Senior Information Security Consultant - FTC

Senior Information Security Consultant required to lead and mature cybersecurity risk posture, ensuring risk remains within organisational tolerance levels. This is a senior, influential role where you will provide strategic oversight of the cybersecurity risk assessment framework and embed risk management practices across business and technology change initiatives.

Working closely with Governance, Risk & Compliance teams, technical leaders, and senior stakeholders, you will help build a clear, credible, and actionable view of cyber risk-translating threat intelligence and technical insight into decision-driving outcomes.

You will also provide technical leadership to a team of Cyber Risk Specialists, acting as a subject matter authority and escalation point, while shaping capability, standards, and ways of working across the organisation.

This is a global role requiring strong cross functional influence across business and technology domains to support the ongoing management and reduction of cyber risk.

What You'll Do

• Lead the technical management, delivery, and operationalisation of a cybersecurity risk assessment framework and associated processes.
• Regularly review and contribute to organisational cyber risk appetite statements.
• Partner with vendors to develop, maintain, and optimise tooling that supports cybersecurity risk assessment activities.
• Produce clear, insightful cybersecurity risk reporting for governance forums and senior leadership, tailoring messaging for different audiences.
• Act as a subject matter expert in developing cybersecurity risk training, working with security and business stakeholders to embed effective risk assessment practices.
• Stay current with cybersecurity risk management standards, frameworks, and emerging threats, sharing insight across teams and leadership.
• Coach, mentor, and develop Cyber Risk Specialists, Analysts, and Associates, supporting capability growth and career progression.

Who You Are Essential

• Strong expertise in Cybersecurity Risk Management, with broad knowledge across cybersecurity governance domains.
• Experience implementing and operating industry recognised frameworks (eg NIST CSF).
• A proactive interest in attacker tactics, techniques, and procedures (TTPs).
• At least 5 years' relevant experience, ideally across multiple sectors (eg Retail, Financial Services).
• Strong analytical and lateral thinking skills, with the ability to identify root causes of complex issues.
• Excellent communication skills, able to explain complex technical risk to non technical stakeholders.

Desirable

• Hands on technical mindset and confidence working closely with engineering and architecture teams.
• Familiarity with formal risk methodologies (eg FAIR).
• Solid technical grounding across platforms such as Active Directory, Entra ID, and Azure.
• Comfortable reviewing high level designs and technical documentation.
• Relevant certifications or qualifications, such as:
  • COBIT/ITIL
  • CISSP, CISM, CRISC, CGEIT
  • Degree in Computer Science or Cyber Security