Cyber Security Assurance Specialist

Cyber Security Assurance Specialist - 6-month contract - Oxfordshire (SC Cleared)

The Cyber Security Assurance Specialist plays a pivotal role in advancing our clients hybrid digital estate, encompassing enterprise IT, operational technology (OT), and research platforms. This role sits within the Information & Cyber Security Group and provides subject matter expertise in security architecture, cyber risk governance, and assurance frameworks.

This cross-functional role combines advisory and hands-on responsibilities, focusing on security assurance, risk management, and architecture support across IT and OT environments. It covers vulnerability management, risk assessments, cyber defence posture, and embedding risk-aligned, secure-by-design controls across cloud, infrastructure, and applications.

Key Responsibilities:

• Conduct technical risk assessments across IT/OT/cloud systems
  Provide secure-by-design guidance for cloud, infrastructure, and application projects
  Maintain and update the security risk register
• Perform architectural risk reviews on key technical changes
• Conduct technical assurance reviews and produce supporting reports aligned to GovAssure, CAF, and ISO 27001
• Support audit and compliance activities, including evidence gathering (GovAssure, CAF, CE+, ISO 27001)
• Maintain security control mapping to frameworks (NIST, NCSC, Cyber Essentials+) and update security standards
• Evaluate suppliers against internal and external security risk criteria
• Contribute to Zero Trust principles in platform and system design
• Define security control templates for new deployments (eg SaaS, Azure, OT)
• Develop and implement secure configuration standards with IT teams (eg Entra ID, Linux, M365)
• Deliver security knowledge sharing sessions to technical teams
• Represent Cyber Security in architecture and design governance forums
• Support security across IT, OT, and research programmes, including policy implementation

Essential Requirements

• Must have current SC clearance
• Demonstrable experience designing and implementing secure infrastructure or cloud architectures
• Experience applying risk assessment methodologies (eg ISO 31000, FAIR, OWASP) and maintaining enterprise risk registers
• Strong understanding of GovAssure, CAF, ISO 27001, Cyber Essentials, and NIST frameworks, including supporting assurance activities and audits
• Experience conducting security audits and implementing remediation plans
• Proficiency in securing platforms such as Entra ID, Microsoft 365 E5, Azure IaaS/PaaS, and Windows/Linux/Unix systems
• Strong knowledge of security operations tooling including SIEM, EDR/XDR, SOC operations, and vulnerability management
• Experience with identity, access control models (RBAC/ABAC), logging standards, and policy development
• Experience securing software supply chains and CI/CD pipelines
  Ability to interpret CVEs, CVSS scores, and threat intelligence feeds

If you are available and interested in this opportunity, please apply for further information. Please note that due to high volumes of applications we are unable to contact every applicant. If you do not hear back from us within 7 days of sending your application, please assume that you have not been successful on this occasion.

At Lucid, we celebrate difference and value diverse perspectives, underpinned by our values 'Honesty, Integrity and Pragmatism'. We are proud to provide equal opportunities in line with our Diversity and Inclusion policy and welcome applications from all suitably qualified or experienced people, regardless of personal characteristics. If you have a disability or health condition and seek support throughout the recruitment process, please do not hesitate to contact us via the details below.