Information Secruity Officer/Engineer - Project Security Assurance

The Security Officer - Project Security Assurance is responsible for embedding security governance within project delivery teams and ensuring that security controls are identified, designed, implemented, and validated throughout the system development life cycle.

Working closely with project teams, Enterprise Architecture, and security stakeholders, the role ensures that solutions comply with the NIST SP 800-53 security control framework. The Security Officer supports the secure design of systems, performs security risk assessments, validates control implementation through testing, and ensures operational effectiveness of controls prior to go-live.

Hybrid working, 3 days in Central London Location

Key responsibilities and accountabilities

Security Integration within Project Delivery:

• Act as the Embedded security representative within project delivery teams, providing security guidance throughout the project life cycle.
• Support project teams in identifying and selecting appropriate security controls aligned with NIST SP 800-53.
• Ensure security requirements are incorporated into project deliverables and design artefacts.

Architecture & Design Assurance:

• Conduct peer reviews and risk assessments of High Level Designs (HLDs) to identify security risks, control gaps, and compliance issues.
• Collaborate with Enterprise Architecture and project teams to develop secure Low Level Designs (LLDs).
• Perform security risk assessments of LLDs, ensuring appropriate security patterns and controls are incorporated.

Security Control Implementation:

• Ensure the secure low level design and associated NIST 800-53 controls are implemented correctly during system build and configuration.
• Provide guidance to delivery teams on security best practices and secure configuration standards.

Security Testing & Validation:

• Verify through security testing in test environments that required security controls are correctly implemented.
• Validate that security controls are operational and effective in production environments.

Risk Assessment & Go-Live Readiness:

• Conduct NIST SP 800-53 based risk assessments to identify gaps in implemented security controls.
• Document findings and provide clear risk recommendations.
• Work with project teams to develop and manage Plans of Action and Milestones (POA&M) to remediate identified gaps.
• Provide security assurance input to support go-live/production deployment decisions.

Governance & Documentation:

• Maintain security assessment documentation, risk registers, and control validation evidence.
• Ensure security artefacts align with organisational security policies and regulatory requirements.
• Support audit and compliance activities where required.

Key skills

• Knowledge and understanding of security engineering requirements, best practices, and execution.
• Strong information security risk management and security engineering practices.
• Exceptional communication skills and stakeholder management with ability to work collaboratively as required, partnering with colleagues across the business (infrastructure; development) and external partners to implement adequate security. Translating complex and technical security concepts into easily understandable context for stakeholders at all levels.
• Excellent presentation and reporting skills.
• High degree of initiative. The ability to document technical issues and context so they can be understood by non-technical colleagues
• Bachelor's degree in Computer Science, Security Engineering, Cyber Security or related discipline, or Professional security management certifications.
• CISSP Certification.
• Security certifications such as: ISSEP, CCSP, NIST RMF related certifications.

• Knowledge and understanding of security engineering requirements, best practices, and execution.
• Strong information security risk management and security engineering practices.
• Exceptional communication skills and stakeholder management with ability to work collaboratively as required, partnering with colleagues across the business (infrastructure; development) and external partners to implement adequate security. Translating complex and technical security concepts into easily understandable context for stakeholders at all levels.
• Excellent presentation and reporting skills.
• High degree of initiative. The ability to document technical issues and context so they can be understood by non-technical colleagues
• Bachelor's degree in Computer Science, Security Engineering, Cyber Security or related discipline, or Professional security management certifications.
• CISSP Certification.
• Security certifications such as: ISSEP, CCSP, NIST RMF related certifications.