Rodeo
ResourcesPartnersSign in

Soletanche Bachy UK Zone

Information Security & Assurance Officer

Leiston
Posted 4 months ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

The Geotechnical Sub Alliance (GSA)

The Geotechnical Sub Alliance (GSA) is at the forefront of the Sizewell C nuclear power station development - one of the UK’s largest and most exciting infrastructure programmes.

We’re responsible for preparing the foundations of the entire site: designing and constructing cut‑off walls, retaining structures, soil improvements and more. Using advanced geotechnical engineering and world‑class construction technologies, this is a rare opportunity to contribute to a national project that will shape the UK’s clean‑energy future.

The Role

The Information Security & Assurance Officer is responsible for ensuring that GSA implements and maintains all mandatory information and cyber‑security controls required under the client Information Security Management Plan (ISMP), associated security documentation and governance agreements with parent companies.

The role provides assurance across corporate and project systems, oversees integration with client security operations, ensures subcontractor compliance, and leads the development and operation of a robust Information Security Management System (ISMS) aligned to ISO/IEC 27001. You will act as the central authority for information security governance, incident management and continuous improvement across the organisation.

What You'll Be Doing

  • Governance & Compliance: Implement and enforce client ISMP requirements across GSA, including security assurance levels, export control, information classification and data‑handling rules. Maintain governance documentation, audit evidence and subcontractor security flow‑downs, and support client, partner and third‑party security reviews.
  • Security Assurance & ISMS Ownership: Own and operate the ISMS, including policies, standards and procedures. Complete and manage required security and privacy assessments (e.g. TPSA, SRA, DPIA, ECIA), track remediation actions, review suppliers, and ensure alignment with UK GDPR, DPA 2018, NIS2 (where applicable) and sector‑specific standards.
  • O365 & Technical Security Oversight: Provide assurance over O365 and core IT controls, including identity and access management, MFA, endpoint protection, logging, monitoring and baseline security configuration across office and operational locations.
  • SOC Integration & Incident Management: Oversee security monitoring, log availability, alerting and incident response processes, ensuring effective integration with the client SOC and any managed security service providers. Lead or support incident response, root‑cause analysis and post‑incident reviews.
  • Stakeholder Engagement & Awareness: Act as a trusted adviser to IT, project teams and business units, translating technical risk into clear business impact. Deliver security awareness initiatives, phishing simulations and ongoing engagement with suppliers, auditors, MSSPs and SOC partners.
  • Continuous Improvement: Identify opportunities to optimise and automate security controls, contribute to the cyber‑security roadmap and maintain awareness of emerging threats, technologies and industry best practice.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

You will promote company and client values and support a positive safety and security culture across all activities.

What We’re Looking For

Essential

  • Demonstrable experience in information security assurance and technical cyber‑security operations within a UK organisation
  • Strong working knowledge of ISO/IEC 27001, Cyber Essentials Plus, NIST CSF and UK GDPR / DPA 2018
  • Hands‑on experience with modern security tooling, including Microsoft Defender, SIEM (e.g. Sentinel), EDR/XDR and vulnerability management tools
  • Experience leading or supporting security incident response, root‑cause analysis and post‑incident reviews, including working with SOC teams (internal or MSSP)
  • Ability to produce clear assurance reports, security documentation and executive‑level dashboards
  • Strong stakeholder management skills, with the ability to translate technical risk into pragmatic business actions

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Desirable

  • Degree (or equivalent experience) in computer science, cyber security or a related discipline
  • Familiarity with SANS Top 20 Critical Security Controls and UK Cyber Essentials requirements
  • Experience operating in complex, regulated or safety‑critical environments

Why Bachy Soletanche?

When you join the world’s largest specialist geotechnical contractor, you’re part of an international community of over 10,000 experts, based in 31 countries around the world. You’ll have the opportunity to contribute to prestigious, ground-breaking projects, using the very latest tools and technology to solve complex problems, constantly learn new skills and take your career in any direction.

As well as being part of a landmark project and working in a collaborative alliance environment, we offer:

  • Discretionary annual bonus (based on personal/project performance)
  • Salary Sacrifice Pension Scheme (min. 5% company contribution)
  • Enhanced Sick Pay (after probation)
  • Income Protection, Private Medical Insurance and Life Assurance
  • Employee Assistance Programme
  • 25-days annual leave + Bank Holidays per year (increasing with service)
  • Option to purchase additional annual leave
  • Paid annual professional memberships
  • Volunteering days
  • Professional growth and development

Bachy Soletanche is committed to equal opportunities in employment with the aim of ensuring that everyone who applies to work for us receives fair treatment. We positively encourage applications from suitably qualified and eligible candidates regardless of age, disability, ethnicity, sex, gender identity, sexual orientation, religion or belief and pregnancy/maternity.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Information Security Assurance
Cyber Security Operations
ISO/IEC 27001
Cyber Essentials Plus
NIST CSF
UK GDPR
Microsoft Defender
SIEM
EDR/XDR
Vulnerability Management
Incident Response
Stakeholder Management
ISMS Ownership
Security Governance
Data Privacy
Risk Management

Location

Leiston, England, United Kingdom

Sign up to applySee more jobs like this