Oversee assurance activities for Microsoft Azure, evaluating security posture, architecture and control effectiveness across core cloud services
Provide cloud-agnostic assurance oversight across AWS and key SaaS platforms (including Salesforce), ensuring consistent assessment standards regardless of technology stack
Act as a subject-matter (SME) for platform security, offering guidance and challenge on security design, engineering decisions and control implementations
Deliver architectural security oversight across platform domains, identifying design weaknesses, control gaps and improvement opportunities early in the lifecycle
Reduce risk through pragmatic remediation, working with platform teams to prioritise issues, agree proportionate fixes and track actions through to closure
Promote sustained control maturity, assessing control performance over time and recommending enhancements to improve resilience and governance
Maintain independence from control ownership, providing objective assurance, effective second-line challenge and credible risk-based reporting
Collaborate across multiple platform teams and stakeholders within Cyber & Information Resilience (C&IR), aligning assurance outcomes to organisational risk appetite and resilience objectives
Skills required
Minimum:
Direct experience applying industry security best practices and frameworks such as NCSC, NIST, CIS and CSA across modern technology platforms, including cloud‑hosted and SaaS services (e.g. Azure, AWS, Salesforce) in a cloud‑agnostic manner
Demonstrated ability to translate complex security and technical risk issues for diverse audiences, including senior stakeholders, through clear written and verbal communication
Experience designing, operating or contributing to assurance processes, including the production and management of regular (e.g. monthly) risk and control reporting and conducting or contributing to comprehensive platform and cloud risk assessments with clear, risk‑based remediation recommendations
Essential:
Effective stakeholder management skills, with the ability to persuade and question platforms, engineering and delivery teams without direct control ownership
Demonstrable experience providing cloud and platform security architecture assurance, including assessing control design, implementation and effectiveness across multiple technology domains
Practical experience using Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) tools to identify misconfigurations, control gaps and systemic risk themes
Extensive experience carrying out platform and cloud risk assessments, from scoping through to reporting and remediation tracking
Experience defining, producing and maintaining security metrics, including Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to support senior level decision making
Experience assuring controls across endpoint, network, identity, logging and monitoring, vulnerability management or attack surface management domains
Exposure to secure software delivery / SSDLC assurance, including oversight of security controls embedded within delivery pipelines and/or experience working within a regulated, financial services or public sector environment
Benefits
25 days anDental insuranceVision insurance
Additional Information
Cloud Assurance Specialist
Division: Operations
Department: Cyber and Operations Resilience (C&OR)
Salary: National (Edinburgh and Leeds) ranging from £53,000 to £69,000 and London from £59,000 to £75,000 ( salary offered will be based on skills and experience)
This role is graded as: Senior Associate - Regulatory
Your external recruitment contact is Raimonda via Raimonda.Stankute@fca.org.uk.
Your internal recruitment contact is Fizah via FizahFarouk.Ibrahim@fca.org.uk
Applications must be submitted through our online portal. Applications sent via social media or email will not be accepted.
About the FCA and team
We regulate financial services firms in the UK, to keep financial markets fair, thriving and effective. By joining us, you'll play a key part in protecting consumers, driving economic growth and shaping the future of UK finance services.
Cyber and Information Resilience (C&IR) is responsible for the management of cyber security at the FCA. 'Cyber security' means the protection of the FCA's data and systems from malicious and/or accidental activity, including theft, damage and disruption, in order that the FCA can deliver its key business functions. C&IR is part of a Directorate lead by our CISO, Director of Cyber & Operational Resilience Division.
The Platform Assurance team provides independent assurance and specialised oversight across the FCA's core technology platforms, spanning cloud‑hosted and on‑premise services, network, endpoint, identity and secure software delivery (SSDLC). The team plays a critical role in ensuring that security controls are well‑designed, effectively implemented and continuously improving in line with FCA risk appetite.
Fca · London, UK