Apply now

Senior Cloud Assurance Specialist (Home Based)

  • Lancashire
  • Contract
  • Up to £66.85 per hour

The role:

  • Developing effective cloud infrastructure, enforcing good architecture principles, providing technical oversight, and ensuring security best practices are implemented and followed.
  • Deliver Cloud assurance services to the business, EITS, IM&T Sector and Group Functions.
  • Identification of risk and appropriate mitigation requirements, development & analysis of secure Cloud solutions (covering technical / physical / procedural / personnel controls) and assessment of compliance with internal and external standards and regulations.
  • Deliver documentation to demonstrate compliance to internal and external stakeholders.
  • Assessment and provision of control effectiveness in managing information security risk
  • Support development of strategy and continual service improvement for the assurance function & business Cloud adoption
  • Act as a subject matter expert regarding Cloud activities for the wider organisation


Delivery of IT Security Cloud assurance activities to ensure ‘secure by design’ and ‘effective in operation’ for systems and services in scope:

  • IT Security risk assessment of systems and services.
  • Support the definition and design of secure solutions that meet business needs.
  • Assess Architectural designs and identify proportionate IT Security controls aligned with business objectives.
  • Assessment of systems, services and IT Security controls, to provide an independent analysis of compliance with BAE Systems Security Policy, standards and external regulatory requirements. Lead Assessment of IT Security controls to ascertain effectiveness in reducing risk, including any vulnerability components.
  • Analysis, creation and compilation of relevant documentation determining the compliance level of systems and services, technical security controls with applicable certification.

Penetration tests & Vulnerability analysis:

  • Manage the delivery of penetration tests and vulnerability analysis in support of risk mitigation strategies

IT Security Control Monitoring and Reporting:

  • Delivery of control monitoring and reporting to provide visibility of critical controls and their status and effectiveness in managing the information security risk.

Stakeholder engagement

  • Engage with stakeholders to promote a mind-set of developing secure systems and transfer knowledge of security standards and processes.
  • Development, delivery & maintenance of Business reporting and assurance documentation
  • Support stakeholders in resolving IT Security issues and act as a subject matter expert regarding assurance of Cloud activities for the wider organisation


  • Minimum of 5 years of IT Security experience, including management of Cloud platforms, security risk and architectures. In depth knowledge of designing, developing and maintaining the security of cloud environments (Desirable; AWS, Azure, Gov Cloud).
  • In-depth knowledge of industry standard security policy, standards and good practice guidance and their application to a variety of IT solutions processing protectively marked information.
  • Educated to degree level (or equivalent) preferably in a related discipline (ICT/Computing, Information assurance, risk management, vulnerability/threat assessment).
  • CCSP/CISSP/CSSK/CCNP Cloud /Azure &/OR AWS certification – Desirable in one or more certifications Strong communication skills with the ability to communicate complex subjects to a variety of audiences, pulling out key issues and decision points.
  • In-depth knowledge of threats, risks, vulnerabilities and risk mitigations strategies and techniques
  • Broad experience in risk management and the application of risk management methodologies.
  • Wide ranging knowledge of application, infrastructure and security technologies and in-depth knowledge of implementing them in a secure Cloud environments
  • Experience of working in a project environment and awareness of system development lifecycle methodologies.

PLEASE NOTE: This role has been assessed as INSIDE IR35

AAP3 is acting as an Employment Business in relation to this vacancy.

Apply Now