Information Security Technical Assurance Lead
Posted 1 day ago by Morson Edge
£700 Per day
Inside
Hybrid
London
Summary: The Cyber Security Assurance Specialist (Application Security) role at Urenco focuses on enhancing the organization's cyber security maturity through application security assurance in both on-premises and cloud environments. The position requires collaboration with various stakeholders to translate business needs into secure solutions while ensuring compliance with security standards. The role demands strong communication skills and the ability to operate in agile environments, reporting directly to the Head of Cyber Security Assurance. Active SC clearance is required for this position.
Key Responsibilities:
- Review and assure technical designs against security policies and standards
- Identify security design gaps and recommend appropriate control improvements
- Author and review high-quality security documentation
- Provide security oversight for both on-premises and cloud-based solutions
- Act as a trusted advisor and security advocate across the business
- Communicate effectively with stakeholders to embed secure-by-design principles
- Produce formal security risk assessments in collaboration with GRC, architects, and IT teams
- Define and agree risk mitigations and compensating controls
- Assure implementation and effectiveness of technical controls
- Translate business strategy into secure architecture guidance
- Conduct supplier assurance across on-premises, cloud, and hybrid services
- Develop and maintain application security policies, standards, and guidelines
- Align security frameworks with broader business strategy
- Track emerging security practices and ensure standards remain current
- Support the continuous improvement of cyber security maturity
Key Skills:
- Minimum 5 years’ experience in Information Security Assurance with a focus on application security
- Experience working in a global organisation
- Strong knowledge of regulatory compliance and security frameworks such as ISO 27000 series, NIST SP 800 series, NIST Cyber Security Framework
- Experience in secure application design and review
- Cloud security assurance
- Penetration testing and vulnerability management
- Supplier security assurance
- Degree (BS/MS) in Computer Science, Information Security, or equivalent experience
- Relevant certifications such as CISSP, CISA, CSSLP, OWASP ASVS / OWASP Top 10, GIAC (GWAPT, GCSA), CASE, Certified DevSecOps Professional
- Strong business acumen with ability to align security to organisational objectives
- Excellent written and verbal communication skills
- Strong analytical and decision-making capability
- Team-oriented with experience working across diverse stakeholders
- Self-motivated with a sense of urgency and delivery focus
- Organised and able to manage multiple priorities
Salary (Rate): £700/day
City: London
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: Mid-Level
Industry: IT
Job Title: Cyber Security Assurance Specialist (Application Security) Client: Urenco Rate: £700 per day Location: Hybrid – Minimum 2 days per week in Paddington, London Clearance: Active SC Clearance required
About the ClientUrenco is a world leader in the enrichment of uranium for use in the civil nuclear industry. Operating across the United Kingdom, United States, Netherlands, and Germany, Urenco plays a critical role in enabling the safe, sustainable use of nuclear technology worldwide.The Group CISO function is responsible for continuously developing and enhancing Urenco’s cyber security portfolio to protect the organisation, its customers, and the public. The CISO team is structured across three core areas:
- Governance, Risk & Compliance (GRC)
- Operational Technology (OT) Cyber & Cyber Assurance
- Threat Defence
This opportunity sits within the Cyber Assurance Team, reporting directly to the Head of Cyber Security Assurance.
Role OverviewWe are seeking an experienced Cyber Security Assurance Specialist with a strong focus on application security across both on-premises and cloud environments.You will play a key role in improving cyber security maturity across the organisation by providing assurance over security designs, assessing risk, and developing application security standards and policies. The role requires close collaboration with IT, Information Security, and business stakeholders, translating business requirements into secure, practical solutions.This is a highly visible position requiring strong communication skills, sound business judgement, and the ability to operate effectively in agile delivery environments.
Key Responsibilities
- Security Design & Solution Assurance
- Review and assure technical designs against security policies and standards
- Identify security design gaps and recommend appropriate control improvements
- Author and review high-quality security documentation
- Provide security oversight for both on-premises and cloud-based solutions
- Act as a trusted advisor and security advocate across the business
- Communicate effectively with stakeholders to embed secure-by-design principles
- Security Risk Assessment & Control Assurance
- Produce formal security risk assessments in collaboration with GRC, architects, and IT teams
- Define and agree risk mitigations and compensating controls
- Assure implementation and effectiveness of technical controls
- Translate business strategy into secure architecture guidance
- Conduct supplier assurance across on-premises, cloud, and hybrid services
- Security Standards, Policies & Governance
- Develop and maintain application security policies, standards, and guidelines
- Align security frameworks with broader business strategy
- Track emerging security practices and ensure standards remain current
- Support the continuous improvement of cyber security maturity
Essential Experience
- Minimum 5 years’ experience in Information Security Assurance with a focus on application security
- Experience working in a global organisation
- Strong knowledge of regulatory compliance and security frameworks such as:
- ISO 27000 series
- NIST SP 800 series
- NIST Cyber Security Framework
- Experience in:
- Secure application design and review
- Cloud security assurance
- Penetration testing and vulnerability management
- Supplier security assurance
Desirable Experience
- Knowledge of nuclear industry regulations across the UK, US, Netherlands, and Germany
- Understanding of government information classifications
- Experience in OT security environments
Technical KnowledgeStrong understanding of security controls across multiple asset types including data, networks, devices, and users, covering:
- Software Asset Inventory & Control
- Data Protection
- Secure Configuration Management
- Continuous Vulnerability Management
- Audit Log Management
- Malware Defences
- Disaster Recovery
- Service Provider Security Management
- Application Security & Penetration Testing
Qualifications & Certifications
- Degree (BS/MS) in Computer Science, Information Security, or equivalent experience
- Relevant certifications such as:
- CISSP
- CISA
- CSSLP
- OWASP ASVS / OWASP Top 10
- GIAC (GWAPT, GCSA)
- CASE
- Certified DevSecOps Professional
Key Competencies
- Strong business acumen with ability to align security to organisational objectives
- Adaptable and responsive to changing risk landscapes
- Excellent written and verbal communication skills
- Strong analytical and decision-making capability
- Team-oriented with experience working across diverse stakeholders
- Self-motivated with a sense of urgency and delivery focus
- Organised and able to manage multiple priorities
Additional Information
- Hybrid working model – minimum 2 days per week onsite in Paddington
- Occasional travel may be required
- Active SC clearance is mandatory