Inside IR35, 750 P/D
Hybrid, London/Manchester or Bristol
Active SC
The role:
Lead cyber and information security risk management, assurance, and architectural advisory for major applications and digital services during alpha, beta, and early live phases.
Deliver critical security assessments and IT Health Checks, providing expert assurance across portfolio projects, with a focus on SaaS tooling compliance against NCSC Cloud Security Principles.
Facilitate and oversee Security Working Groups throughout all key development and deployment stages, ensuring risks are tracked, logged, and reported to the Head of Cyber Risk and Assurance, with actionable recommendations provided.
Produce formal risk assessments and risk treatment plans (RTPs) for all digital services and associated tooling, ensuring robust protection in accordance with business risk appetite.
Develop, review, and advise on Secure by Design policies/practices, including safe use of AI, secure coding, and regulatory compliance frameworks (e.g., OWASP, DPIA, GovAssure).
Coordinate cross-platform activities and enable secure delivery of new services, including supporting incident management and continuous improvement of live service security practices.
Routinely provide monthly (and ad-hoc) risk briefings to senior leaders, evidencing assurance, identifying risks outside tolerance, mapping exposure, and recommending mitigations and controls.
Mentor and train digital service teams and wider Information Security staff, sharing best practices and building internal capability for risk assessment and management.
Support implementation and ongoing usage of risk management tooling, ensuring all details are uploaded promptly and appropriately, such as the SureCloud risk register.
Engage proactively with senior internal and external stakeholders, promoting security culture and enabling confident delivery aligned with organisational priorities.
Future line management activities as the team grows
If you are interested, apply here!