Senior Cyber Assurance and Risk Consultant

As a strategic and leadership role, you will be instrumental in shaping and driving security and risk programs to align with internal business objectives, industry good practices (including Secure by Design aligned to UK Government principles), and regulatory requirements (including GovAssure and NCSC Cyber Assurance Framework).

1. Develop and execute GRC strategies that align with business objectives and support business processes.
2. Drive pragmatic and creative solutions to GRC challenges, applying agile methodologies to adapt to new regulations, compliance requirements, and business changes.
3. Advise on and foster continuous improvement of GRC processes, improving management information for better prioritization and risk-based decisions.
4. Lead initiatives that build a culture of accountability and responsibility across engagements.
5. Enhance governance processes and advise on evidencing alignment with regulatory requirements (such as NCSC CAF) and industry good practices (including Secure by Design).
6. Provide security expertise across standards and accreditations, measure and control the effectiveness of the security controls framework, and maintain the Information Security Management System.
7. Develop and deliver documented Information Security Management Plans, incorporating regulatory, legal, and compliance considerations.
8. Assist in identifying risks, emerging cybersecurity vulnerabilities, and threats, and lead risk mitigation plans.
9. Work with Service Management to ensure partners and suppliers adhere to standards, policies, and security KPIs.
10. Collaborate with 1st, 2nd, and 3rd lines of defense on cybersecurity, information assurance, risk, and compliance matters.
11. Lead the development and enhancement of GRC aligned with policies, standards, and industry best practices.
12. Ensure continuous assessment and reporting of metrics for informed risk-based decisions.
13. Maintain Information Security Management practices to achieve relevant industry certifications (e.g., ISO 27001).
14. Perform focused risk assessments of services and technologies, including third-party supplier assessments during onboarding and contracts.
15. Maintain strong relationships with stakeholders involved in managing information risk.
16. Chair and coordinate Security Working Groups and participate in governance forums.

1. Extensive knowledge of GRC frameworks, compliance obligations, and proactive risk management.
2. Minimum of 10 years’ experience in GRC roles, with at least 5 years in leadership or management.
3. Relevant certifications such as CISSP, CISM, CCSP, CISA, CRISC, or equivalent experience.
4. Practical knowledge of industry security frameworks like NIST 800-53, NCSC CAF, NIST CSF, DORA, and NCSC guidelines.
5. Good understanding of cybersecurity domains including network and cloud security, vulnerability management, third-party risk, and application security.
6. Knowledge of networking concepts (switching, routing, firewalls).
7. Understanding of security testing and vulnerability management, including pen testing and CVSS/CVE.
8. Experience with standards such as ISO 27001, 27002, 27017, 27108.

Desirable Skills and Experience:

1. Enjoys consulting with diverse clients and technologies.
2. Proposes security requirements independently.
3. Manages technical tasks in client projects.
4. Has a hands-on technical background.

Candidates must hold or be eligible to obtain UK SC level Security Clearance or higher.