Cyber Risk & Security Manager

Posted 01 December 2025

We are seeking an experienced Cyber Risk & Security Manager to lead the delivery of cyber risk assessments, governance advisory services, security maturity programmes, and SOC strategy engagements. The role requires a highly capable security professional with experience across risk advisory, vulnerability management, security operations design, compliance frameworks, and executive reporting.

The successful candidate will operate at both strategic and technical levels, supporting board-level decision-making while driving operational security improvements aligned to recognised standards such as NIST CSF, ISO 27001, DORA, PCI-DSS, and MITRE ATT&CK.

Reporting To:
Director / Head of Cyber Security

Location:
London (Hybrid)

Employment Type:
Full-Time

Salary:
£50,000 – £70,000 (dependent on experience and sponsorship thresholds)

Key Responsibilities

Cyber Risk & Governance

Lead end-to-end cyber risk assessments and cyber maturity reviews.
Conduct cyber risk quantification exercises using recognised methodologies (e.g., FAIR).
Develop and deliver tabletop exercises and resilience simulations.
Produce executive-level cyber risk reports and mitigation roadmaps.
Provide strategic advisory support to senior stakeholders and underwriters.

Security Operations & Vulnerability Management

Design and implement Security Operations Centre (SOC) operating models.
Conduct vulnerability management programmes, gap analyses, and remediation tracking.
Lead penetration testing and application security assessments (OWASP Top 10).
Oversee DLP and DDA monitoring strategies.

Compliance & Regulatory Alignment

Support ISMS implementation aligned with ISO 27001.
Ensure alignment with GDPR, PCI-DSS, DORA, NIST CSF, COBIT, SANS, and related frameworks.
Develop security policies, SOPs, and governance documentation.
Conduct IT resilience and cloud security audits.

Technical & Transformation Advisory

Advise on cloud migration security and VDI transformation programmes.
Conduct asset management audits and security architecture reviews.
Perform cyber breach investigations and incident management leadership.
Implement automation initiatives to improve cyber risk evaluation processes.

Stakeholder & Practice Development

Engage with senior executives and cross-functional stakeholders.
Contribute to proposal development and client solution design.
Mentor junior consultants and contribute to internal capability development.
Support cybersecurity awareness and outreach initiatives.

Required Skills & Experience

Essential

10+ years’ experience in cyber security, risk advisory, or security operations.
Proven experience delivering cyber maturity assessments and risk advisory engagements.
Experience designing SOC or security operating models.
Strong understanding of vulnerability management and penetration testing.
Experience aligning organisations to NIST CSF, ISO 27001, and related frameworks.
Executive report writing and board-level presentation capability.
Experience leading client engagements and managing stakeholders.
Ideally big 4 experience

Technical Expertise

Tools: Kali Linux, Burp Suite, Acunetix, Nessus, OWASP ZAP, Nmap, Wireshark, ServiceNow.
Programming knowledge: Python, JavaScript, C/C++, ASP.NET (desirable).
Familiarity with MITRE ATT&CK and FAIR methodologies.

Qualifications

MSc in Cyber Security (or equivalent)
CEH, CompTIA Security+ (required or equivalent experience)
CISSP (desirable / in progress)
AWS Cloud certification (desirable)
CE Advisor or prepared to become a Cyber Essentials Assessor

Competencies

Strategic thinker with strong analytical capability
Strong documentation and structured reporting ability
Excellent stakeholder communication skills
Leadership and mentoring capability
Process improvement and automation mindset

Working Hours

37.5 – 40 hours per week

Visa & Compliance

This role meets Skilled Worker sponsorship skill-level requirements (RQF Level 6+). Sponsorship may be considered subject to eligibility and Home Office compliance requirements.