IT Cybersecurity Assurance Specialist

Abingdon, GB, OX14 3YP

Information Technology

Sophos makes IT security simple with next-generation solutions that protect networks, servers, and devices, wherever they are. Today, more than 100 million users in 150 countries and a global network of channel partners trust Sophos to deliver simple solutions to complex security challenges. Focused on innovation and backed by a global network of Sophos Labs threat intelligence centers and industry-leading support, Sophos delivers solutions that are simple to deploy, maintain, and manage, enabling organizations to focus on performance and growth. Sophos — Security made simple.

Job Purpose

The IT Cybersecurity Assurance Specialist will be responsible for performing information systems audit work related to the company’s risk assessment as well as monitor the overall IT business recovery plan.  This role is a key influencer on policy and awareness and is responsible for the development, review, implementation, and maintenance of the organization’s information technology assurance program.


This a great opportunity to help secure a world-leading security company. As you’d expect you’ll be joining an organization that takes security seriously. You will get the opportunity to work with some world-leading experts from across the company in a fast-paced & exciting environment where security is a priority.


Main Duties


  • Performs IT risk assessment control audits on current policies and ensures we are following those policies
  • Identifies top risks to the organization and the behaviors that must change to mitigate those risks
  • Identifies weaknesses in internal controls and opportunities to enhance IT operational efficiencies
  • Tracks remediation of audit issues noted in internal audit reports
  • Reviews IT policies once a quarter to maintain relevancy
  • Maintain a framework that effectively measures compliance with information technology policies
  • Ensures IT disaster recovery plan is implemented and all stakeholders are trained and informed
  • Serves as the lead liaison with IT for IT external auditors and co-sourced consultants
  • Establishes, implements, and maintains information assurance programs, requirements, and standards based on the analysis of user, policy, regulatory, and resource demands
  • Communicates risk assessment findings to relevant stakeholders outside the security team
  • Updates and maintains documentation including, but not limited to, policies, standards, contingency plans, and incident management plans
  • Analyzes information assurance-related technical problems and provides engineering and technical support for solving these problems
  • Identifies, reports, and resolves security violations
  • Ensures employees and third parties understand, acknowledge, and fulfill all applicable information technology policies
  • Have and maintain an expert knowledge of Infosec industry trends and developments and advise on changes to the threat landscape
  • Have and maintain an expert knowledge of the relevant legislative, contractual, compliance and technical information requirements
  • Project manage and plan the work of cross-functional teams on cybersecurity & compliance projects
  • Articulate complex technical security issues into business focused terms and communicate with senior stakeholders across the business
  • Identify, propose and initiate improvements to the organization’s security posture
  • Assist and mentor other team members



Skills & Experience



  • Educated to bachelor’s degree level
  • Expertise in IT security risk management in a business context with practical experience developing and implementing appropriate mitigation strategies.
  • At least 5 years’ experience in a senior security role.
  • Strong interpersonal skills.
  • Ability to handle complexity and innovate.
  • Strong project management and organizational skills.
  • Ability to work in a fast-paced, rapidly evolving company environment and drive results.
  • Excellent communication, presentation and interpersonal skills – ability to communicate across and up the organization including internal communication to gain buy-in on security strategy.



  • Security-related professional certification (CISSP, etc)
  • Knowledge of Sophos products.
  • Experience working in a global environment.
  • Experience securing an AWS environment

Equal Opportunities

Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.

If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our data protection policy which can be found here and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please reply to this or other emails from Sophos clearly stating your request, or follow the steps set out in the data protection policy describing your individual rights. 

At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.