cover image
Allen Lane Ltd.

Information Security Assurance Lead

On site

London, United Kingdom

£ 90,000 / year

Full Time

17-01-2025

Share this job:

Score my CV

Job Specifications

Information Security Assurance Lead
Salary: £75,000-£90,000 (London) | £65,000-£80,000 (National)
Location: London, Edinburgh, Leeds - hybrid working available (40% office, 60% WFH).

Allen Lane is supporting a public sector organisation in their search for an Information Security Assurance Lead, sitting within the organisation's Cyber and Information Resilience department.

As an Information Security Assurance Lead, you will:
Assist the Operational Assurance Manager in developing cyber assurance strategy, defining goals to align with Cyber and Information Resilience Strategy and framework.
Oversight and monitoring of the department's security strategy, implementing preventative measures to protect sensitive data and to comply with regulations.
Develop effective mitigation strategies for critical cyber and privacy risks.
Lead on the end-to-end delivery of key workstreams mainly, third party risk assessment, post-incident review, threat and vulnerability assessments, security assessment (red teaming), penetration testing.
Enhance third-party cyber risk monitoring (using a tool) and service-driven assessments with analytical/ qualitative/ quantitative methods to simplify processes amidst cloud vendor changes and evolving cybersecurity needs.
Assure and report on cyber threats and security vulnerabilities that impact supply chain performance by implementing security by design capabilities and compliance automation.
Leading and managing an operational team with technical expertise, fostering Agile practices to build high performing cross functional team.

Criteria:
Proven experience of leading security or assurance teams, and operating Information Security/Assurance Frameworks and Services.
Ability to effectively communicate to senior stakeholders, translating technical issues for clear recommendations.
Experience of a hands-on role involving pen testing, 3rd party security assessment and vulnerability assessment activities of complex suppliers, applications and operating systems.
Demonstrate strong operating knowledge of NIST 800, OWASP, ISO27001 and data protection.
Ability to plan strategically, arrange and consolidate resources in order to deliver assurance services to achieve assurance objectives.
Demonstrable experience fulfilling leadership duties of technical and non-technical staff to drive the information assurance agenda.

The successful candidate will hold or will be required to obtain Security Clearance (SC) level vetting.

Applicants are required to provide a tailored CV to be considered. A comprehensive job description and personal specification is available.

Employee benefits include: 25 days annual leave (plus bank holidays), private healthcare, life assurance (8x basic salary), income protection.

About the Company

Allen Lane is a specialist boutique consultancy, recruiting finance, IT, procurement and project management professionals into the public and not-for-profit sectors. Established in 2004 we offer a fresh, unpretentious approach to recruitment founded on relationships and exceptional customer service. Know more

Related Jobs

Company background Company brand
Company Name
Connected Consulting Limited
Job Title
Cloud Security Architect
Job Description
Reading a job advert is rarely enjoyable, but I’d encourage you to keep reading because we think you'll love this opportunity. The role itself sits within the senior leadership team of this global technology powerhouse, and you’ll be responsible for defining and executing the cloud security strategy across the entire business. This is a unique opportunity to set and own the multi-cloud security strategy, leading the company’s cloud security posture, and drive the delivery of CNAPP capability. To be successful in this role, you will need to have operated at a senior architectural level, creating and owning the cloud security strategy. Responsibilities: Lead the cloud security strategy across a large and complex multi-cloud environment Create the technical security strategy plans and roadmaps, including cloud and on-premise infrastructure. Develop security architecture artefacts, including models, standards, and procedures. Undertake security reviews, identify gaps, and develop the risk management plan. Approve IT infrastructure and reference architectures for security best practices Conduct threat modelling of services and applications. Required skills and experience: Proven experience in developing and maintaining multi-cloud security architecture principles and processes Past experience of implementing and driving CNAPP capability Ability to embed security best practice within a complex multi-cloud environment Experience with multi-cloud (AWS, Azure, GCP) and on-premise infrastructure security. Ability to perform security reviews, identify gaps, and develop risk management plans. Experience in threat modelling and secure coding practices. First class communication skills, with the ability to engage with exec leaders, cross functional teams, and 3rd party vendors. Finally, our client appreciates that your time is valuable and will try to accommodate your requirements as best as possible. The process will consist of 3 stages. Hybrid working places are in place for this role, with 2 days onsite (Cambridge) required each week. If you meet the requirements of the job, then we would love to hear from you!
Cambridge, United Kingdom
On site
Full Time
05-02-2025
Company background Company brand
Company Name
Moonpig
Job Title
Product Security Engineer
Job Description
We’re currently looking for a Product Security Engineer to join our Security Team. What you’ll be doing: As a Product Security Engineer you will be responsible for ensuring that company & customer data is secure at all times. You will be building & maintaining modern security tools, controls & services. We’re a small team, so the role is a hybrid of engineering work along with vulnerability and risk management, with a focus on automation and collaboration with our wider Technology team to drive secure development processes within our software development life cycle. Key Responsibilities: Contribute to the development of the product security roadmap and strategyBoost, build and innovate upon our security tools in our DevOps pipeline/processes. Educate and empower those around you on security topics, helping to increase understanding of security issues and how to prioritise and remediate them. Design preventative and/or detective controls for specific security issues alongside our engineering teams within an agile environment. Drive security testing (individually, with third parties, and by encouraging adoption within engineering teams) of our products using both structured and explorative approaches, helping to identify vulnerabilities earlier in our product lifecycle. Provide SME support during incidents and crisis management meetings. You'll be a great addition to the team if you have: Strong knowledge of application security best practices (such as OWASP). Familiarity with cloud infrastructure (such as AWS, Azure, or Google Cloud). Strong grasp of infrastructure-as-code and configuration tools (such as Terraform or AWS CloudFormation) for the purpose of deploying security tooling. Knowledge of extracting metrics and events from security tooling. Experience working with and securing microservices, and API’s. Advanced understanding of secure coding principles, the Secure Development Lifecycle, and how to drive acceptance and integration into engineering teams. Experience implementing and managing SAST and/or DAST within a CI/CD environment. Understanding of security tools such as WAFs, and vulnerability scanning tools. Understanding of cryptography, authentication, and authorization. A positive, collaborative, and pragmatic attitude. Great communication skills, both verbal and written. We are also keen to speak to candidates currently in software engineering roles looking to move into Cyber Security. If this is you, please apply!
London, United Kingdom
On site
Full Time
05-02-2025
Company background Company brand
Company Name
Sword Group
Job Title
Senior Cyber Security Engineer
Job Description
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients.  We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications.  We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. We are looking for a highly skilled, highly motivated Cyber Security you will be seen as a trusted advisor and help our customers achieve their digital transformation objectives through the design, delivery, and optimisation of secure, high-performing hybrid infrastructure environments. The role will require the Cyber Security Engineer to be/have: Proficient in developing and designing secure solutions and documenting security controls in a Security Design An understanding of cyber security design principles to ensure solutions meet industry standards An understanding of frameworks and compliance The Ability to work with risk management processes and articulate the risks and benefits An understanding of networks and cloud environments is advantageous Comfortable creating design documentation and presenting to clients Requirements Strong understanding of Identity and Access Management Strong understanding of Secure Configuration Proficient in developing and designing secure solutions and documenting security controls in Security Design The Ability to work with risk management processes and articulate the risks and benefits An understanding of networks and cloud environments is advantageous Specialised technical knowledge and experience of cyber security as evidenced by relevant industry qualifications (e.g. GICSP, GCIP, CISSP, CISM) Knowledge in cyber security frameworks and standards as well as a deep understanding of cyber security regulations as they apply to different sectors Analysis and management of risks and cybersecurity controls. Standards and methodologies: ISO 27000, NIST, SANS CSC, etc. Benefits At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work-life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.
Glasgow, United Kingdom
Hybrid
Full Time
05-02-2025
Company background Company brand
Company Name
DGH Recruitment
Job Title
Senior Information Security Manager
Job Description
Senior Information Security Manager (GRC) DGH Recruitment are currently recruiting on behalf of a leading client in the professional services industry who require an Senior Information Security Manager (GRC) to join the team in London. You will be responsible for designing, implementing and managing a robust information security framework that aligns with the firm's objectives, regulatory, client and insurance requirements. Responsibilities: • Governance Framework and Strategy • Risk Management and Compliance • Stakeholder Engagement & Communication • Continuous Improvement and Incident Response • Supplier Relationship Management Required Skills and Experience: • Professional certifications such as CISSP, CISM or CRISC or similar credentials are preferred. • ISO 27001 Lead Auditor or Implementer • Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST). • Deep understanding of ISO 27001, NIST CSF, COBIT and other security and IT governance frameworks. • Experience in conducting vendor risk assessments and project security risk assessments. • Strong analytical, problem solving and decision making skills. • Excellent communication and leadership abilities. • Attention to detail and a commitment to maintaining high-quality standards. • Knowledge of data privacy laws and regulations across multiple jurisdictions a bonus. Senior Information Security Manager (GRC)
London, United Kingdom
Hybrid
Full Time
05-02-2025