You'll work alongside Security Leads, system owners, and enterprise stakeholders to support Secure by Design, manage risk arising from ST&V and CSF assessments, and drive POA&M‑led remediation across the estate.
What You'll Be Doing
Supporting Secure by Design (SbD) documentation uplift across prime and supplier environments
Validating security control compliance using CSF tracker maturity assessments
Identifying, documenting, and articulating assurance gaps and observations
Conducting risk assessments for control deficiencies arising from:
ST&V failures
CSF maturity shortfalls
Creating and maintaining Risk Detail Records (RDRs) in line with JSP 892
Managing and tracking POA&Ms, ensuring clear ownership, timelines, and evidence‑based closure
Supporting compliance activities aligned to:
Secure by Design
NIST RMF
NIST CSF v2.0
Reviewing and uplifting system assurance documentation, including:
System Operating Procedures (SyOPs)
Codes of Connection (CoCo)
Supportingcyber resilience and incident preparedness, including:
Incident response playbooks
Tabletop Exercises (TTX) and post‑exercise assurance capture
What We're Looking For
Active DV clearance (mandatory)
Strong experience in Information Assurance / Cyber Security Assurance / GRC
Proven background in risk management, POA&M remediation, and assurance governance
Working knowledge of:
NIST RMF / NIST CSF
Secure by Design principles
Defence assurance environments
Comfortable working on‑site in a secure facility
Clear communicator, able to engage with technical and senior stakeholders
Why Apply
High‑impact role on a sensitive, high‑profile programme
Clear scope, strong governance, and meaningful assurance work
Competitive inside‑IR35 rate reflecting DV clearance and on‑site delivery
Work with experienced security and delivery professionals
Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy
Salary description
£600.00 - £650.00 per day