Rodeo
ResourcesPartnersSign in

Amaris Consulting

Cybersecurity Governance & Assurance Specialist

London
Posted 2 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Cybersecurity Governance & Assurance Specialist

Cybersecurity Governance & Assurance Specialist

At Amaris Consulting UK

Amaris Consulting is seeking a talented and driven Cybersecurity Governance & Assurance Specialist to support a key client in the off-highway machinery sector.

Your Missions

Governance and Standards

  • Own and maintain the product cybersecurity governance and assurance framework, aligned with the broader compliance model across disciplines
  • Develop and maintain internal standards, templates, checklists, and guidance for consistent execution across programmes (e.g., System of Interest definitions, TARA guidance, cybersecurity requirements, testing expectations, and evidence packs)
  • Create and deliver training and enablement programmes to uplift engineering teams and ensure "right first time" compliance

Programme Compliance Assessment and Assurance

  • Plan and execute cybersecurity compliance assessments of product programmes and suppliers, with clear reporting on status, risks, and evidence gaps
  • Assess alignment against:
    • Internal requirements
    • ISO/SAE 21434
    • ISO 24882
    • IEC 62443
    • Cyber Resilience Act (CRA)
  • Review the adequacy of key cybersecurity work products, including:
    • Threat modelling/TARA outputs
    • Requirements
    • Architecture evidence
    • Verification and validation strategies
    • Residual risk statements
  • Drive closure of findings with stakeholders across systems, embedded software, verification, manufacturing/service, and suppliers

Cybersecurity Testing Assurance

  • Define cybersecurity testing expectations for compliance evidence, covering:
    • Coverage scope
    • Methods
    • Reporting
    • Remediation tracking
  • Coordinate Red Team and testing activities to align with programme assurance and address testing capability gaps

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.


Vulnerability Management and Post-Production Assurance

  • Establish and assure governance for post-production vulnerability management, including:
    • Supplier monitoring
    • Research findings
    • Red Team outputs
    • PSIRT channels
    • Routing to affected products
  • Support readiness for CRA mandatory reporting, including:
    • Article 14 reporting workflows
    • Fast-track response for actively exploitable issues
  • Capture and disseminate lessons learned (e.g., CWE/CVE insights) into standards, checklists, and training materials

Your Profile

Experience & Expertise

  • 3+ years in Tier 1 or OEM sectors (on-highway or off-highway) within a cybersecurity role
  • Demonstrated experience in:
    • Product cybersecurity assurance
    • Governance, compliance assessment, or cybersecurity audit for embedded or cyber-physical products
  • Strong working knowledge of:
    • ISO/SAE 21434 and ISO 24882, with the ability to translate them into practical internal processes and evidence expectations
    • IEC 62443 and supplier assurance requirements
    • CRA compliance (including Article 14 reporting workflows)
  • Familiarity with:
    • TARA and threat modelling (e.g., attack trees, Stella)
    • Vulnerability management and post-production monitoring/triage governance
    • Cybersecurity requirements engineering and testing (including test evidence expectations)
    • Functional safety interfaces and the security-safety relationship
    • Embedded product environments (e.g., ECUs, CAN, J1939, diagnostics like UDS)
    • SBOM concepts and their role in vulnerability monitoring and compliance

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Soft Skills & Mindset

  • Self-motivated, analytical, and pragmatic with strong interpersonal skills
  • Adaptable and resilient, with a drive for continuous improvement
  • Naturally collaborations, with a high standard of technical delivery

Why Choose Us?

✅ Diverse and inclusive global team of 110+ nationalities ✅ Trust-filled culture—70% of leaders started from entry-level roles ✅ Robust training system with +250 modules via our internal Academy ✅ Dynamic work environment with frequent collaborative events (afterworks, team buildings)

We promote equal opportunities and welcome applications from all qualified individuals, regardless of background.


Who Are We?

Amaris Consulting is an independent technology consulting firm with:

  • +1,000 global clients
  • 7,600+ employees across 60+ countries & 5 continents
  • 4 key business lines: Information System & Digital, Telecom, Life Sciences, and Engineering

At Amaris, we foster top-tier talent to help you achieve your full potential.


Our Recruitment Process

  1. Brief Call

    • Discussion on your motivations and fit for the role
    • Learn more about Amaris culture, teams, and career growth
  2. Interviews (3 av., depending on seniority)

    • Meet with line manager, team members, and future stakeholders
    • Deep dive into your experience, skills, and suitability for the position
  3. (Optional) Case Study/Assessment

    • Role-play, technical evaluation, or problem-solving scenario

We adapt processes personally but always prioritise a positive candidate experience.


Looking forward to meeting you! 🚀

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Cybersecurity
Governance
Compliance
Risk Assessment
ISO/SAE 21434
IEC 62443
Cyber Resilience Act
Vulnerability Management
Technical Writing
Stakeholder Management
Threat Modelling
Cybersecurity Testing
Embedded Systems
Post-Production Monitoring
Training Development
Analytical Skills

Location

London, England, United Kingdom

Sign up to applySee more jobs like this