Security Assurance Lead

Security Assurance Lead (Vulnerability & Exposure Governance)

Location: London (2–3 days per week onsite)

Salary: £70,000

We’re partnering with a forward-thinking organisation seeking a Security Assurance Lead to strengthen and mature their cyber risk and assurance capability. This is a strategic role focused on governance, oversight, and risk assurance, rather than hands-on remediation or operational security.

You will play a key role in ensuring that vulnerability and exposure risks are clearly understood, effectively governed, and consistently managed across the organisation’s technology landscape.

The Role

As Security Assurance Lead, you will establish and operate a risk-led assurance framework that provides a unified view of cyber exposure across infrastructure, cloud, and applications.

You will ensure that robust governance is in place, control effectiveness is measurable, and risks are managed in line with business priorities and regulatory expectations.

This role sits at the intersection of technical risk, governance, and stakeholder engagement, requiring both strong analytical capability and the ability to influence across engineering, risk, and leadership teams.

Key Responsibilities

Own security assurance of vulnerability risk

  • Develop and maintain a consolidated view of vulnerability and exposure risk across all environments
  • Ensure findings are assessed and prioritised based on business impact, criticality, and data sensitivity, not just technical severity
  • Define and continually evolve a risk-based classification and assurance model

Embed governance and accountability

  • Establish and oversee clear ownership of risks across engineering and platform teams
  • Define and monitor risk-based remediation SLAs, ensuring alignment to organisational risk appetite
  • Operate central assurance while enabling decentralised ownership (“you own it, you fix it”)

Define and maintain assurance frameworks

  • Develop and maintain policies, standards, and procedures aligned to ISO 27001, NIST, and CIS controls
  • Operate robust risk acceptance and exception management processes, ensuring traceability and governance
  • Ensure consistent application of controls across hybrid (cloud and on-prem) environments

Assurance reporting & stakeholder engagement

  • Deliver clear, risk-focused reporting to:
  • Technical teams (to drive prioritisation)
  • Senior stakeholders (to provide strategic oversight)
  • Track and report on key assurance metrics including:
  • Remediation SLA performance
  • Vulnerability ageing & exposure trends
  • Coverage and control effectiveness
  • Provide regular updates to leadership, risk forums, and governance committees

Tooling oversight and assurance integration

  • Oversee the effective use of vulnerability and exposure management tooling (e.g. Tenable, Wiz, Snyk)
  • Ensure data quality, completeness, and consistency across sources
  • Integrate outputs into governance and workflow tools (e.g. ServiceNow)
  • Drive automation and improvements focused on assurance, visibility, and decision-making

Partner with engineering & delivery teams

  • Act as a trusted advisor to engineering, DevOps, and platform teams
  • Support improved prioritisation, reduce noise, and enhance risk understanding
  • Embed secure-by-design and vulnerability management practices into delivery lifecycles
  • Promote a culture of shared responsibility for security and risk

Continuous assurance improvement

  • Identify gaps and enhance the assurance framework, processes, and tooling
  • Incorporate insights from threat intelligence and penetration testing into governance processes
  • Ensure assurance activities keep pace with evolving threats and regulatory expectations

Your Background

We’re looking for someone who brings a strong blend of cyber security governance, assurance, and risk management expertise, including:

  • Proven experience in security assurance, vulnerability governance, or cyber risk management within complex environments
  • Strong understanding of vulnerability/exposure tools such as Tenable, Wiz, and/or Snyk
  • Experience designing or operating risk-based assurance frameworks, including SLAs, metrics, and exception handling
  • Solid knowledge of ISO 27001, NIST, CIS, or similar control frameworks
  • Ability to translate technical vulnerabilities into business risk language
  • Strong stakeholder management skills, with the ability to influence without direct authority
  • Experience delivering clear, concise reporting to senior leadership and governance forums

Why Apply?

This is an opportunity to take ownership of a critical security assurance function, shaping how the organisation understands, governs, and reduces cyber risk at scale.

We encourage applications from individuals of all backgrounds and are committed to supporting accessibility and inclusion throughout the recruitment process.

Apply Now
Apply Now

Job Details

Company
Spencer Rose
Location
City of London, London, United Kingdom
Posted