Information Security Technical Assurance Lead

Help us to make a world of difference

Urenco  is a global leader in the production of low carbon energy. We work at the cutting edge of the transition to a sustainable, net zero world.

We’re looking for an Information Security Technical Assurance Lead, based at our new Paddington Site. This role sits within the CISO function which aims to continuously develop and enhance its cyber security portfolio, to protect Urenco, its customers and the safety of the public, ensuring the sustainable use of nuclear technology for years to come.

The group CISO team is made up of three areas, namely:

• Governance, Risk and Compliance:
• Operational Technology (OT) Cyber and Cyber Assurance:
• Threat Defence:

This role is a candidate to join the Cyber Assurance Team, reporting to the Head of OT Cyber Security and Cyber Assurance.

Occasional travel may be required. Urenco operates a hybrid working model based a minimum of 2 days a week Paddington from May 2025.  The successful candidate will be required to achieve and maintain SC clearance. 

Whilst performing this role, you will be expected to help Urenco improve its cyber security maturity, with a strong focus on application security, both on-premises and in the cloud. You will work closely with the business and colleagues in both the IT and Information Security team. To be successful you will be adaptable and possess good business acumen. You will be self-motivated but also be an active team player and work collaboratively across teams to achieve design and business-focused outcomes.

At Urenco we’re committed to giving you opportunities to be your best. If you feel you meet some, but not all of what we’re looking for, please still apply. We believe in embracing the passion and potential of our people, and to achieve this we offer market leading training and development experiences. Along with the opportunity to be mentored and coached by some of the smartest minds in the industry.

What you’ll do:

• Authoring and reviewing technical documentation related to application security.
• Communicate effectively with business stakeholders, to lead their requirements and to promote good application security practices within the business.
• Be a trusted advisor, security advocate to colleagues across the business.
• Review of technical design changes in comparison to application security standards and policies to identify design gaps, and recommend improvements to security controls.
• Focus on application security for both on-premises and cloud environments.
• Working with GRC teams, security architects, and wider business teams to produce risk assessments, discuss and agree appropriate mitigations and controls, and document the outcomes into a formal risk document.
• Working with the IT team to assure technical controls to mitigate threats to the company’s applications and systems.
• Translate business strategy, requirements into application security architectures to effectively communicate risk and assist in the development of compensating control solutions, processes, and people development.
• Undertake supplier assurance for on-premises, cloud, and hybrid application services and provide recommendations.
• Writing and developing application security policies, standards, and guidelines.
• Facilitate alignment between application security architecture frameworks and standards and overall business strategy
• Maintaining professional knowledge by tracking and leading emerging application security practices and standards.

What do you need to thrive in this role?

• ·        At least 5 years’ experience in information security assurance with a focus on application security
• ·        Experience working with regulatory compliance and information security management frameworks (e.g., IS027000, NIST SP800 series and CSF).
• ·        Adaptable, ability to pivot quickly to new challenges to support the business and changing risk profile.
• ·        Business Acumen, an understanding of business needs, strategies and applying that knowledge to produce business-focused security architectures.
• ·        Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate option.
• ·        Maintain and develop knowledge in existing IT security and IT/OT systems and an ability to keep pace with changing security, IT, and OT technologies
• ·        A team-focused mentality with the proven ability to work effectively with diverse stakeholders
• ·        Acts consciously with a broader and longer-term perspective in mind
• ·        Excellent oral and written communication skills.
• ·        A curious, motivated, self-starter who poses analytical thinking and problem-solving skills.
• ·        Sense of urgency for rapid delivery. Fast learner who can assimilate information quickly.
• ·        Excellent organizational skills.

What can you expect from us?

More than just a job, we offer a future. More than just a place to work, we provide an opportunity to prosper.  As an employee of Urenco you will receive:

• Salary; £73866.00 - £86901.00
• Annual leave of 27 days per annum.
  • A generous bonus scheme based on achievement of personal and company objectives.
  • Hybrid Working Pattern: up to two days working remotely on average per week. Flexible start and finish times, with a 1.30pm finish on Fridays.
  • Flexible benefits package; including life assurance and income protection. In addition, you’ll have an opportunity to purchase additional benefits that suit your lifestyle.
  • Paid time off for volunteering.
    • The opportunity to join our private medical and dental insurance schemes.
    • Education and training; we take pride in helping people learn and develop by supporting, accelerating and directing your learning. As well as the completion of mandatory health and safety courses, training packages will be offered to meet your specific needs.

• A defined contribution pension scheme: contributions start at 11% (employee) and 16% (employer).

Creating a diverse and inclusive workforce

As a truly global company with a presence in the UK, USA, Germany, and the Netherlands, we know that our individual differences make us stronger. Putting people at the heart of our business, we strive to create an open and inclusive workplace that allows every voice to be heard and diversity to thrive. If you require any reasonable adjustments to the recruitment process, please let our talent acquisition team know.

Because together, we are one Urenco. We are enriching the world. And enriching your future.