Nous serons bien ensemble

The Geotechnical Sub Alliance (GSA) is at the forefront of the Sizewell C nuclear power station development—one of the UK’s largest and most exciting infrastructure programmes.

We’re responsible for preparing the foundations of the entire site: designing and constructing cut‑off walls, retaining structures, soil improvements and more. Using advanced geotechnical engineering and world‑class construction technologies, this is a rare opportunity to contribute to a national project that will shape the UK’s clean‑energy future.

The Information Security & Assurance Officer ensures GSA implements all mandatory information and cybersecurity controls required under the client Information Security Management Plan (ISMP), associated security documents and all security governance requirements agreed by parent company representatives. 

This includes responsibility for: 

• Assurance of GSA systems, including O365, identity, MFA, endpoint controls and office locations
• Integration with client SOC monitoring, log availability, incident reporting 
  Compliance across onshore and offshore teams
• Ensuring flow‑down to downstream subcontractors
• IS027001 alignment, implementing an ISMS and leading on incident management to provide a business wide, good cyber security posture.  

Key responsibilities in greater detail:

Governance & Compliance

• Implement client ISMP controls across GSA, enforcing SAL, export‑control, classification and data‑handling rules.
• Ensure subcontractor security flow‑downs and maintain governance evidence, documentation and audit materials.
• Support client/partner security reviews and monitor compliance with GDPR/DPA, NIS2 (as applicable), and sector standards (PSN/NHS DSPT).

O365 Security

• Provide assurance and governance over identity & access, O365 baseline compliance, data protection, logging and monitoring.

SOC Integration

• Oversee log availability, security monitoring, alerting, incident response and SOC standards.

Assurance & Risk

• Own the ISMS (policies, standards, procedures).
• Complete required assessments (TPSA, SRA, DPIA, ECIA) and submit evidence for approval.
• Track remediation, review suppliers, manage security awareness, and govern tooling/technology.

Stakeholder Engagement

• Act as a trusted adviser to IT, projects and business units.
• Deliver security awareness and phishing campaigns and manage actions with suppliers, MSSPs, SOC and auditors.

Continuous Improvement

• Identify optimisation and automation opportunities; contribute to roadmap and stay current with industry trends.

Core

• Promote company/client values and support a positive safety culture.

• Demonstrable experience in information security assurance and technical cyber operations within a UK organisation.
• Working knowledge of ISO/IEC 27001, Cyber Essentials Plus, NIST CSF, and UK GDPR / DPA 2018.
• Hands‑on familiarity with modern security tooling (e.g., Microsoft Defender suite, Sentinel SIEM, EDR/XDR, vulnerability scanners). 
  Experience conducting/leading security incident response, root‑cause analysis, and post‑incident reviews including with SOC ((internal or MSSP)
• Ability to produce clear assurance reports, policies/standards, and executive‑level dashboards.
• Excellent stakeholder management; able to translate technical risk into business impact and pragmatic actions. 

Qualifications & Experience 

• A degree (or suitable experience) in a computer or cyber security subjects 
• Familiarity with ISO 27001 Cyber Essentials Plus, NIST CSF, and UK GDPR.
• Familiarity with SANS 20 critical security controls and UK Top 10/Cyber Essentials   

When you join the world’s largest specialist geotechnical contractor, you’re part of an international community of over 10,000 experts, based in 31 countries around the world. You’ll have the opportunity to contribute to prestigious, ground-breaking projects, using the very latest tools and technology to solve complex problems, constantly learn new skills and take your career in any direction.

Benefits

As well as being part of a landmark project and working in a collaborative alliance environment, we offer:

• Discretionary annual bonus (based on personal/project performance)
• Salary Sacrifice Pension Scheme (min. 5% company contribution)
• Enhanced Sick Pay (after probation)
• Income Protection, Private Medical Insurance and Life Assurance
• Employee Assistance Programme
• 25-days annual leave + Bank Holidays per year (increasing with service)
• Option to purchase additional annual leave
• Paid annual professional memberships
• Volunteering days
• Professional growth and development
  

Bachy Soletanche is committed to equal opportunities in employment with the aim of ensuring that everyone who applies to work for us receives fair treatment. We positively encourage applications from suitably qualified and eligible candidates regardless of age, disability, ethnicity, sex, gender identity, sexual orientation, religion or belief and pregnancy/maternity.