Vulnerability Architect

About Us

[Employer hidden — view at passion-project.co.uk] Consulting is an independent risk and security consultancy that brings together people, protection, and performance to help organisations achieve Digital Enterprise Resilience. For more than 20 years, [Employer hidden] has enabled the world’s leading companies to understand and optimise their risk and security landscape through assessment-based road mapping, organisational empowerment, and expert application of market-leading technologies. [Employer hidden] is headquartered in London with offices across Asia, Australia, Europe, and North America.

Role Overview

We are seeking an experienced individual with a strong foundation in SAP Vulnerability Management and Threat Detection systems, including associated controls, proficiency in SAP environments, and awareness of Cybersecurity frameworks.

Key Responsibilities

• Design, implement, and assess vulnerability management frameworks, primarily within SAP-enabled environments.
• Lead client conversations on SAP Vulnerability and Threat Management strategy, compliance challenges, and controls optimisation.
• Provide insight on Information Security frameworks (OWASP/NIST/NIS2 etc.) and the Secure Operations Map, helping communicate regulatory or good practice obligations and actionable solutions.
• Manage and mentor junior consultants and analysts to aid a high-performance team culture.
• Support business development activities, including scoping, proposal development, and client pitches throughout the sales lifecycle.
• Build long-term relationships with clients as a trusted advisor in controls and compliance.

Required Core Behaviours

• Ability to focus on the “why” of our solutions, not just the how.
• Demonstrable experience in prioritising the client’s objectives
• Passionate about improving the perception of the industry towards a more business growth enabling function.
• Demonstrable ability to build productive relationships with both internal and external stakeholders in a hybrid working environment.

Required Skills & Experience

• Strong experience designing and executing detection and protective controls, ideally within SAP ERP systems.
• Experience in one of Onapsis, Security Bridge, SAP ETD, Pathlock CAC.
• Strong experience of implementing vulnerability management controls (implementation and testing).
• Knowledge of relevant industry frameworks and vendor solutions aligned to provide such control solutions.
• Demonstrated ability to lead engagements and communicate effectively with senior stakeholders.
• Proven track record in team management and mentoring.
• Familiarity with the consulting sales lifecycle, including opportunity identification and bid support.
• Excellent analytical, presentation, and organisational skills.

Preferred Qualifications

• Professional certifications such as CREST or equivalent.
• Experience in risk advisory or Big Four consultancy environment.
• Exposure to emerging technologies in risk and controls, such as automation, data analytics, AI etc.

Reports to: RSC Director

Salary: Competitive salary depending on a combination of factors, including level of experience and expertise, in addition to an OTE bonus.

Benefits include:

• Pension:on joining, employees will be automatically enrolled in our workplace pension scheme
• Holiday Entitlement: employees receive 25 days per holiday year plus all statutory bank and public holidays in England and Wales
• Private Medical Insurance: employees will be enrolled onto the company BUPA healthcare scheme
• Insurances: Life Insurance and Critical Illness cover are provided to all employees
• Carbon Offset:Employees will be enrolled on the company's carbon offset scheme, which is committed to offsetting at least 50% of all employees' personal carbon emissions. All [Employer hidden] employees are entitled to £40 worth of carbon credits each year, which can offset 7 tonnes of carbon. Options are available to increase carbon credit amounts, which would be treated as a benefit in kind.

Location: Based in our London office, with hybrid working (expected office working 2-3 days per week). Occasional travel to our offices in other countries will be expected as part of this role if there is a requirement to do so.