The Geotechnical Sub Alliance (GSA) is at the forefront of the Sizewell C nuclear power station development—one of the UK’s largest and most exciting infrastructure programmes.

We’re responsible for preparing the foundations of the entire site: designing and constructing cut‑off walls, retaining structures, soil improvements and more. Using advanced geotechnical engineering and world‑class construction technologies, this is a rare opportunity to contribute to a national project that will shape the UK’s clean‑energy future.

The Information Security & Assurance Officer ensures GSA implements all mandatory information and cybersecurity controls required under the client Information Security Management Plan (ISMP), associated security documents and all security governance requirements agreed by parent company representatives. 
 
This includes responsibility for: 

• Assurance of GSA systems, including O365, identity, MFA, endpoint controls and office locations
• Integration with client SOC monitoring, log availability, incident reporting 
  Compliance across onshore and offshore teams
• Ensuring flow‑down to downstream subcontractors
• IS027001 alignment, implementing an ISMS and leading on incident management to provide a business wide, good cyber security posture.  

Key responsibilities in greater detail:

Governance & Compliance

• Implement client ISMP controls across GSA, enforcing SAL, export‑control, classification and data‑handling rules.
• Ensure subcontractor security flow‑downs and maintain governance evidence, documentation and audit materials.
• Support client/partner security reviews and monitor compliance with GDPR/DPA, NIS2 (as applicable), and sector standards (PSN/NHS DSPT).

O365 Security

• Provide assurance and governance over identity & access, O365 baseline compliance, data protection, logging and monitoring.

SOC Integration

• Oversee log availability, security monitoring, alerting, incident response and SOC standards.

Assurance & Risk

• Own the ISMS (policies, standards, procedures).
• Complete required assessments (TPSA, SRA, DPIA, ECIA) and submit evidence for approval.
• Track remediation, review suppliers, manage security awareness, and govern tooling/technology.

Stakeholder Engagement

• Act as a trusted adviser to IT, projects and business units.
• Deliver security awareness and phishing campaigns and manage actions with suppliers, MSSPs, SOC and auditors.

Continuous Improvement

• Identify optimisation and automation opportunities; contribute to roadmap and stay current with industry trends.

Core

• Promote company/client values and support a positive safety culture.

• Demonstrable experience in information security assurance and technical cyber operations within a UK organisation.
• Working knowledge of ISO/IEC 27001, Cyber Essentials Plus, NIST CSF, and UK GDPR / DPA 2018.
• Hands‑on familiarity with modern security tooling (e.g., Microsoft Defender suite, Sentinel SIEM, EDR/XDR, vulnerability scanners). 
  Experience conducting/leading security incident response, root‑cause analysis, and post‑incident reviews including with SOC ((internal or MSSP)
• Ability to produce clear assurance reports, policies/standards, and executive‑level dashboards.
• Excellent stakeholder management; able to translate technical risk into business impact and pragmatic actions. 

 Qualifications & Experience 

• A degree (or suitable experience) in a computer or cyber security subjects 
• Familiarity with ISO 27001 Cyber Essentials Plus, NIST CSF, and UK GDPR.
• Familiarity with SANS 20 critical security controls and UK Top 10/Cyber Essentials