Cybersecurity Assurance Consultant

Social network you want to login/join with:

col-narrow-left

Expleo

London, United Kingdom

Other

-

Yes

col-narrow-right

c9b40ca495cb

26

12.08.2025

26.09.2025

col-wide

Responsibilities

• Lead or support integrating cybersecurity assurance activities into engineering and programme delivery for marine and defence projects.
• Develop, review, and maintain cybersecurity assurance artefacts, including risk assessments, assurance cases, control matrices, and evidence submissions.
• Ensure alignment with applicable defence and industry standards and other MOD-aligned frameworks.
• Engage with engineering and project teams to ensure cybersecurity is embedded into system design, technical planning, and programme governance.
• Liaise with client representatives, suppliers, and accreditation authorities to support the assurance lifecycle and manage stakeholder expectations.
• Support the preparation for and participation in technical reviews, audits, and risk acceptance activities.
• Contribute to delivering security risk management processes, threat modelling sessions, and security design assessments.
• Provide subject matter expertise on assurance requirements for secure communications, supply chain security, platform integration, and physical security interfaces.
• Maintain accurate, high-quality documentation to support certification, regulatory compliance, and ongoing assurance requirements.
• Contribute to internal knowledge sharing, continuous improvement of assurance methodologies, and development of Expleo’s marine and defence cyber capabilities.

Qualifications

• A degree (or equivalent experience) in Cybersecurity, Information Assurance, Systems Engineering, or a related technical or defence-focused discipline.
• Recognised cybersecurity certifications: CompTIA, CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer, or equivalent.
• Familiarity with MOD, maritime, or defence-specific frameworks: JSPs, DEFSTAN, NIST, IEC 62443, IMO or ISO/IEC 27001.
• SC clearance (or eligibility to obtain SC as a minimum) is required; DV clearance is desirable depending on the programme needs.
• Evidence of ongoing professional development aligned with cybersecurity assurance, defence sector standards, and engineering-led delivery models.

Essential skills

• Strong understanding of cybersecurity assurance principles, risk management, and regulatory compliance in defence or safety-critical environments.
• Proven ability to produce and review assurance artefacts, including security management plans, risk registers, assurance cases, and audit-ready documentation.
• Familiarity with MOD, defence, and marine security requirements, controls, and platform-specific standards.
• Experience applying assurance frameworks or relevant equivalents in a programme or system engineering context.
• Ability to interpret and apply security requirements across the engineering lifecycle, ensuring traceability and alignment with delivery controls.
• Strong stakeholder engagement and communication skills, with experience working across technical, programme, and accreditation teams.
• Capable of contributing to threat modelling, risk assessments, and technical reviews with clear, structured input.
• Confident working independently in complex, multi-stakeholder environments while managing priorities and deadlines effectively.
• High attention to detail and precision in producing assurance, audit, and client regulatory engagement documentation.
• Professional, methodical, and delivery-focused approach with the ability to operate across secure and hybrid delivery settings.

Desired skills

• Familiarity with the Defence Digital approach to cybersecurity and assurance, including engagement with Accreditor and Authority roles.
• Understanding secure systems engineering and its integration into the Systems Engineering V-Model or through-life engineering assurance models.
• Exposure to product security assurance, safety-security interface assessments, or combined safety and security case development.
• Knowledge of physical and personnel security controls in the context of platform or facility assurance.
• Familiarity with engineering toolsets such as DOORS, Enterprise Architect, or security-specific tooling used in requirement traceability.
• Ability to contribute to internal improvement initiatives for assurance framework development, tooling standardisation, or bid support.

Experience

• Proven experience in cybersecurity assurance, information assurance, or risk management, including delivery within defence, marine, or other safety-critical environments.
• Proven track record in developing and maintaining assurance documentation.
• Experience embedding Secure by Design principles across the engineering lifecycle, ensuring traceability of security requirements into system design and delivery.
• Involvement in third-party assurance activities, including supplier assurance reviews, control validation, and use of platforms such as Risk Ledger or similar.
• Demonstrable experience working with or applying MOD-aligned frameworks and standards.
• Prior military service or experience working with the armed forces is highly valued, particularly in communications, security, or operational assurance roles.
• Strong understanding of assurance governance and the role of cybersecurity in system integration, communications, or platform delivery contexts.
• Experience collaborating with multi-disciplinary teams, including engineering, programme management, safety, and technical authorities.
• Prior involvement in stakeholder assurance forums, technical reviews, or risk acceptance discussions within regulated environments.
• High-quality written and verbal communication skills, particularly in preparing audit-ready evidence and contributing to accreditation or compliance submissions.
• Experience working within or alongside MOD or maritime defence programmes, particularly those involving platform integration, communications, or control systems.
• Experience with defence supplier environments and collaborative assurance across multi-tiered supply chains.

What do I need before I apply

• You must have the right to work in the UK.
• A strong foundation in cybersecurity engineering or infrastructure security, with 8 years of practical delivery experience.
• A proactive and adaptable mindset, with the ability to work independently across diverse client environments. A passion for delivering high-quality, standards-aligned cybersecurity solutions that make a tangible impact.
• Current or eligibility to achieve at a minimum SC clearance.
• Collaborative working environment – we stand shoulder to shoulder with our clients and ourpeers through good times and challenges
• We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects
• ExpleoAcademy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses
• Competitive company benefits
• Always working as one team, our people are not afraid to think big and challenge the status quo
• As a Disability Confident Committed Employer we have committed to:
• Ensure our recruitment process is inclusive and accessible
• Communicating and promoting vacancies
• Offering an interview to disabled people who meet the minimum criteria for the job
• Anticipating and providing reasonable adjustments as required
• Supporting any existing employee who acquires a disability or long term health condition, enabling them to stay in work at least one activity that will make a difference for disabled people

“We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age”.

We treat everyone fairly and equitably across the organisation, including providing any additional support and adjustments needed for everyone to thrive