Cloud Assurance Specialist

Financial Conduct Authority

Regulating financial services firms and financial markets in the UK, https://www.fca.org.uk/careers

Requirements of the role

Cyber and Information Resilience (C&IR) is responsible for the management of cyber security at the FCA. ‘Cyber security’ means the protection of the FCA’s data and systems from malicious and/or accidental activity, including theft, damage and disruption, in order that the FCA can deliver its key business functions. C&IR is part of a Directorate lead by our CISO, Director of Cyber & Operational Resilience Division.

The Platform Assurance team provides independent assurance and specialised oversight across the FCA’s core technology platforms, spanning cloud‑hosted and on‑premise services, network, endpoint, identity and secure software delivery (SSDLC). The team plays a critical role in ensuring that security controls are well‑designed, effectively implemented and continuously improving in line with FCA risk appetite.

Role Responsibilities

• Oversee assurance activities for Microsoft Azure, evaluating security posture, architecture and control effectiveness across core cloud services

• Provide cloud-agnostic assurance oversight across AWS and key SaaS platforms (including Salesforce), ensuring consistent assessment standards regardless of technology stack

• Act as a subject-matter (SME) for platform security, offering guidance and challenge on security design, engineering decisions and control implementations

• Deliver architectural security oversight across platform domains, identifying design weaknesses, control gaps and improvement opportunities early in the lifecycle

• Reduce risk through pragmatic remediation, working with platform teams to prioritise issues, agree proportionate fixes and track actions through to closure

• Promote sustained control maturity, assessing control performance over time and recommending enhancements to improve resilience and governance

• Maintain independence from control ownership, providing objective assurance, effective second-line challenge and credible risk-based reporting

• Collaborate across multiple platform teams and stakeholders within Cyber & Information Resilience (C&IR), aligning assurance outcomes to organisational risk appetite and resilience objectives

View on member website

View

Location

London, Edinburgh, Leeds

Contract type

Full time, Permanent

Profession

IT, Resilience

Working pattern

Flexible working, Hybrid

Closing Date

14/05/2026