Job Description
Security Remediation & Risk Reduction Consultant
Location: London (Hybrid)
Overview
Our client is undergoing a major transformation of its Security Risk Management capability, focusing on enhanced technical execution, regulatory alignment, and operational maturity.
Guided by NIST SP 800-53, GDPR, PRA (BoE), and FRB/OCC expectations, they are shifting from project-led practices towards a BAU security operations model. This initiative spans four key roles designed to elevate governance, risk quantification, assurance, metrics, and continuous risk reduction.
As an Albany Beck Consultant, you will play a leading role in this transformation, working directly within a team of skilled security professionals with technical depth, and a strong enterprise risk mindset.
Role Summary
We are seeking a Security Remediation & Risk Reduction Consultant to lead enterprise-wide remediation activities. You will work across control owners and transformation teams to reduce security risk, close gaps, and drive meaningful improvements to the organisation’s overall risk posture.
Key Responsibilities
* Monitor remediation efforts across Corrective Action Plans (CAPs), Significant Information Issues (SIIs), dispensations, and broader transformation programmes
* Maintain oversight of Archer GRC reconciliation and support the semi-automated tracking of risk closure
* Collaborate with governance, risk, and compliance teams to ensure alignment with strategic risk appetite
* Review and assess remediation evidence to validate risk reduction to acceptable levels
* Contribute to the development of operationalised risk reduction reporting and overall risk posture updates
Required Skills & Experience
* Significant experience in risk remediation, security assurance cycles, and related functions within regulated environments
* Strong knowledge of Archer, policy exception management, and risk lifecycle processes
* Ability to critically evaluate remediation efforts and align them with broader business transformation goals
* Clear understanding of enterprise risk, with the ability to quantify and communicate residual risk
* Proactive, delivery-focused mindset suited to a maturing security environment