CYBER SECURITY ASSURANCE SPECIALIST

CYBER SECURITY ASSURANCE SPECIALIST

CCL Global are currently recruiting for a Cyber Security Assurance Specialist to support high-profile, security-critical environments. This role will play a key part in strengthening security posture, ensuring compliance, and supporting assurance activities across complex digital and infrastructure systems.

Type of Contract: Contract (Inside IR35)

Location: Oxfordshire OX14 3DB (Hybrid working available)

Key Duties Will Include:

• Design and implement secure infrastructure and cloud architectures across enterprise environments.
• Conduct and support risk assessments, maintaining enterprise risk registers and ensuring alignment with industry methodologies.
• Lead or contribute to security assurance activities, including audits, reviews, and remediation planning.
• Apply and interpret security frameworks such as ISO 27001, NIST, CAF, Cyber Essentials, and GovAssure.
• Assess and secure platforms including Entra ID (Azure AD), Microsoft 365 E5, Azure IaaS/PaaS, and Windows/Linux/Unix systems.
• Utilise security tooling such as SIEM, EDR/XDR, and vulnerability management platforms to monitor and improve security posture.
• Develop and implement security policies, access control models (RBAC, ABAC), and logging standards.
• Support incident management, vulnerability assessments, and SOC-related activities.
• Contribute to secure software supply chain practices, including CI/CD security reviews.
• Interpret threat intelligence, CVEs, and CVSS scores to inform risk-based decision making.
• Collaborate with stakeholders across technical and non-technical teams, clearly articulating risks and solutions.
• Support government or regulatory assurance processes such as Secure by Design and GovAssure.

Requirements:

• Proven experience in cyber security assurance, secure architecture design, or related disciplines.
• Strong knowledge of risk assessment methodologies (ISO 31000, FAIR, OWASP risk rating).
• Hands-on experience with enterprise security frameworks including ISO 27001, NIST, CAF, and Cyber Essentials.
• Experience conducting security audits and implementing remediation strategies.
• Technical expertise across cloud and enterprise platforms (Azure, M365, operating systems).
• Familiarity with SIEM, SOC operations, endpoint detection, and vulnerability management tools.
• Knowledge of ITSM processes, change control, and governance frameworks.
• Experience with CI/CD security and software supply chain assurance.
• Understanding of OT/ICS/SCADA environments is highly desirable.
• Strong analytical, problem-solving, and organisational skills.
• Excellent communication skills, with the ability to engage senior stakeholders and produce high-quality reports.
• Degree in Cybersecurity, IT, or a related STEM field (or equivalent experience).
• Relevant certifications such as CISSP, CISM, CRISC, CCSP, SABSA, SANS GIAC, CCP, or SIRA are desirable.
• Experience working in regulated, government, or critical infrastructure environments is advantageous.