies; such as cryptography, host intrusion, network and application firewalls
- Expert knowledge of cyber security policies and process
- Expert knowledge of security awareness campaigns
- Comprehensive understanding of threat and vulnerability management systems
- Comprehensive understanding of security information and event management systems
- Comprehensive understanding of common approaches to requirements definition, system design and engineering
- Familiarity with major Cloud technologies, preferably working experience of a least one major PaaS provider – such as Azure or AWS
- A natural collaborator with a genuine desire to help your team achieve a common goal
- Excellent communication skills – including formal presentations, written reports and informal clinics
- Knowledgeable when it comes to industry standards and good practice for information security risk, preferably working experience of ISO standards
- An understanding of designing and implementing security management systems
- Able to translate your technical knowledge for a wider audience, and influence a culture of cyber assurance across an organisation
- Able to Hold (or holds) at least SC national security clearance
- A good knowledge of common infrastructure and security architectures.
- Degree in a relevant subject
- Experience working in SecOps, DevOps and Agile projects.