Job Specifications
We're Civica, and we create software that helps deliver critical services for citizens all around the world. From local government, to education, health, and care, over 5,000 public bodies across the globe use our software to provide essential services to over 100 million citizens.
Our aspiration is to be a GovTech champion everywhere we work, supporting the needs of citizens and those who serve them every day. Building on 21 years of continuous growth and success, we're at a pivotal point in our journey to realise that aspiration.
Why you will love this opportunity as Cyber Assurance Specialist at Civica
The Cyber Assurance Specialist plays a vital role in safeguarding the organisation's reputation and customer trust by ensuring robust cyber governance, compliance, and the continuous improvement of security practices. This position enables secure business growth and supports the organisation's digital transformation.
The Cyber Assurance Specialist supports the organisation's cyber assurance and governance activities by maintaining key documentation, assisting with audits and due diligence, and contributing to awareness and training initiatives. The role is pivotal in ensuring the organisation's security posture remains transparent, compliant, and continuously improving.
What you will do to be successful in this role
Key Responsibilities:
Documentation & Knowledge Management
Curate and maintain internal knowledge bases and external Trust Centre articles
Ensure content is accurate, accessible, and aligned with current cyber policies and standards
Collaborate with subject matter experts to update documentation in response to regulatory or operational changes
Policy, Risk & Governance Support
Assist in the development, review, and maintenance of cyber security policies and procedures
Support the Head of Cyber Governance in maintaining and improving ISO 27001 controls and other compliance frameworks (e.g., NIST, CIS)
Support risk identification, assessment, and reporting, collaborating with risk owners and business units
Audit & Assurance Activities
Prepare and coordinate evidence for internal and external audits
Conduct assurance activities against ISO 27001 and other relevant standards
Maintain audit trails and track remediation of findings
Proactively suggest improvements to controls and processes based on lessons learnt
Customer & Supply Chain Due Diligence
Respond to customer security questionnaires and due diligence requests
Support supply chain assurance activities, including supplier risk assessments and documentation
Maintain a repository of standard responses and evidence for reuse
Cyber Awareness & Training
Assist in the development and rollout of security training materials for staff
Support the planning and execution of phishing simulations and cyber awareness campaigns
Track engagement and effectiveness of awareness initiatives through metrics and reporting
Incident Response Support
Assist with incident response documentation and post-incident reviews
SharePoint & Information Management
Develop and Maintain Cyber SharePoint sites to ensure content is current and well-organised
Ensure documentation is version-controlled and accessible to relevant stakeholders
Tooling & Automation
Support the adoption and optimisation of GRC/assurance tooling (e.g., Microsoft Purview, OneTrust)
Continuous Improvement
Proactively identify and recommend improvements to controls, processes, and training
Stakeholder Engagement
Build strong relationships with stakeholders across the business, IT, and external partners to ensure alignment and effective communication
Requirements
Knowledge & Application: Extensive knowledge of cyber security governance, risk management, and compliance principles, practices, and technologies (ISO 27001, NIST, CIS, GDPR)
Complexity & Problem Solving: Strong analytical and problem-solving skills to address complex security challenges and incidents.
Collaboration & Interaction: Excellent communication and interpersonal skills to collaborate effectively with various departments and senior leadership
Technical Breadth: Awareness of cloud security principles and controls.
Strong written communication skills, with experience in technical writing or documentation.
Working knowledge of ISO 27001 and other cyber security standards.
Experience supporting audits or compliance activities.
Familiarity with SharePoint or similar content/document management platforms.
Ability to manage multiple tasks and prioritise effectively.
Experience in a cyber assurance, governance, or compliance role.
Understanding of data protection regulations (e.g., GDPR).
Experience with phishing simulation platforms and awareness tools.
Knowledge of risk management and supplier assurance processes.
Experience in Microsoft Purview, UpGuard, or similar tools.
Basic scripting or automation skills (desirable)
Experience:
Minimum three years' experience in cyber security, with at least two years in a GR
About the Company
We’re Civica and we make software that helps deliver critical services for citizens all around the world. From local government to central [federal] government, to education, to health and care, over 5,000 public bodies across the globe use our software to help provide critical services to over 100 million citizens.
Our aspiration is to be a GovTech champion everywhere we work around the globe, supporting the needs of citizens and those that serve them every day. Building on 21 years of continuous growth and success, we're ...
Know more