Security Information Assurance Consultant

Working closely with Security Architects and design teams, you will act as a bridge between technical teams and security risk owners from the business, translating technical security risks into an understandable form for non‑technical stakeholders. You will advise risk owners on severity and mitigation strategies, monitor the implementation and ongoing maintenance of agreed risk actions, and keep the risk register and other security documentation up to date.

In addition to managing risk, you will assist the Account Security Lead in creating and maintaining security processes, policies and guidance. You will proactively identify areas for improvement in security across the account, working to make security easier and more effective for everyone.

• Translate technical security risks into business‑readable terms and advise on mitigation strategies.
• Monitor implementation and ongoing maintenance of agreed risk management actions.
• Create and maintain risk assessment artefacts such as risk registers and Security Operating Procedures.
• Assist the Account Security Lead with security‑related processes, policies and guidance.
• Proactively identify security improvement opportunities across the account.
• Implement standards, policies and procedures to drive continual service improvement.

• Experience in a similar or related role with a strong background in information security risk management.
• Desirable additional qualifications: CISM, CISSP, IISP or other professional body membership.
• Experience working to HMG guidance such as NCSC, DSIT Secure by Design, or GovS 007 best practices.
• Desire to improve processes and investigate root causes of problems.
• Willingness to share knowledge and learn from others.
• Proactive mindset in identifying risks and problems.
• Strong teamwork ethic with a customer‑first focus and a thirst for knowledge.

• Deep knowledge of information and cyber security risk management.
• Experience with threat modelling techniques such as STRIDE or Attack Trees and the NIST Cyber Security Framework.
• Knowledge of technology stacks including Cloud (AWS, MS Azure), M365, VMWare, Redhat OpenShift, containers, Windows and Linux operating systems.
• Familiarity with industry guidance from OWASP and CIS.
• Awareness of security champions programmes.

At DXC Technology, we deliver mission‑critical services in a secure environment while fostering a people‑first agenda, community, and healthy work‑life balance. We are committed to building an inclusive environment where everyone can thrive, and we continuously innovate and modernise our operations to provide the best solutions for our clients.

• Competitive compensation
• Pension scheme
• DXC Select – comprehensive benefits package (private health/medical insurance, childcare vouchers, gym membership, and more)
• Perks at Work (discounts on technology, groceries, travel, and more)
• DXC incentives (recognition tools, employee lunches, regular social events)

We believe hiring a diverse team is crucial to our success and our recruiting decisions are based on your skills and experience as an individual. We actively encourage continuous growth and development through training, support, and tools to aid in your personal and professional progress.