Cyber Assurance Specialist

We’re Civica, and we create software that helps deliver critical services for citizens all around the world. From local government, to education, health, and care, over 5,000 public bodies across the globe use our software to provide essential services to over 100 million citizens.

Our aspiration is to be a GovTech champion everywhere we work, supporting the needs of citizens and those who serve them every day. Building on 21 years of continuous growth and success, we're at a pivotal point in our journey to realise that aspiration.

Why you will love this opportunity as Cyber Assurance Specialist at Civica

The Cyber Assurance Specialist plays a vital role in safeguarding the organisation’s reputation and customer trust by ensuring robust cyber governance, compliance, and the continuous improvement of security practices. This position enables secure business growth and supports the organisation’s digital transformation.

The Cyber Assurance Specialist supports the organisation’s cyber assurance and governance activities by maintaining key documentation, assisting with audits and due diligence, and contributing to awareness and training initiatives. The role is pivotal in ensuring the organisation’s security posture remains transparent, compliant, and continuously improving.

• Curate and maintain internal knowledge bases and external Trust Centre articles.
• Ensure content is accurate, accessible, and aligned with current cyber policies and standards.
• Collaborate with subject matter experts to update documentation in response to regulatory or operational changes.

• Assist in the development, review, and maintenance of cyber security policies and procedures.
• Support the Head of Cyber Governance in maintaining and improving ISO 27001 controls and other compliance frameworks (NIST, CIS).
• Support risk identification, assessment, and reporting, collaborating with risk owners and business units.

• Prepare and coordinate evidence for internal and external audits.
• Conduct assurance activities against ISO 27001 and other relevant standards.
• Maintain audit trails and track remediation of findings.
• Proactively suggest improvements to controls and processes based on lessons learnt.

• Respond to customer security questionnaires and due diligence requests.
• Support supply chain assurance activities, including supplier risk assessments and documentation.
• Maintain a repository of standard responses and evidence for reuse.

• Assist in the development and rollout of security training materials for staff.
• Support the planning and execution of phishing simulations and cyber awareness campaigns.
• Track engagement and effectiveness of awareness initiatives through metrics and reporting.

• Assist with incident response documentation and post-incident reviews.

• Develop and maintain Cyber SharePoint sites to ensure content is current and well‑organised.
• Ensure documentation is version‑controlled and accessible to relevant stakeholders.

• Support the adoption and optimisation of GRC / assurance tooling (Microsoft Purview, OneTrust).

• Proactively identify and recommend improvements to controls, processes, and training.

• Build strong relationships with stakeholders across the business, IT, and external partners to ensure alignment and effective communication.