Cyber Security Assurance Specialist

<p>Job Description</p><br>Apply now, read the job details by scrolling down Double check you have the necessary skills before sending an application.<br><p>Role: Cyber Security Assurance Specialist Salary/Rate: £45-55 per hr inside IR35 Location: Hybrid, near Oxford 3x per week Contract Duration: until December 2026</p><p>We are currently looking for a Cyber Security Assurance Specialist for our government client.</p><p>This Cyber Security Assurance Specialist role is hybrid, based between working 3 days per week on site in Abingdon Oxfordshire and the remainder of the week working remotely. There is no further flexibility with the on-site requirement.</p><p>The contract for this Cyber Security Assurance Specialist position is until December 2026, with potential to extend, operating inside IR35.</p><p>Security Clearance: eligible for Security Check ("SC Clearance")</p><p>This role is inside IR35 - Due to the service of the role, it will now be based on an Umbrella solution.</p><p>Essential skills/experience required:</p><ul><li>Demonstrable experience in designing and implementing secure infrastructure or cloud architectures.</li><li>Proven experience with risk assessment methodologies and maintaining enterprise risk registers.</li><li>Working knowledge of risk assessment methodologies (e.g. ISO 31000, FAIR, OWASP risk rating).</li><li>Strong understanding of Gov Assure, CAF, ISO 27001, Cyber Essentials, and NIST frameworks.</li><li>Experience conducting or supporting security audits and implementing remediation plans.</li><li>Proficiency in assessing and securing platforms such as Entra ID (Azure AD), Microsoft 365 E5, Azure IaaS/PaaS, Windows/Linux/Unix.</li><li>Strong knowledge of security tooling such as SIEM, endpoint detection (EDR/XDR), and vulnerability management platforms.</li><li>Hands-on experience with policy development, access control models and logging standards.</li><li>Experience supporting assurance activities or government-mandated reviews (e.g. GovAssure, Secure by Design).</li><li>Knowledge of Incident Management, Vulnerability Assessments, SIEM & SOC Systems.</li><li>Familiarity with ITSM workflows and change control procedures</li><li>Experience designing or reviewing secure software supply chain and CI/CD security.</li><li>Ability to interpret CVEs, CVSS scores, and threat intelligence feeds.</li><li>Strong stakeholder engagement and communication skills with an ability to produce technical reports and articulate risk to non-specialists.</li><li>Excellent written and verbal communication skills with the ability to present to senior stakeholders.</li></ul><p>Role / Responsibilities:</p><ul><li>Conduct technical risk assessments on IT/OT/cloud systems</li><li>Provide secure design guidance to digital projects (cloud/infra/app)</li><li>Maintain and update the security risk register quarterly</li><li>Evaluate 2 critical technical changes for architectural risk (e.g., network reconfig, app onboarding)</li><li>Document evidence gathering and remediation planning for Secure-by-design,CAF and GovAssure</li><li>Conduct internal technical assurance reviews aligned to GovAssure/CAF/ISO27001 domains</li><li>Maintain traceability of security controls to frameworks (NIST, CE+, NCSC),</li><li>Evaluate Suppliers against internal and external risk criteria for Assurance.</li><li>Contribute to the adoption of Zero Trust principles in platform design</li><li>Provide secure-by-design input into infrastructure/cloud/app initiatives</li><li>Define security control templates for new deployments (e.g., SaaS, Azure service, OT upgrade)</li><li>Deliver knowledge sessions to technical teams (secure config, threats, compliance)</li><li>Develop secure configuration guidance for platforms (e.g. Entra ID, Linux, M365)</li><li>Represent Cyber Security in architecture/design authorities</li><li>Produce and maintain technical security reports for assurance cycles</li><li>Support compliance audit evidence packs (GovAssure/CAF, CE+, ISO 27001)</li><li>Develop or update security standard documents (e.g. threat modelling, vulnerability mgmt)</li><li>Support cyber input for IT, research or OT programmes</li><li>Work with IT teams to co-author and test secure configuration standards and playbooks</li><li>Support security policy application in hybrid cloud, infra, and app settings</li><li>Support audit and compliance activities with reporting and evidence gathering</li></ul><p>If you are interested in the above role, please click Apply Now and send a CV for quick review.</p><p>Should you require reasonable adjustments at any point during the recruitment process or if there is a better way for us to communicate, please do let us know.</p><p>Security, Cyber, Infosec, Information Security, GRC, Assurance, Compliance, Risk, Vulnerability</p><p>Circle Recruitment is acting as an Employment Agency in relation to this vacancy. Earn yourself a referral bonus if you refer somebody else who fills the role! We also offer an iPad if you refer a new client to us and we recruit for them. xwzovoh Follow us on Facebook - Circle Recruitment , Twitter - @Circle_Rec and LinkedIn - Circle Recruitment.</p>