Information Security Technical Assurance Lead

Job Title: Cyber Security Assurance Specialist (Application Security)
Client: Urenco
Rate: £700 per day
Location: Hybrid – Minimum 2 days per week in Paddington, London
Clearance: Active SC Clearance required

About the Client

Urenco is a world leader in the enrichment of uranium for use in the civil nuclear industry. Operating across the United Kingdom, United States, Netherlands, and Germany, Urenco plays a critical role in enabling the safe, sustainable use of nuclear technology worldwide.

The Group CISO function is responsible for continuously developing and enhancing Urenco’s cyber security portfolio to protect the organisation, its customers, and the public. The CISO team is structured across three core areas:

  • Governance, Risk & Compliance (GRC)
  • Operational Technology (OT) Cyber & Cyber Assurance
  • Threat Defence

This opportunity sits within the Cyber Assurance Team, reporting directly to the Head of Cyber Security Assurance.

Role Overview

We are seeking an experienced Cyber Security Assurance Specialist with a strong focus on application security across both on-premises and cloud environments.

You will play a key role in improving cyber security maturity across the organisation by providing assurance over security designs, assessing risk, and developing application security standards and policies. The role requires close collaboration with IT, Information Security, and business stakeholders, translating business requirements into secure, practical solutions.

This is a highly visible position requiring strong communication skills, sound business judgement, and the ability to operate effectively in agile delivery environments.

Key Responsibilities

1. Security Design & Solution Assurance

  • Review and assure technical designs against security policies and standards
  • Identify security design gaps and recommend appropriate control improvements
  • Author and review high-quality security documentation
  • Provide security oversight for both on-premises and cloud-based solutions
  • Act as a trusted advisor and security advocate across the business
  • Communicate effectively with stakeholders to embed secure-by-design principles

2. Security Risk Assessment & Control Assurance

  • Produce formal security risk assessments in collaboration with GRC, architects, and IT teams
  • Define and agree risk mitigations and compensating controls
  • Assure implementation and effectiveness of technical controls
  • Translate business strategy into secure architecture guidance
  • Conduct supplier assurance across on-premises, cloud, and hybrid services

3. Security Standards, Policies & Governance

  • Develop and maintain application security policies, standards, and guidelines
  • Align security frameworks with broader business strategy
  • Track emerging security practices and ensure standards remain current
  • Support the continuous improvement of cyber security maturity

Essential Experience

  • Minimum 5 years’ experience in Information Security Assurance with a focus on application security
  • Experience working in a global organisation
  • Strong knowledge of regulatory compliance and security frameworks such as:
    • ISO 27000 series
    • NIST SP 800 series
    • NIST Cyber Security Framework
  • Experience in:
    • Secure application design and review
    • Cloud security assurance
    • Penetration testing and vulnerability management
    • Supplier security assurance

Desirable Experience

  • Knowledge of nuclear industry regulations across the UK, US, Netherlands, and Germany
  • Understanding of government information classifications
  • Experience in OT security environments

Technical Knowledge

Strong understanding of security controls across multiple asset types including data, networks, devices, and users, covering:

  • Software Asset Inventory & Control
  • Data Protection
  • Secure Configuration Management
  • Continuous Vulnerability Management
  • Audit Log Management
  • Malware Defences
  • Disaster Recovery
  • Service Provider Security Management
  • Application Security & Penetration Testing

Qualifications & Certifications

  • Degree (BS/MS) in Computer Science, Information Security, or equivalent experience
  • Relevant certifications such as:
    • CISSP
    • CISA
    • CSSLP
    • OWASP ASVS / OWASP Top 10
    • GIAC (GWAPT, GCSA)
    • CASE
    • Certified DevSecOps Professional

Key Competencies

  • Strong business acumen with ability to align security to organisational objectives
  • Adaptable and responsive to changing risk landscapes
  • Excellent written and verbal communication skills
  • Strong analytical and decision-making capability
  • Team-oriented with experience working across diverse stakeholders
  • Self-motivated with a sense of urgency and delivery focus
  • Organised and able to manage multiple priorities

Additional Information

  • Hybrid working model – minimum 2 days per week onsite in Paddington
  • Occasional travel may be required
  • Active SC clearance is mandatory
Apply Now
Apply Now

Job Details

Company
Morson Edge
Location
London, United Kingdom
Hybrid / Remote Options
Employment Type
Contract
Salary
£650 - £700/day None
Posted