Job description
Amaris Consulting UK is looking for a talented and driven Cybersecurity Governance & Assurance Specialist to join our team and support one of our key clients in the off-highway machinery sector.
Your Missions
Governance and Standards
- Own and maintain the product cybersecurity governance and assurance framework, aligned with the broader compliance model used across disciplines
- Develop and maintain internal standards, templates, checklists, and guidance to enable consistent execution across programmes (e.g., System of Interest definitions, TARA guidance, cybersecurity requirements, testing expectations, and evidence packs)
- Create and deliver training and enablement programmes to uplift engineering teams and drive "right first time" compliance
Programme Compliance Assessment and Assurance
- Plan and execute cybersecurity compliance assessments of product programmes and suppliers, reporting status, risks, and evidence gaps clearly and early
- Assess alignment against internal requirements and relevant external standards and regulations, including ISO/SAE 21434, ISO 24882, IEC 62443, and the Cyber Resilience Act (CRA)
- Review the adequacy of key cybersecurity work products such as threat modelling/TARA outputs, requirements, architecture evidence, verification and validation strategies, and residual risk statements
- Drive closure of findings with stakeholders across systems, embedded software, verification, manufacturing/service, and suppliers
Cybersecurity Testing Assurance
- Define cybersecurity testing expectations required for compliance evidence, covering coverage scope, methods, reporting, and remediation tracking
- Coordinate Red Team and testing activities to ensure outputs support programme assurance and close testing capability gaps
Vulnerability Management and Post-Production Assurance
- Establish and assure governance for post-production vulnerability management, including monitoring from suppliers, research findings, Red Team outputs, and PSIRT channels, and routing to affected products
- Support readiness for CRA mandatory reporting, including Article 14 reporting workflows and fast-track response for actively exploitable issues
- Capture and disseminate lessons learned (e.g., CWE/CVE insights) back into standards, checklists, and training materials
Your Profile
- 3+ years of experience within Tier 1 or OEM sectors (on-highway or off-highway) in a cybersecurity role
- Demonstrable experience in product cybersecurity assurance, governance, compliance assessment, or cybersecurity audit for embedded or cyber-physical products
- Strong working knowledge of ISO/SAE 21434 and ISO 24882, with the ability to translate them into practical internal processes and evidence expectations
- Working knowledge of IEC 62443 and supplier assurance requirements
- Familiarity with CRA compliance needs, including defined reporting workflows such as Article 14
- Excellent technical writing, communication, and stakeholder management skills, with the ability to present risk clearly and pragmatically
- Knowledge or experience of TARA and threat modelling approaches, including review of threat artefacts such as attack trees, is a plus
- Background in vulnerability management and post-production monitoring/triage governance is a plus
- Experience in cybersecurity requirements engineering and cybersecurity testing (including test evidence expectations) is a plus
- Awareness of functional safety interfaces and the security-safety relationship is a plus
- Understanding of embedded product environments including ECUs, CAN, J1939, and diagnostics such as UDS is a plus
- Familiarity with SBOM concepts and their role in vulnerability monitoring and compliance evidence is a plus
- Self-motivated, analytical, and pragmatic, with strong interpersonal skills and a collaborative mindset
- Resilient and adaptable, with a drive for continuous improvement and a high standard of technical delivery
Why choose us
- An international community bringing together more than 110 different nationalities
- An environment where trust is central: 70% of our leaders started their careers at the entry level
- A strong training system with our internal Academy and more than 250 modules available
- A dynamic work environment that frequently comes together for internal events (afterworks, team buildings, etc.)
Amaris Consulting promotes equal opportunities. We are committed to bringing together people from diverse backgrounds and creating an inclusive work environment. In this regard, we welcome applications from all qualified individuals, regardless of sex, sexual orientation, race, ethnicity, beliefs, age, marital status, disability, or other characteristics.
#LI-HG1
Who are we?
Amaris Consulting is an independent technology consulting firm providing guidance and solutions to businesses. With more than 1000 clients across the globe, we have been rolling out solutions in major projects for over a decade – this is made possible by an international team of 7,600 people spread across 5 continents and more than 60 countries. Our solutions focus on four different Business Lines: Information System & Digital, Telecom, Life Sciences and Engineering. We’re focused on building and nurturing a top talent community where all our team members can achieve their full potential. Amaris is your steppingstone to cross rivers of change, meet challenges and achieve all your projects with success.At Amaris, we strive to provide our candidates with the best possible recruitment experience. We like to get to know our candidates, challenge them, and be able to give them proper feedback as quickly as possible. Here's what our recruitment process looks like:
Brief Call: Our process typically begins with a brief virtual/phone conversation to get to know you! The objective? Learn about you, understand your motivations, and make sure we have the right job for you!
Interviews (the average number of interviews is 3 - the number may vary depending on the level of seniority required for the position). During the interviews, you will meet people from our team: your line manager of course, but also other people related to your future role. We will talk in depth about you, your experience, and skills, but also about the position and what will be expected of you. Of course, you will also get to know Amaris: our culture, our roots, our teams, and your career opportunities!
Case study: Depending on the position, we may ask you to take a test. This could be a role play, a technical assessment, a problem-solving scenario, etc.
As you know, every person is different and so is every role in a company. That is why we have to adapt accordingly, and the process may differ slightly at times. However, please know that we always put ourselves in the candidate's shoes to ensure they have the best possible experience.
We look forward to meeting you!