Senior or Principal Security Consultant – Risk Management

The Role

We are seeking an exceptionally capable Security Consultant to join the company within the Risk Management team within the Security Practice. Our consultants are engaged across Security Engineering and Assurance tasks, working on parallel projects and workstreams, and take the lead on day-to-day client interface. You will also be comfortable enhancing customer relationships with new opportunities and assisting with bids and presales where necessary.

You will have experience of working across system lifecycles and be capable of supporting clients through business-focused requirement specification and definition. You will have a broad experience of technical security, producing technical risk assessments and solution architecture documents.

The ideal candidate will be both experienced and invested in ensuring that our clients’ solutions are Secure by Design. To enable this, strong inter-personal skills are essential, e.g. ability to lead workshops, engage with business leaders, and interact with diverse project teams and stakeholders.

With your experience you will be comfortable operating in a ‘customer friend’ type role, supporting the client to develop and deliver secure systems, understanding risks and managing complex system security whilst communicating effectively with technical and non-technical stakeholders.

Your experience will include:

• Expertise in Defensive Cyber, Enterprise Architecture, Secure Systems, Network & Cloud Security, System Hardening, Cryptographic Controls (PKI, Data at Rest/In Transit), Protective Monitoring, and Security Auditing.
• Strong understanding of the ISO 27000 series, NIST Cyber Security & Risk Management Frameworks, NCSC CAF, and other industry standards.
• Familiarity with NCSC guidance and legacy Information Assurance (IA) standards.
• Experience with MOD security frameworks including JSP 604, JSP 440, JSP 902, and DEFCON 659A.
• Experience in business growth and bid development is desirable.

Employment is subject to satisfactory BPSS and SC security clearance which requires 5 years continuous UK address history at the point of application. Travel to client sites and [Employer hidden] offices will be required.

What We’re Looking For

Essential

• Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or another industry recognised cyber security certification.

Desirable

• Full Membership of the Chartered Institute of Information Security (CIISec) – highly desirable.
• Chartered or Principal status via the UK Cyber Security Council for Risk Management.
• IEng or CEng registered with UK Engineering body.
• Chartership through the British Computer Society.

Why Join [Employer hidden]

• Work on impactful projects that drive efficiency and innovation across diverse sectors.
• Access professional development pathways tailored to your career ambitions.
• Enjoy flexible working arrangements and a competitive benefits package.

Other Information

[Employer hidden] is committed to investing in people, offering clear progression pathway into our consultancy service, and we will passionately support professional growth to develop our employees.

Flexible working is available including part-time / term time working patterns. All suggestions are welcomed to be discussed as part of a proposed employment package.

[Employer hidden] is dedicated to fostering an inclusive workplace. Our commitment is to ensure equal opportunities for all in both employment and career advancement. We base our decisions on individual merit, qualifications and suitability for the role, without regard to gender, age, marital or civil partnership status, sexual orientation, ethnicity, disability, race, religion or national background.

*Bonus payments are discretionary and awarded upon successful completion of probation.