Information Security Technical Assurance Lead

London
1 day ago
Create job alert

Job Title: Cyber Security Assurance Specialist (Application Security)
Client: Urenco
Rate: £700 per day
Location: Hybrid – Minimum 2 days per week in Paddington, London
Clearance: Active SC Clearance required

About the Client

Urenco is a world leader in the enrichment of uranium for use in the civil nuclear industry. Operating across the United Kingdom, United States, Netherlands, and Germany, Urenco plays a critical role in enabling the safe, sustainable use of nuclear technology worldwide.

The Group CISO function is responsible for continuously developing and enhancing Urenco’s cyber security portfolio to protect the organisation, its customers, and the public. The CISO team is structured across three core areas:

Governance, Risk & Compliance (GRC)
Operational Technology (OT) Cyber & Cyber Assurance
Threat Defence
This opportunity sits within the Cyber Assurance Team, reporting directly to the Head of Cyber Security Assurance.

Role Overview

We are seeking an experienced Cyber Security Assurance Specialist with a strong focus on application security across both on-premises and cloud environments.

You will play a key role in improving cyber security maturity across the organisation by providing assurance over security designs, assessing risk, and developing application security standards and policies. The role requires close collaboration with IT, Information Security, and business stakeholders, translating business requirements into secure, practical solutions.

This is a highly visible position requiring strong communication skills, sound business judgement, and the ability to operate effectively in agile delivery environments.

Key Responsibilities

  1. Security Design & Solution Assurance

    Review and assure technical designs against security policies and standards
    Identify security design gaps and recommend appropriate control improvements
    Author and review high-quality security documentation
    Provide security oversight for both on-premises and cloud-based solutions
    Act as a trusted advisor and security advocate across the business
    Communicate effectively with stakeholders to embed secure-by-design principles

  2. Security Risk Assessment & Control Assurance

    Produce formal security risk assessments in collaboration with GRC, architects, and IT teams
    Define and agree risk mitigations and compensating controls
    Assure implementation and effectiveness of technical controls
    Translate business strategy into secure architecture guidance
    Conduct supplier assurance across on-premises, cloud, and hybrid services

  3. Security Standards, Policies & Governance

    Develop and maintain application security policies, standards, and guidelines
    Align security frameworks with broader business strategy
    Track emerging security practices and ensure standards remain current
    Support the continuous improvement of cyber security maturity

    Essential Experience

    Minimum 5 years’ experience in Information Security Assurance with a focus on application security
    Experience working in a global organisation
    Strong knowledge of regulatory compliance and security frameworks such as:

    ISO 27000 series
    NIST SP 800 series
    NIST Cyber Security Framework

    Experience in:

    Secure application design and review
    Cloud security assurance
    Penetration testing and vulnerability management
    Supplier security assurance

    Desirable Experience

    Knowledge of nuclear industry regulations across the UK, US, Netherlands, and Germany
    Understanding of government information classifications
    Experience in OT security environments

    Technical Knowledge

    Strong understanding of security controls across multiple asset types including data, networks, devices, and users, covering:

    Software Asset Inventory & Control
    Data Protection
    Secure Configuration Management
    Continuous Vulnerability Management
    Audit Log Management
    Malware Defences
    Disaster Recovery
    Service Provider Security Management
    Application Security & Penetration Testing

    Qualifications & Certifications

    Degree (BS/MS) in Computer Science, Information Security, or equivalent experience
    Relevant certifications such as:

    CISSP
    CISA
    CSSLP
    OWASP ASVS / OWASP Top 10
    GIAC (GWAPT, GCSA)
    CASE
    Certified DevSecOps Professional

    Key Competencies

    Strong business acumen with ability to align security to organisational objectives
    Adaptable and responsive to changing risk landscapes
    Excellent written and verbal communication skills
    Strong analytical and decision-making capability
    Team-oriented with experience working across diverse stakeholders
    Self-motivated with a sense of urgency and delivery focus
    Organised and able to manage multiple priorities

    Additional Information

    Hybrid working model – minimum 2 days per week onsite in Paddington
    Occasional travel may be required
    Active SC clearance is mandatory

Related Jobs

View all jobs

Senior Policy Administrator

Software Development Project Manager

Deputy Shift Leader Service Desk Support Engineer

Senior Infrastructure Architect

SecOps Engineer (SC + NPPV3 Cleared)

SecOps Engineer

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs Careers

Cloud Engineer Jobs in the UK: Salary, Skills, Career Paths & How to Get Hired

Cloud engineer jobs are among the fastest-growing technology roles in the UK. As organisations move infrastructure, applications and data into the cloud, demand for skilled cloud professionals continues to surge across finance, healthcare, retail, defence, government and high-growth startups. If you’re exploring a career in cloud engineering — or looking for your next role — this guide covers everything you need to know: What a cloud engineer does Types of cloud engineer jobs Required skills and certifications UK salary expectations Career progression pathways How to land a cloud engineer job in the UK Whether you’re a graduate, IT professional transitioning into cloud, or an experienced engineer looking to specialise, this article will help you position yourself competitively.

Careers

How Many Cloud Computing Tools Do You Need to Know to Get a Cloud Job?

If you are aiming for a role in cloud computing, it can feel like the skills list never ends. One job advert asks for AWS, Terraform and Kubernetes. Another mentions Azure DevOps, PowerShell and ARM templates. A third throws in Docker, Python, Linux, CI/CD, monitoring tools and security frameworks. It is no surprise that many cloud job seekers feel overwhelmed before they even apply. Here is the reality most cloud hiring managers agree on: they are not hiring you because you know every cloud tool. They are hiring you because you understand cloud concepts, can design reliable systems, manage costs, keep things secure and support real workloads. Tools matter, but only when they support outcomes. So how many cloud computing tools do you actually need to know to get a job? For most roles, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific, and how to focus your learning so you look capable and employable rather than scattered.

Jobs

What Hiring Managers Look for First in Cloud Computing Job Applications (UK Guide)

anding a job in cloud computing can be highly competitive — especially in the UK market where demand far outpaces supply in many segments. Whether you’re aiming for roles in Cloud Engineering, DevOps, Site Reliability, Cloud Architecture, Security, Data/Analytics, or Platform Operations, hiring managers screen applications quickly and with specific priorities in mind. Hiring managers don’t read every detail at first; they scan for critical signals in the first 10–20 seconds. These early signals determine whether your CV gets read more closely, whether your LinkedIn profile gets clicked, and whether you’re invited to interview. This guide breaks down, in practical terms, exactly what hiring managers look for first in cloud computing applications — and what you should emphasise in your CV, cover letter and portfolio to stand out on www.cloudcomputingjobs.co.uk .

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.