Cyber Security Assurance Manager

Responsibilities: 1. Certification Delivery & Maintenance: Lead the delivery and ongoing maintenance of key SOC-related certifications including SOC 2 Type II, SOC 3, ISO/IEC , Cyber Essentials Plus, and CREST. Oversee sector-specific assurance needs such as PCI DSS for cardholder data environments or NCSC CIR/ CHECK where relevant. Ensure certifications are renewed on schedule and compliance gaps are proactively addressed. 2. Security Assurance for SOC Services: Embed certification requirements into the SOC's governance, processes, and operational practices. Ensure continuous monitoring, evidence collection, and readiness for internal/external audits. Translate security control requirements into operational procedures for SOC teams. 3. Customer Assurance Engagement: Act as primary contact for customer assurance activities relating to SOC services. Support client RFIs, RFPs, and audit requests with accurate certification evidence and security documentation. Build customer-facing assurance packs that demonstrate our security posture and SOC credibility. 4. Regulatory & Industry Alignment: Monitor developments in global cybersecurity regulations and frameworks (e.g. NIST CSF, UK NCSC guidance, EU NIS2, GDPR). Align SOC assurance with emerging requirements to ensure future readiness. Provide expert advice to leadership on how regulatory changes impact SOC assurance strategy. 5. Continuous Improvement & Reporting: Drive continuous improvement in SOC assurance processes, reducing time to audit readiness and increasing efficiency of evidence collection. Produce regular reports and dashboards for the Head of Assurance and senior stakeholders on certification status, audit outcomes, and assurance performance. 6. Collaboration & Knowledge Sharing: Work closely with SOC operations, Information Security, Risk & Compliance, and Commercial teams to embed assurance requirements into daily practice. Provide training and awareness on SOC assurance standards to internal teams. Qualifications: Required Qualifications and Experience- Demonstrable experience delivering and maintaining cybersecurity certifications (ISO/IEC , SOC 2 Type II, Cyber Essentials Plus, CREST). Strong understanding of SOC operations and security assurance frameworks. Experience in customer-facing assurance activities, including audits, RFIs, and RFPs. Knowledge of regulatory and industry frameworks including NIST CSF, GDPR, and UK NCSC guidance. Experience liaising with external auditors, regulators, and certification bodies. Skills- Strong ability to develop and maintain compliance documentation and audit evidence. Excellent communication skills to explain complex security assurance topics to customers, senior leaders, and SOC teams. Analytical and detail-oriented, with the ability to identify gaps and design improvements. Stakeholder engagement and influencing skills, particularly with technical and commercial teams. Organisational skills to manage multiple certifications and assurance projects simultaneously. Behaviours- Integrity and professionalism in all assurance activities. Customer-focused, with confidence in handling external assurance discussions. Proactive, solutions-oriented mindset with a drive for continuous improvement. Resilient and adaptable in a fast-moving global SOC environment. Collaborative, building trust and teamwork across technical, compliance, and commercial functions. Some of the benefits include: Healthcare and dental insurance Company pension is matched up to 5% 25 days annual leave entitlement plus bank holidays and the option to purchase 5 extra days Life assurance - 4 x annual salary Cycle to work scheme Client prioritises internal development opportunities and offer access to our Udemy training platform with over training courses Disclaimer This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.