Contracts Consultancy Ltd

CYBER SECURITY ASSURANCE SPECIALIST CCL Global are currently recruiting for a Cyber Security Assurance Specialist to support high-profile, security-critical environments. This role will play a key part in strengthening security posture, ensuring compliance, and supporting assurance activities across complex digital and infrastructure systems. Type of Contract: Contract (Inside IR35) Location: Oxfordshire OX14 3DB (Hybrid working available) Key Duties Will Include: Design and implement secure infrastructure and cloud architectures across enterprise environments. Conduct and support risk assessments, maintaining enterprise risk registers and ensuring alignment with industry methodologies. Lead or contribute to security assurance activities, including audits, reviews, and remediation planning. Apply and interpret security frameworks such as ISO 27001, NIST, CAF, Cyber Essentials, and GovAssure. Assess and secure platforms including Entra ID (Azure AD), Microsoft 365 E5, Azure IaaS/PaaS, and Windows/Linux/Unix systems. Utilise security tooling such as SIEM, EDR/XDR, and vulnerability management platforms to monitor and improve security posture. Develop and implement security policies, access control models (RBAC, ABAC), and logging standards. Support incident management, vulnerability assessments, and SOC-related activities. Contribute to secure software supply chain practices, including CI/CD security reviews. Interpret threat intelligence, CVEs, and CVSS scores to inform risk-based decision making. Collaborate with stakeholders across technical and non-technical teams, clearly articulating risks and solutions. Support government or regulatory assurance processes such as Secure by Design and GovAssure. Requirements: Proven experience in cyber security assurance, secure architecture design, or related disciplines. Strong knowledge of risk assessment methodologies (ISO 31000, FAIR, OWASP risk rating). Hands-on experience with enterprise security frameworks including ISO 27001, NIST, CAF, and Cyber Essentials. Experience conducting security audits and implementing remediation strategies. Technical expertise across cloud and enterprise platforms (Azure, M365, operating systems). Familiarity with SIEM, SOC operations, endpoint detection, and vulnerability management tools. Knowledge of ITSM processes, change control, and governance frameworks. Experience with CI/CD security and software supply chain assurance. Understanding of OT/ICS/SCADA environments is highly desirable. Strong analytical, problem-solving, and organisational skills. Excellent communication skills, with the ability to engage senior stakeholders and produce high-quality reports. Degree in Cybersecurity, IT, or a related STEM field (or equivalent experience). Relevant certifications such as CISSP, CISM, CRISC, CCSP, SABSA, SANS GIAC, CCP, or SIRA are desirable. Experience working in regulated, government, or critical infrastructure environments is advantageous.