Information Security Technical Assurance Lead

Paddington, London

Help us to make a world of difference

Urenco is a global leader in the production of low carbon energy. We work at the cutting edge of the transition to a sustainable, net zero world.

We’re looking for an Information Security Technical Assurance Lead, based at our new Paddington Site. This role sits within the CISO function which aims to continuously develop and enhance its cyber security portfolio, to protect Urenco, its customers and the safety of the public, ensuring the sustainable use of nuclear technology for years to come.

The group CISO team is made up of three areas, namely:

• Governance, Risk and Compliance
• Operational Technology (OT) Cyber and Cyber Assurance
• Threat Defence

This role is a candidate to join the Cyber Assurance Team, reporting to the Head of OT Cyber Security and Cyber Assurance.

Occasional travel may be required. Urenco operates a hybrid working model based on a minimum of 2 days a week Paddington from May 2025. The successful candidate will be required to achieve and maintain SC clearance.

Whilst performing this role, you will be expected to help Urenco improve its cyber security maturity, with a strong focus on application security, both on-premises and in the cloud. You will work closely with the business and colleagues in both the IT and Information Security team. To be successful you will be adaptable and possess good business acumen. You will be self-motivated but also be an active team player and work collaboratively across teams to achieve design and business-focused outcomes.

What you’ll do:

• Authoring and reviewing technical documentation related to application security.
• Communicate effectively with business stakeholders, to lead their requirements and to promote good application security practices within the business.
• Be a trusted advisor and security advocate to colleagues across the business.
• Review technical design changes against application security standards and policies to identify design gaps, and recommend improvements to security controls.
• Focus on application security for both on-premises and cloud environments.
• Work with GRC teams, security architects, and wider business teams to produce risk assessments, discuss and agree appropriate mitigations and controls, and document the outcomes into a formal risk document.
• Work with the IT team to assure technical controls to mitigate threats to the company’s applications and systems.
• Translate business strategy and requirements into application security architectures to effectively communicate risk and assist in the development of compensating control solutions, processes, and people development.
• Undertake supplier assurance for on-premises, cloud, and hybrid application services and provide recommendations.
• Write and develop application security policies, standards, and guidelines.
• Facilitate alignment between application security architecture frameworks and standards and overall business strategy.
• Maintain professional knowledge by tracking and leading emerging application security practices and standards.

What do you need to thrive in this role?

• At least 5 years’ experience in information security assurance with a focus on application security.
• Experience working with regulatory compliance and information security management frameworks (e.g., ISO 27000, NIST SP800 series and CSF).
• Adaptable, ability to pivot quickly to new challenges to support the business and changing risk profile.
• Business Acumen, an understanding of business needs, strategies and applying that knowledge to produce business-focused security architectures.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate option.
• Maintain and develop knowledge in existing IT security and IT/OT systems and an ability to keep pace with changing security, IT, and OT technologies.
• A team-focused mentality with the proven ability to work effectively with diverse stakeholders.
• Acts consciously with a broader and longer-term perspective in mind.
• Excellent oral and written communication skills.
• A curious, motivated, self-starter who possesses analytical thinking and problem-solving skills.
• Sense of urgency for rapid delivery. Fast learner who can assimilate information quickly.

What can you expect from us?

More than just a job, we offer a future. More than just a place to work, we provide an opportunity to prosper. As an employee of Urenco you will receive:

• Annual leave of 27 days per annum.
• A generous bonus scheme based on achievement of personal and company objectives.
• Hybrid Working Pattern: up to two days working remotely on average per week. Flexible start and finish times, with a 1.30pm finish on Fridays.
• Flexible benefits package; including life assurance and income protection. In addition, you’ll have an opportunity to purchase additional benefits that suit your lifestyle.
• Paid time off for volunteering.
• The opportunity to join our private medical and dental insurance schemes.
• Education and training; we take pride in helping people learn and develop by supporting, accelerating and directing your learning. As well as the completion of mandatory health and safety courses, training packages will be offered to meet your specific needs.
• A defined contribution pension scheme: contributions start at 11% (employee) and 16% (employer).

Creating a diverse and inclusive workforce

As a truly global company with a presence in the UK, USA, Germany, and the Netherlands, we know that our individual differences make us stronger. Putting people at the heart of our business, we strive to create an open and inclusive workplace that allows every voice to be heard and diversity to thrive. If you require any reasonable adjustments to the recruitment process, please let our talent acquisition team know.

Because together, we are one Urenco. We are enriching the world. And enriching your future.

Urenco is committed to encouraging equality and diversity within our workforce. Are you enthusiastic about this position and you don't meet every single requirement? The real fit for a job is not always in your current experience or education. We are striving towards strong, diverse and complementary teams, in an inclusive and authentic workplace. So if you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You might be just the right candidate for this or other roles and we would like to meet you!

We outsource our recruitment process to Morson Group. If you choose to apply, the data you enter will be processed on behalf of Urenco by Morson as our recruitment partner.