Cyber Security Assurance Manager

Cyber Security Assurance Manager

Full Time

Permanent

Hybrid - Portsmouth PO6 (3 days per week onsite)

£60-80K basic + benefits (5% pension, 25 days hols, life insurance, medical cover)

Are you an experienced Cyber Security Assurance Manager looking for a new challenge?

Do you have a background in Cyber Security Assurance with a strong understanding of delivering and maintaining cybersecurity certifications, along with strong understanding of SOC operations and security assurance frameworks and also experience in customer-facing assurance activities, including audits, RFIs, and RFPs?

Here at ARM we are recruiting for a full time permanent Cyber Security Assurance Manager for a global IT services and consultancy client of ours.

They're a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.

The Cyber Security Assurance Manager will be responsible for ensuring the Security Operations Centres (SOC) achieves and maintains internationally recognised security certifications, audit reports, and assurance standards.

This role will focus on delivering and maintaining certifications such as ISO/IEC 27001, SOC2 Type II, Cyber Essentials Plus, CREST SOC accreditation, and sector-specific frameworks (PCI DSS, NCSC CIR/ CHECK), providing customer confidence in our SOC services.

As a key member of the Governance, Risk, and Compliance (GRC) function, the Cyber Security Assurance Manager will lead customer assurance activities, including audit preparation, security compliance queries, and support for security-related RFPs and RFIs. Acting as a trusted point of contact for clients and auditors, the role will showcase our certified security credentials and help build lasting confidence in the credibility of our SOC services on a global scale.

1. Certification Delivery & Maintenance

• Lead the delivery and ongoing maintenance of key SOC-related certifications including SOC 2 Type II, SOC 3, ISO/IEC 27001, Cyber Essentials Plus, and CREST.
• Oversee sector-specific assurance needs such as PCI DSS for cardholder data environments or NCSC CIR/ CHECK where relevant.
• Ensure certifications are renewed on schedule and compliance gaps are proactively addressed.

2. Security Assurance for SOC Services

• Embed certification requirements into the SOC's governance, processes, and operational practices.
• Ensure continuous monitoring, evidence collection, and readiness for internal/external audits.
• Translate security control requirements into operational procedures for SOC teams.

3. Customer Assurance Engagement

• Act as primary contact for customer assurance activities relating to SOC services.
• Support client RFIs, RFPs, and audit requests with accurate certification evidence and security documentation.
• Build customer-facing assurance packs that demonstrate our security posture and SOC credibility.

4. Regulatory & Industry Alignment

• Monitor developments in global cybersecurity regulations and frameworks (e.g. NIST CSF, UK NCSC guidance, EU NIS2, GDPR).
• Align SOC assurance with emerging requirements to ensure future readiness.
• Provide expert advice to leadership on how regulatory changes impact SOC assurance strategy.

5. Continuous Improvement & Reporting

• Drive continuous improvement in SOC assurance processes, reducing time to audit readiness and increasing efficiency of evidence collection.
• Produce regular reports and dashboards for the Head of Assurance and senior stakeholders on certification status, audit outcomes, and assurance performance.

6. Collaboration & Knowledge Sharing

• Work closely with SOC operations, Information Security, Risk & Compliance, and Commercial teams to embed assurance requirements into daily practice.
• Provide training and awareness on SOC assurance standards to internal teams.

Required Qualifications and Experience

• Demonstrable experience delivering and maintaining cybersecurity certifications (ISO/IEC 27001, SOC 2 Type II, Cyber Essentials Plus, CREST).
• Strong understanding of SOC operations and security assurance frameworks.
• Experience in customer-facing assurance activities, including audits, RFIs, and RFPs.
• Knowledge of regulatory and industry frameworks including NIST CSF, GDPR, and UK NCSC guidance.
• Experience liaising with external auditors, regulators, and certification bodies.

• Strong ability to develop and maintain compliance documentation and audit evidence.
• Excellent communication skills to explain complex security assurance topics to customers, senior leaders, and SOC teams.
• Analytical and detail-oriented, with the ability to identify gaps and design improvements.
• Stakeholder engagement and influencing skills, particularly with technical and commercial teams.
• Organisational skills to manage multiple certifications and assurance projects simultaneously.

• Integrity and professionalism in all assurance activities.
• Customer-focused, with confidence in handling external assurance discussions.
• Proactive, solutions-oriented mindset with a drive for continuous improvement.
• Resilient and adaptable in a fast-moving global SOC environment.
• Collaborative, building trust and teamwork across technical, compliance, and commercial functions.

• Healthcare and dental insurance
• Company pension is matched up to 5%
• 25 days annual leave entitlement plus bank holidays and the option to purchase 5 extra days
• Life assurance - 4 x annual salary
• Cycle to work scheme
• Client prioritises internal development opportunities and offer access to our Udemy training platform with over 5000 training courses

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.