Amaris Consulting
Cybersecurity Governance & Assurance Specialist

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Cybersecurity Governance & Assurance Specialist
Cybersecurity Governance & Assurance Specialist
At Amaris Consulting UK
Amaris Consulting is seeking a talented and driven Cybersecurity Governance & Assurance Specialist to support a key client in the off-highway machinery sector.
Your Missions
Governance and Standards
- Own and maintain the product cybersecurity governance and assurance framework, aligned with the broader compliance model across disciplines
- Develop and maintain internal standards, templates, checklists, and guidance for consistent execution across programmes (e.g., System of Interest definitions, TARA guidance, cybersecurity requirements, testing expectations, and evidence packs)
- Create and deliver training and enablement programmes to uplift engineering teams and ensure "right first time" compliance
Programme Compliance Assessment and Assurance
- Plan and execute cybersecurity compliance assessments of product programmes and suppliers, with clear reporting on status, risks, and evidence gaps
- Assess alignment against:
- Internal requirements
- ISO/SAE 21434
- ISO 24882
- IEC 62443
- Cyber Resilience Act (CRA)
- Review the adequacy of key cybersecurity work products, including:
- Threat modelling/TARA outputs
- Requirements
- Architecture evidence
- Verification and validation strategies
- Residual risk statements
- Drive closure of findings with stakeholders across systems, embedded software, verification, manufacturing/service, and suppliers
Cybersecurity Testing Assurance
- Define cybersecurity testing expectations for compliance evidence, covering:
- Coverage scope
- Methods
- Reporting
- Remediation tracking
- Coordinate Red Team and testing activities to align with programme assurance and address testing capability gaps
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Vulnerability Management and Post-Production Assurance
- Establish and assure governance for post-production vulnerability management, including:
- Supplier monitoring
- Research findings
- Red Team outputs
- PSIRT channels
- Routing to affected products
- Support readiness for CRA mandatory reporting, including:
- Article 14 reporting workflows
- Fast-track response for actively exploitable issues
- Capture and disseminate lessons learned (e.g., CWE/CVE insights) into standards, checklists, and training materials
Your Profile
Experience & Expertise
- 3+ years in Tier 1 or OEM sectors (on-highway or off-highway) within a cybersecurity role
- Demonstrated experience in:
- Product cybersecurity assurance
- Governance, compliance assessment, or cybersecurity audit for embedded or cyber-physical products
- Strong working knowledge of:
- ISO/SAE 21434 and ISO 24882, with the ability to translate them into practical internal processes and evidence expectations
- IEC 62443 and supplier assurance requirements
- CRA compliance (including Article 14 reporting workflows)
- Familiarity with:
- TARA and threat modelling (e.g., attack trees, Stella)
- Vulnerability management and post-production monitoring/triage governance
- Cybersecurity requirements engineering and testing (including test evidence expectations)
- Functional safety interfaces and the security-safety relationship
- Embedded product environments (e.g., ECUs, CAN, J1939, diagnostics like UDS)
- SBOM concepts and their role in vulnerability monitoring and compliance


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Soft Skills & Mindset
- Self-motivated, analytical, and pragmatic with strong interpersonal skills
- Adaptable and resilient, with a drive for continuous improvement
- Naturally collaborations, with a high standard of technical delivery
Why Choose Us?
✅ Diverse and inclusive global team of 110+ nationalities ✅ Trust-filled culture—70% of leaders started from entry-level roles ✅ Robust training system with +250 modules via our internal Academy ✅ Dynamic work environment with frequent collaborative events (afterworks, team buildings)
We promote equal opportunities and welcome applications from all qualified individuals, regardless of background.
Who Are We?
Amaris Consulting is an independent technology consulting firm with:
- +1,000 global clients
- 7,600+ employees across 60+ countries & 5 continents
- 4 key business lines: Information System & Digital, Telecom, Life Sciences, and Engineering
At Amaris, we foster top-tier talent to help you achieve your full potential.
Our Recruitment Process
-
Brief Call
- Discussion on your motivations and fit for the role
- Learn more about Amaris culture, teams, and career growth
-
Interviews (3 av., depending on seniority)
- Meet with line manager, team members, and future stakeholders
- Deep dive into your experience, skills, and suitability for the position
-
(Optional) Case Study/Assessment
- Role-play, technical evaluation, or problem-solving scenario
We adapt processes personally but always prioritise a positive candidate experience.
Looking forward to meeting you! 🚀
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location