Security Assurance Manager
Share
Job Location:
Oxfordshire - UK
Monthly Salary:
Not Disclosed
Posted on:
5 hours ago
Vacancies:
1 Vacancy
Job Summary
Description:
INTERNAL JOB TITLE: CYBER SECURITY ASSURANCE SPECIALIST
UKAEAs mission is to lead the delivery of sustainable fusion energy and maximise scientific and economic impact. The Computing Division underpins this mission by delivering secure scalable and innovative digital solutions.
The Cyber Security Assurance Specialist plays a pivotal role in advancing UKAEA s hybrid digital estate encompassing enterprise IT operational technology (OT) and research platforms. This role sits within the Information & Cyber Security Group and provides subject matter expertise in security architecture cyber risk governance and assurance frameworks.
This is a cross-functional role with both advisory and hands-on responsibilities focusing on security assurance risk management and supporting architecture reviews vulnerability management risk assessments cyber defence posture driving technical assurance and embedding risk-aligned security controls across IT and OT systems and secure-by-design practices. You will work across hybrid environments including cloud infrastructure applications and OT systems. You will be responsible for designing and advising on security architecture patterns reviewing and maintaining risk registers leading assurance assessments and embedding security controls across infrastructure and platforms. You will also guide teams in applying secure-by-design principles and support both internal audit and external compliance efforts including Gov Assure CAF ISO 27001 and Cyber Essentials (CE and CE) while supporting the secure operation of core services. The role requires strong stakeholder engagement technical depth and a sound understanding of UK-specific cyber risk frameworks. You will help shape and maintain a secure posture across UKAEA.
Key Accountabilities
Conduct technical risk assessments on IT/OT/cloud systems
Provide secure design guidance to digital projects (cloud/infra/app)
Maintain and update the security risk register quarterly
Evaluate 2 critical technical changes for architectural risk (e.g. network reconfig app onboarding)
Document evidence gathering and remediation planning for Secure-by-designCAF and GovAssure
Conduct internal technical assurance reviews aligned to GovAssure/CAF/ISO27001 domains
Maintain traceability of security controls to frameworks (NIST CE NCSC)
Evaluate Suppliers against internal and external risk criteria for Assurance.
Contribute to the adoption of Zero Trust principles in platform design
Provide secure-by-design input into infrastructure/cloud/app initiatives
Define security control templates for new deployments (e.g. SaaS Azure service OT upgrade)
Deliver knowledge sessions to technical teams (secure config threats compliance)
Develop secure configuration guidance for platforms (e.g. Entra ID Linux M365)
Represent Cyber Security in architecture/design authorities
Produce and maintain technical security reports for assurance cycles
Support compliance audit evidence packs (GovAssure/CAF CE ISO 27001)
Develop or update security standard documents (e.g. threat modelling vulnerability mgmt)
Support cyber input for IT research or OT programmes
Work with IT teams to co-author and test secure configuration standards and playbooks
Support security policy application in hybrid cloud infra and app settings
Support audit and compliance activities with reporting and evidence gathering
UKAEAs mission is to lead the delivery of sustainable fusion energy and maximise scientific and economic impact. The Computing Division underpins this mission by delivering secure scalable and innovative digital solutions.
The Cyber Security Assurance Specialist plays a pivotal role in advancing UKAEA s hybrid digital estate encompassing enterprise IT operational technology (OT) and research platforms. This role sits within the Information & Cyber Security Group and provides subject matter expertise in security architecture cyber risk governance and assurance frameworks.
This is a cross-functional role with both advisory and hands-on responsibilities focusing on security assurance risk management and supporting architecture reviews vulnerability management risk assessments cyber defence posture driving technical assurance and embedding risk-aligned security controls across IT and OT systems and secure-by-design practices. You will work across hybrid environments including cloud infrastructure applications and OT systems. You will be responsible for designing and advising on security architecture patterns reviewing and maintaining risk registers leading assurance assessments and embedding security controls across infrastructure and platforms. You will also guide teams in applying secure-by-design principles and support both internal audit and external compliance efforts including Gov Assure CAF ISO 27001 and Cyber Essentials (CE and CE) while supporting the secure operation of core services. The role requires strong stakeholder engagement technical depth and a sound understanding of UK-specific cyber risk frameworks. You will help shape and maintain a secure posture across UKAEA.
Key Accountabilities
Conduct technical risk assessments on IT/OT/cloud systems
Provide secure design guidance to digital projects (cloud/infra/app)
Maintain and update the security risk register quarterly
Evaluate 2 critical technical changes for architectural risk (e.g. network reconfig app onboarding)
Document evidence gathering and remediation planning for Secure-by-designCAF and GovAssure
Conduct internal technical assurance reviews aligned to GovAssure/CAF/ISO27001 domains
Maintain traceability of security controls to frameworks (NIST CE NCSC)
Evaluate Suppliers against internal and external risk criteria for Assurance.
Contribute to the adoption of Zero Trust principles in platform design
Provide secure-by-design input into infrastructure/cloud/app initiatives
Define security control templates for new deployments (e.g. SaaS Azure service OT upgrade)
Deliver knowledge sessions to technical teams (secure config threats compliance)
Develop secure configuration guidance for platforms (e.g. Entra ID Linux M365)
Represent Cyber Security in architecture/design authorities
Produce and maintain technical security reports for assurance cycles
Support compliance audit evidence packs (GovAssure/CAF CE ISO 27001)
Develop or update security standard documents (e.g. threat modelling vulnerability mgmt)
Support cyber input for IT research or OT programmes
Work with IT teams to co-author and test secure configuration standards and playbooks
Support security policy application in hybrid cloud infra and app settings
Support audit and compliance activities with reporting and evidence gathering
Additional Details
- Senior Interim Hire : No
- Region : South West
- Requisition Type : 1. New Requirement
- Name of Nominated Worker : (No Value)
- Please provide any additional information specific to this role : (No Value)
- If any professional qualifications are required for the role please list certificates here: : Essential Requirements Demonstrable experience in designing and implementing secure infrastructure or cloud architectures. Proven experience with risk assessment methodologies and maintaining enterprise risk registers. Working knowledge of risk assessment methodologies (e.g. ISO 31000 FAIR OWASP risk rating). Strong understanding of Gov Assure CAF ISO 27001 Cyber Essentials and NIST frameworks. Experience conducting or supporting security audits and implementing remediation plans. Proficiency in assessing and securing platforms such as Entra ID (Azure AD) Microsoft 365 E5 Azure IaaS/PaaS Windows/Linux/Unix. Strong knowledge of security tooling such as SIEM endpoint detection (EDR/XDR) and vulnerability management platforms. Hands-on experience with policy development access control models (RBAC ABAC) and logging standards. Experience supporting assurance activities or government-mandated reviews (e.g. GovAssure Secure by Design). Knowledge of Incident Management Vulnerability Assessments SIEM & SOC Systems. Familiarity with ITSM workflows and change control procedures Experience designing or reviewing secure software supply chain and CI/CD security. Ability to interpret CVEs CVSS scores and threat intelligence feeds. Strong stakeholder engagement and communication skills with an ability to produce technical reports and articulate risk to non-specialists. Excellent written and verbal communication skills with the ability to present to senior stakeholders. Eligible for national security vetting to SC A degree in Cybersecurity Information Technology or a STEM subject (or equivalent experience). Security Assurance certifications such as CCP SIRA Security certifications such as CISSP SSCP CISM CRISC CCSP SABSA or SANS GIAC (GSEC GCCC GCPM). Experience working in a regulated or government environment particularly within research energy or national infrastructure. Knowledge of OT / ICS/ SCADA security principles and industrial control SplitTechnical/Professional 80% Project Management 20%Budget ResponsibilityNone
- Desired Skill 1 : TECH & DIGITALCyber / Information Security
- Desired Skill 2 : TECH & DIGITALArchitecture
- Desired Skill 3 : TECH & DIGITALTechnical Assurance
- Desired Skill 4 : (No Value)
- Desired Skill 5 : (No Value)
- Are there any Health and Safety requirements or hazards associated to this role : No
- If yes please specify the Health and Safety Considerations : (No Value)
- Is the role in or out of scope of IR35 : In Scope
- Level of screening : SC (Security Clearance)
- Internal Job Title : Cyber Security Assurance Specialist
- Grade : (No Value)
- AMS Job Category : TechnologyIT Risk/Security Analyst
- Equivalent Permanent Grade : United Kingdom Atomic Energy Authority (UKAEA)Grade G
- Armed Forces Covenant Signatory : Unknown
- Disability Confident Level : Unknown
- Business Unit Name Hierarchy : United Kingdom Atomic Energy Authority Group Engineering Computing and STEP Partner Computing Division
- Business Unit Code Hierarchy : UKAEA UKAEA ECASP UKAEA ECASP CD
