Cyber Assurance Specialist

The Cyber Assurance Specialist plays a vital role in safeguarding the organisation's reputation and customer trust by ensuring robust cyber governance, compliance, and the continuous improvement of security practices. This position enables secure business growth and supports the organisation's digital transformation.

The Cyber Assurance Specialist supports the organisation's cyber assurance and governance activities by maintaining key documentation, assisting with audits and due diligence, and contributing to awareness and training initiatives. The role is pivotal in ensuring the organisation's security posture remains transparent, compliant, and continuously improving.

• Documentation & Knowledge Management
  • Curate and maintain internal knowledge bases and external Trust Centre articles.
  • Ensure content is accurate, accessible, and aligned with current cyber policies and standards.
  • Collaborate with subject matter experts to update documentation in response to regulatory or operational changes.
• Policy, Risk & Governance Support
  • Assist in the development, review, and maintenance of cyber security policies and procedures.
  • Support the Head of Cyber Governance in maintaining and improving ISO 27001 controls and other compliance frameworks (e.g., NIST, CIS).
  • Support risk identification, assessment, and reporting, collaborating with risk owners and business units.
• Audit & Assurance Activities
  • Prepare and coordinate evidence for internal and external audits.
  • Conduct assurance activities against ISO 27001 and other relevant standards.
  • Maintain audit trails and track remediation of findings.
  • Proactively suggest improvements to controls and processes based on lessons learnt.
• Customer & Supply Chain Due Diligence
  • Respond to customer security questionnaires and due diligence requests.
  • Support supply chain assurance activities, including supplier risk assessments and documentation.
  • Maintain a repository of standard responses and evidence for reuse.
• Cyber Awareness & Training
  • Assist in the development and rollout of security training materials for staff.
  • Support the planning and execution of phishing simulations and cyber awareness campaigns.
  • Track engagement and effectiveness of awareness initiatives through metrics and reporting.
• Incident Response Support
  • Assist with incident response documentation and post‑incident reviews.
• SharePoint & Information Management
  • Develop and Maintain Cyber SharePoint sites to ensure content is current and well‑organised.
  • Ensure documentation is version‑controlled and accessible to relevant stakeholders.
• Tooling & Automation
  • Support the adoption and optimisation of GRC/assurance tooling (e.g., Microsoft Purview, OneTrust).
• Continuous Improvement
  • Proactively identify and recommend improvements to controls, processes, and training.
• Stakeholder Engagement
  • Build strong relationships with stakeholders across the business, IT, and external partners to ensure alignment and effective communication.

• Knowledge & Application
  • Extensive knowledge of cyber security governance, risk management, and compliance principles, practices, and technologies (ISO 27001, NIST, CIS, GDPR).
  • Strong analytical and problem‑solving skills to address complex security challenges and incidents.
  • Excellent communication and interpersonal skills to collaborate effectively with various departments and senior leadership.
  • Awareness of cloud security principles and controls.
  • Strong written communication skills, with experience in technical writing or documentation.
  • Working knowledge of ISO 27001 and other cyber security standards.
  • Experience supporting audits or compliance activities.
  • Familiarity with SharePoint or similar content/document management platforms.
  • Ability to manage multiple tasks and prioritise effectively.
  • Experience in a cyber assurance, governance, or compliance role.
  • Understanding of data protection regulations (e.g., GDPR).
  • Experience with phishing simulation platforms and awareness tools.
  • Knowledge of risk management and supplier assurance processes.
  • Experience in Microsoft Purview, UpGuard, or similar tools.
  • Basic scripting or automation skills (desirable).
• Experience
  • Minimum three years' experience in cyber security, with at least two years in a GRC consultancy or assurance role.
• Certifications (Desirable)
  • CompTIA Security+, SSCP, CISA, ISO 27001 Lead Implementer/Auditor, or similar.
• Sector Experience (Desirable)
  • Experience in regulated sectors (public sector, health, finance) is a plus.

• Time Off & Work‑Life Balance – 25 days annual leave plus bank holidays, with the option to buy up to 10 extra days.
• Days of Difference – Up to 3 extra days off for volunteering.
• Financial Well‑Being & Security – Pension contributions (5% employer match); income protection (up to 75% salary cover for long‑term illness); life assurance (4x salary tax‑free lump sum); critical illness cover (£25,000 lump sum, extendable to dependents).
• Health & Perks – Private medical insurance (fast access to private healthcare); health cash plan (claim back physio, therapies & more); dental insurance (routine & emergency care).
• Affinity groups – Join employee‑led communities.
• Bounty bonus – Refer a friend & get rewarded.

We're Civica, and we create software that helps deliver critical services for citizens all around the world. From local government, to education, health, and care, over 5,000 public bodies across the globe use our software to provide essential services to over 100 million citizens.

As a company, we're passionate about what we do and the citizens we serve. If you, too, want to champion the use of technology in public services to improve outcomes for citizens and public sector organizations, then Civica is the right place for you. We will help you unlock the best version of yourself, achieve career growth, and make a real difference to people and communities.

We are an equal opportunity employer. We do not discriminate based on race, ethnicity, religion, gender, sexual orientation, disability, age, or any other legally protected characteristic. Our recruitment process is designed to ensure fairness and transparency, so every candidate has an equal chance to contribute to our mission. If you need any adjustments or accommodations to participate in our recruitment process, please let us know. We are here to support you.