Cloud Assurance Specialist
Division: Operations
Department: Cyber and Operations Resilience (C&OR)
Salary: National (Edinburgh and Leeds) ranging from £53,000 to £69,000 and London from £59,000 to £75,000 (salary offered will be based on skills and experience)
This role is graded as: Senior Associate - Regulatory
Your external recruitment contact is Raimonda via Raimonda.Stankute@fca.org.uk.
Your internal recruitment contact is Fizah via FizahFarouk.Ibrahim@fca.org.uk
Applications must be submitted through our online portal. Applications sent via social media or email will not be accepted.
About the FCA and team
We regulate financial services firms in the UK, to keep financial markets fair, thriving and effective. By joining us, you’ll play a key part in protecting consumers, driving economic growth and shaping the future of UK finance services.
Cyber and Information Resilience (C&IR) is responsible for the management of cyber security at the FCA. 'Cyber security' means the protection of the FCA's data and systems from malicious and/or accidental activity, including theft, damage and disruption, in order that the FCA can deliver its key business functions. C&IR is part of a Directorate lead by our CISO, Director of Cyber & Operational Resilience Division.
The Platform Assurance team provides independent assurance and specialised oversight across the FCA’s core technology platforms, spanning cloud‑hosted and on‑premise services, network, endpoint, identity and secure software delivery (SSDLC). The team plays a critical role in ensuring that security controls are well‑designed, effectively implemented and continuously improving in line with FCA risk appetite.
Role responsibilities
Oversee assurance activities for Microsoft Azure, evaluating security posture, architecture and control effectiveness across core cloud services
Provide cloud-agnostic assurance oversight across AWS and key SaaS platforms (including Salesforce), ensuring consistent assessment standards regardless of technology stack
Act as a subject-matter (SME) for platform security, offering guidance and challenge on security design, engineering decisions and control implementations
Deliver architectural security oversight across platform domains, identifying design weaknesses, control gaps and improvement opportunities early in the lifecycle
Reduce risk through pragmatic remediation, working with platform teams to prioritise issues, agree proportionate fixes and track actions through to closure
Promote sustained control maturity, assessing control performance over time and recommending enhancements to improve resilience and governance
Maintain independence from control ownership, providing objective assurance, effective second-line challenge and credible risk-based reporting
Collaborate across multiple platform teams and stakeholders within Cyber & Information Resilience (C&IR), aligning assurance outcomes to organisational risk appetite and resilience objectives
Skills required
Minimum:
Direct experience applying industry security best practices and frameworks such as NCSC, NIST, CIS and CSA across modern technology platforms, including cloud‑hosted and SaaS services (e.g. Azure, AWS, Salesforce) in a cloud‑agnostic manner
Demonstrated ability to translate complex security and technical risk issues for diverse audiences, including senior stakeholders, through clear written and verbal communication
Experience designing, operating or contributing to assurance processes, including the production and management of regular (e.g. monthly) risk and control reporting and conducting or contributing to comprehensive platform and cloud risk assessments with clear, risk‑based remediation recommendations
Essential:
Effective stakeholder management skills, with the ability to persuade and question platforms, engineering and delivery teams without direct control ownership
Demonstrable experience providing cloud and platform security architecture assurance, including assessing control design, implementation and effectiveness across multiple technology domains
Practical experience using Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) tools to identify misconfigurations, control gaps and systemic risk themes
Extensive experience carrying out platform and cloud risk assessments, from scoping through to reporting and remediation tracking
Experience defining, producing and maintaining security metrics, including Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to support senior level decision making
Experience assuring controls across endpoint, network, identity, logging and monitoring, vulnerability management or attack surface management domains
Exposure to secure software delivery / SSDLC assurance, including oversight of security controls embedded within delivery pipelines and/or experience working within a regulated, financial services or public sector environment
Benefits
25 days annual leave plus bank holidays
Non-contributory pension (8–12% depending on age) and life assurance at eight times your salary
Private healthcare with Bupa, income protection and 24/7 Employee Assistance
35 hours of paid volunteering annually
Hybrid model where employees work a minimum of 40% in the office each month (expectation of 50% for senior leaders). Changing from September to a minimum of 50% in the office each month (expectation of 60% for Directors and Executive Directors)
A flexible benefits scheme designed around your lifestyle
For a full list of our benefits and our recruitment process as a whole visit our benefits page.
Our values and culture
Our colleagues are the key to our success as a regulator. We are committed to promoting a diverse and inclusive culture: one that’s free from discrimination and bias, celebrates difference and supports colleagues to deliver at their best. We believe that our differences and similarities enable us to be a better organisation – one that makes better decisions, drives innovation and delivers better regulation.
If you require any adjustments due to a disability or condition, your recruiter is here to help - reach out for tailored support.
We welcome diverse working styles and aim to find flexible solutions that suit both the role and individual needs, including options like part-time and job sharing where applicable.
Disability confident: our hiring approach
We’re proud to be a Disability Confident Employer and therefore, people or individuals with disabilities and long-term conditions who best meet the minimum criteria for a role will go through to the next stage of the recruitment process. In cases of high application volumes we may progress applicants whose experience most closely matches the role’s key requirements.
Useful information and timelines
Timeline:
Job advert close: midnight, 13th May 2026
CV Review/Shortlist: 15th May 2026
Interviews: w/c 21st May 2026
Your Recruiter will discuss the process in detail with you during screening for the role, therefore, please make them aware if you are going to be unavailable for any date during this time.
SC Clearance is required for this role (SC Guidance) - you will hold or will be required to obtain Security Check (SC) level vetting