Cambridge University Press & Assessment
Cambridge, Cambridgeshire
Job Title: Security Risk Lead Salary: £53,300 - £71,300 Location: Cambridge/Hybrid with 2 days a week minimum in the office Contract: Permanent Hours: 35 hour per week Join our organisation as a Security Risk Lead. Utilise your expertise and drive to safeguard operations in this impactful role. We are Cambridge University Press & Assessment, a world-leading academic publisher and assessment organisation and a proud part of the University of Cambridge. About the role The Security Risk Lead plays a pivotal role by driving Cambridge University Press & Assessment's security risk management strategy. This position is responsible for identifying, assessing, and mitigating operational, financial, and strategic security risks across the organisation to ensure a resilient and compliant security framework. Overseeing the Security Risk Manager, the Security Risk Lead will work closely with senior stakeholders to develop and embed risk management processes that align with the organisation's priorities. They will also take the lead on key initiatives to reduce the organisation's risk exposure, delivering critical risk insights, reports Lead and improve the security risk management strategy, in line with Enterprise risk strategy, identifying, analysing, and evaluating risks that may affect the organisation. Implement controls to mitigate risks and ensure effective execution. Manage and support the Security Risk Manager. Prepare and present regular risk reports for senior management. Oversee the analysis and monitoring of risks, ensuring emerging risks are flagged. Ensure compliance with regulatory requirements. Monitor industry trends and best practices. Collaborate with the Head of Security GRC and teams to manage incidents and propose corrective actions. Provide risk management training and develop a risk-aware culture. Support the development of security risk policies and frameworks. Collect data for risk assessments and foster a collaborative risk management approach. Provide risk management input on key projects. Represent the organisation in industry forums. This position has been classified as a hybrid role, requiring the selected candidate to typically spend 40-60% of their time collaborating and connecting face-to-face at their dedicated location. Aside from our hybrid principles, other flexible working requests will be considered from the first day of employment, including other work arrangements should you require adjustments due to a disability or long-term health condition. About You We are looking for someone with extensive knowledge of security risk management frameworks and methodologies (e.g., ISO 31000, 27001, 27005, NIST) and regulatory requirements in the industry The ideal candidate will have a relevant degree in Risk Management, Finance, Business, or a related field, or appropriate business experience, along with active CRISC or 27005 Risk Manager certification You should have a minimum of 5 years or demonstrated experience in a governance, risk, or compliance role within an information security context Strong analytical and problem-solving abilities, excellent written and verbal communication skills, and proficiency in risk management software and MS Office Suite are essential You should be detail-oriented with strong organisational and project management skills, and able to work well in a team-oriented environment and build relationships with stakeholders If you meet the above minimum requirements, we encourage you to apply. Your application will be even stronger if you can also demonstrate the following desirable criteria: Design or implementation of parts of or all of a Risk Management Framework Managed risks within an operational environment Developed risk management recommendations for senior leadership Managed and maintained a comprehensive risk management framework, including risks registers, control tracking, governance fora and reporting measures For a detailed job description, please refer to the link at the bottom of the advert on our careers site. We are a Disability Confident (DC) employer that is committed to equality and inclusion ensuring our recruitment process is accessible to all. The DC scheme's Offer of an Interview commitment applies to applicants who opt in, and disclose a disability or a long-term health condition, and best meet the minimum criteria for the role. In instances where interviewing all qualifying candidates is not practicable, we prioritise those who best meet the minimum criteria, as we would for applicants who do not have a disability or long-term health condition. Cambridge University Press & Assessment is an approved UK employer for the sponsorship of eligible roles and applicants under the Skilled Worker visa route. Please refer to the gov.uk website for guidance to understand your own eligibility based on the role you are applying for. Rewards and benefits We will support you to be at your best in work and to live well outside of it. In addition to competitive salaries, we offer a world-class, flexible rewards package , featuring family-friendly and planet-friendly benefits including: 28 days annual leave plus bank holidays Private medical and Permanent Health Insurance Discretionary annual bonus Group personal pension scheme Life assurance up to 4 x annual salary Green travel schemes Ready to pursue your potential? Apply now. We aim to support candidates by making our interview process clear and transparent. The closing date for all applications will be 17 th April 2026. We will review applications on an ongoing basis, and shortlisted candidates can expect interviews to take place shortly after it closes If you are shortlisted and progressed through the stages, you can expect: A 15-minute screening call with the Hiring Manager. First stage virtual interview via MS Teams. You will be provided with a brief to complete a role related task which will need to be returned by email in advance of your interview. Final stage interview: in-person at our offices in Cambridge. If you require any reasonable adjustments during the recruitment process due to a disability or a long-term health condition, there will be an opportunity for you to inform us via the online application form. We will do our best to accommodate your needs. Please note that successful applicants will be subject to satisfactory background checks including DBS due to working in a regulated industry. We are committed to an equitable recruitment process. As such, applications must be submitted via our official online application procedure. Please refrain from sending your CV directly to our recruiters. If you experience technical difficulties or require additional support with submitting your online application, contact the Recruiter. Why join us Joining us is your opportunity to pursue potential. You will belong to a collaborative team that is exploring new and better ways to serve students, teachers and researchers across the globe - for the benefit of individuals, society and the world. Sharing our mission will inspire your own growth, development and progress, in an environment which embraces difference, change and aspiration. Cambridge University Press & Assessment is committed to being a place where anyone can enjoy a successful career, where it is safe to speak up, and where we learn continuously to improve together. We welcome applications from all candidates, regardless of demographic characteristics (age, disability, educational attainment, ethnicity, gender, marital status, neurodiversity, religion, sex, gender identity and sexual identity), cultural, or social class/background. We believe better outcomes come through diversity of thought, background and approach. We welcome applications from people from all backgrounds and communities, actively seeking to employ people from a wide range of different communities. Documents 2024.09 Security Risk Lead v.3 (1).pdf (79.64 KB)
Apr 14, 2026
Full time
Job Title: Security Risk Lead Salary: £53,300 - £71,300 Location: Cambridge/Hybrid with 2 days a week minimum in the office Contract: Permanent Hours: 35 hour per week Join our organisation as a Security Risk Lead. Utilise your expertise and drive to safeguard operations in this impactful role. We are Cambridge University Press & Assessment, a world-leading academic publisher and assessment organisation and a proud part of the University of Cambridge. About the role The Security Risk Lead plays a pivotal role by driving Cambridge University Press & Assessment's security risk management strategy. This position is responsible for identifying, assessing, and mitigating operational, financial, and strategic security risks across the organisation to ensure a resilient and compliant security framework. Overseeing the Security Risk Manager, the Security Risk Lead will work closely with senior stakeholders to develop and embed risk management processes that align with the organisation's priorities. They will also take the lead on key initiatives to reduce the organisation's risk exposure, delivering critical risk insights, reports Lead and improve the security risk management strategy, in line with Enterprise risk strategy, identifying, analysing, and evaluating risks that may affect the organisation. Implement controls to mitigate risks and ensure effective execution. Manage and support the Security Risk Manager. Prepare and present regular risk reports for senior management. Oversee the analysis and monitoring of risks, ensuring emerging risks are flagged. Ensure compliance with regulatory requirements. Monitor industry trends and best practices. Collaborate with the Head of Security GRC and teams to manage incidents and propose corrective actions. Provide risk management training and develop a risk-aware culture. Support the development of security risk policies and frameworks. Collect data for risk assessments and foster a collaborative risk management approach. Provide risk management input on key projects. Represent the organisation in industry forums. This position has been classified as a hybrid role, requiring the selected candidate to typically spend 40-60% of their time collaborating and connecting face-to-face at their dedicated location. Aside from our hybrid principles, other flexible working requests will be considered from the first day of employment, including other work arrangements should you require adjustments due to a disability or long-term health condition. About You We are looking for someone with extensive knowledge of security risk management frameworks and methodologies (e.g., ISO 31000, 27001, 27005, NIST) and regulatory requirements in the industry The ideal candidate will have a relevant degree in Risk Management, Finance, Business, or a related field, or appropriate business experience, along with active CRISC or 27005 Risk Manager certification You should have a minimum of 5 years or demonstrated experience in a governance, risk, or compliance role within an information security context Strong analytical and problem-solving abilities, excellent written and verbal communication skills, and proficiency in risk management software and MS Office Suite are essential You should be detail-oriented with strong organisational and project management skills, and able to work well in a team-oriented environment and build relationships with stakeholders If you meet the above minimum requirements, we encourage you to apply. Your application will be even stronger if you can also demonstrate the following desirable criteria: Design or implementation of parts of or all of a Risk Management Framework Managed risks within an operational environment Developed risk management recommendations for senior leadership Managed and maintained a comprehensive risk management framework, including risks registers, control tracking, governance fora and reporting measures For a detailed job description, please refer to the link at the bottom of the advert on our careers site. We are a Disability Confident (DC) employer that is committed to equality and inclusion ensuring our recruitment process is accessible to all. The DC scheme's Offer of an Interview commitment applies to applicants who opt in, and disclose a disability or a long-term health condition, and best meet the minimum criteria for the role. In instances where interviewing all qualifying candidates is not practicable, we prioritise those who best meet the minimum criteria, as we would for applicants who do not have a disability or long-term health condition. Cambridge University Press & Assessment is an approved UK employer for the sponsorship of eligible roles and applicants under the Skilled Worker visa route. Please refer to the gov.uk website for guidance to understand your own eligibility based on the role you are applying for. Rewards and benefits We will support you to be at your best in work and to live well outside of it. In addition to competitive salaries, we offer a world-class, flexible rewards package , featuring family-friendly and planet-friendly benefits including: 28 days annual leave plus bank holidays Private medical and Permanent Health Insurance Discretionary annual bonus Group personal pension scheme Life assurance up to 4 x annual salary Green travel schemes Ready to pursue your potential? Apply now. We aim to support candidates by making our interview process clear and transparent. The closing date for all applications will be 17 th April 2026. We will review applications on an ongoing basis, and shortlisted candidates can expect interviews to take place shortly after it closes If you are shortlisted and progressed through the stages, you can expect: A 15-minute screening call with the Hiring Manager. First stage virtual interview via MS Teams. You will be provided with a brief to complete a role related task which will need to be returned by email in advance of your interview. Final stage interview: in-person at our offices in Cambridge. If you require any reasonable adjustments during the recruitment process due to a disability or a long-term health condition, there will be an opportunity for you to inform us via the online application form. We will do our best to accommodate your needs. Please note that successful applicants will be subject to satisfactory background checks including DBS due to working in a regulated industry. We are committed to an equitable recruitment process. As such, applications must be submitted via our official online application procedure. Please refrain from sending your CV directly to our recruiters. If you experience technical difficulties or require additional support with submitting your online application, contact the Recruiter. Why join us Joining us is your opportunity to pursue potential. You will belong to a collaborative team that is exploring new and better ways to serve students, teachers and researchers across the globe - for the benefit of individuals, society and the world. Sharing our mission will inspire your own growth, development and progress, in an environment which embraces difference, change and aspiration. Cambridge University Press & Assessment is committed to being a place where anyone can enjoy a successful career, where it is safe to speak up, and where we learn continuously to improve together. We welcome applications from all candidates, regardless of demographic characteristics (age, disability, educational attainment, ethnicity, gender, marital status, neurodiversity, religion, sex, gender identity and sexual identity), cultural, or social class/background. We believe better outcomes come through diversity of thought, background and approach. We welcome applications from people from all backgrounds and communities, actively seeking to employ people from a wide range of different communities. Documents 2024.09 Security Risk Lead v.3 (1).pdf (79.64 KB)
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. About the role The Risk, Compliance & Resilience Advisor shall help to manage compliance and assurance for supporting the Senior Manager - Risk & Compliance and Risk & Resilience Lead by ensuring that: Risk Assessment: Assist in identifying, assessing, and prioritising risks across the organisation. Conduct risk assessments to evaluate the likelihood and potential impact of risks on business operations and objectives Compliance Monitoring: Monitor regulatory developments and changes in laws, regulations, and industry standards. Assess the organisation's compliance with applicable regulations, standards, and internal policies Resilience Planning: Support the Global Risk & Resilience Lead in the Development and maintenance of IT resilience and business continuity plans to ensure the organisation's ability to respond to and recover from IT disruptions Incident Response and Management: Provide support in DR related incident response activities, including investigating IT security incidents, breaches, and disruptions Issue Identification: Identify and document risk deficiencies, compliance gaps, and areas for improvement. Collaborate with stakeholders to develop actionable recommendations and corrective action plans to address identified issues Documentation and Reporting: Maintain accurate documentation of risk assessments, compliance reviews, control testing activities, and remediation efforts. Prepare regular reports for management and stakeholders on the status of risk, compliance, and control activities Policy and Procedure Development: Assist in the development and maintenance of risk management, compliance, and control related policies, procedures, and guidelines. Ensure alignment with regulatory requirements and industry best practices in alignment with the Global IS Governance Lead Vendor Risk Management Support: Assist in assessing and managing risks associated with third party vendors and service providers. Evaluate vendor controls and adherence to contractual obligations Continuous Improvement: Identify opportunities for enhancing risk management, compliance, and control processes. Recommend and implement improvements to strengthen the organisation's risk and control environment Project Work: Contribute to project activities as required to ensure GRC requirements are understood and addressed Areas of Accountability, Responsibility and Competence Level Works with the Global Risk & Compliance Senior Manager to support IS in the delivery of governance, compliance, and risk activities, whilst supporting the Integration projects Supports the execution of the security, audit, and compliance activities Supports the Global Risk & Compliance Senior Manager by ensuring the successful delivery of initiatives and projects within the Risk and Compliance environment Supports the Risk & Compliance Senior Manager, and Risk & Resilience Lead in any required activities which support improvements in assurance, compliance, and audit activities Addresses findings from identified risks or audits Ensures the ISMS contains an accurate record of risks, events, and issues Supports the internal and external audit investigations Ensures that the audit tests, self certifications, and audit reviews are relevant, consistent, and conducted in accordance with professionally accepted auditing standards Works with minimal supervision, using clearly defined processes and procedures Facilitates the use of performance metrics to improve output May be required to provide out of hours support via an on call rota Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate compliance and risk related concepts to technical and non technical audiences Substantial relevant experience in control management for governance, compliance, IT audits, IS assurance and risk management programmes CISA, CISM or equivalent preferred BSc or equivalent qualification in IT based degree preferred 3+ years relevant IT work experience Proven ability to communicate with technical teams to elicit information and requirements Understanding of regulatory requirements, including cross industry regulations (e.g., GDPR, Data Protection Act) and industry specific regulations Skilled in implementing compliance and control frameworks Proficient in IT governance and quality standards Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including and Cybersecurity Framework Excellent stakeholder management skills High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgement and maturity Knowledge of OneTrust risk management toolset or similar preferred At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us.
Apr 08, 2026
Full time
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. About the role The Risk, Compliance & Resilience Advisor shall help to manage compliance and assurance for supporting the Senior Manager - Risk & Compliance and Risk & Resilience Lead by ensuring that: Risk Assessment: Assist in identifying, assessing, and prioritising risks across the organisation. Conduct risk assessments to evaluate the likelihood and potential impact of risks on business operations and objectives Compliance Monitoring: Monitor regulatory developments and changes in laws, regulations, and industry standards. Assess the organisation's compliance with applicable regulations, standards, and internal policies Resilience Planning: Support the Global Risk & Resilience Lead in the Development and maintenance of IT resilience and business continuity plans to ensure the organisation's ability to respond to and recover from IT disruptions Incident Response and Management: Provide support in DR related incident response activities, including investigating IT security incidents, breaches, and disruptions Issue Identification: Identify and document risk deficiencies, compliance gaps, and areas for improvement. Collaborate with stakeholders to develop actionable recommendations and corrective action plans to address identified issues Documentation and Reporting: Maintain accurate documentation of risk assessments, compliance reviews, control testing activities, and remediation efforts. Prepare regular reports for management and stakeholders on the status of risk, compliance, and control activities Policy and Procedure Development: Assist in the development and maintenance of risk management, compliance, and control related policies, procedures, and guidelines. Ensure alignment with regulatory requirements and industry best practices in alignment with the Global IS Governance Lead Vendor Risk Management Support: Assist in assessing and managing risks associated with third party vendors and service providers. Evaluate vendor controls and adherence to contractual obligations Continuous Improvement: Identify opportunities for enhancing risk management, compliance, and control processes. Recommend and implement improvements to strengthen the organisation's risk and control environment Project Work: Contribute to project activities as required to ensure GRC requirements are understood and addressed Areas of Accountability, Responsibility and Competence Level Works with the Global Risk & Compliance Senior Manager to support IS in the delivery of governance, compliance, and risk activities, whilst supporting the Integration projects Supports the execution of the security, audit, and compliance activities Supports the Global Risk & Compliance Senior Manager by ensuring the successful delivery of initiatives and projects within the Risk and Compliance environment Supports the Risk & Compliance Senior Manager, and Risk & Resilience Lead in any required activities which support improvements in assurance, compliance, and audit activities Addresses findings from identified risks or audits Ensures the ISMS contains an accurate record of risks, events, and issues Supports the internal and external audit investigations Ensures that the audit tests, self certifications, and audit reviews are relevant, consistent, and conducted in accordance with professionally accepted auditing standards Works with minimal supervision, using clearly defined processes and procedures Facilitates the use of performance metrics to improve output May be required to provide out of hours support via an on call rota Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate compliance and risk related concepts to technical and non technical audiences Substantial relevant experience in control management for governance, compliance, IT audits, IS assurance and risk management programmes CISA, CISM or equivalent preferred BSc or equivalent qualification in IT based degree preferred 3+ years relevant IT work experience Proven ability to communicate with technical teams to elicit information and requirements Understanding of regulatory requirements, including cross industry regulations (e.g., GDPR, Data Protection Act) and industry specific regulations Skilled in implementing compliance and control frameworks Proficient in IT governance and quality standards Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including and Cybersecurity Framework Excellent stakeholder management skills High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgement and maturity Knowledge of OneTrust risk management toolset or similar preferred At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us.
Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future. Our human touch sets us apart from other consultancies, system integrators and software houses - with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet. We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Predominantly focused on the public sector, Methods is now building a significant private sector client portfolio. Methods was acquired by the Alten Group in early 2022. Role Overview Methods is a leading digital transformation consultancy, partnering with public and private sector organisations to deliver innovative and secure solutions. With a strong focus on governance, risk, and compliance (GRC), we help businesses navigate complex security landscapes while ensuring regulatory and operational resilience. Principal Cyber Security Risk & Audit Consultant This role is ideal for a professional with a strong background in cyber security, risk management, and internal audit. The ideal candidate will have experience across both the public and private sectors, with exposure to or experience in management consultancy. Strong team building and leadership experience is highly desirable. Lead and execute cyber security audits, ensuring compliance with regulatory and industry standards. Develop and maintain risk management frameworks, aligning with best practices such as ISO 27001, NIST, and GDPR. Collaborate with stakeholders to identify and mitigate cyber risks across digital and operational infrastructures. Provide expert guidance on cyber risk governance, resilience, and assurance strategies. Assess third party risk management practices and conduct security audits on suppliers and partners. Work closely with CISOs, IT, and compliance teams to drive a proactive security culture. Report findings and recommendations to senior leadership, ensuring risk mitigation strategies are effectively implemented. Essential Skills & Qualifications Candidates must have one of the following qualifications or be willing to work towards them: ChCSP in the Audit and Assurance (specialism) - Chartered status with the UK Cyber Security Council (CSC) PriCSP in the Audit and Assurance (specialism) - Principal level with the CSC, with a commitment to attaining Chartered status CMIIA - Chartered Member of the Institute of Internal Auditors, with willingness to work towards ChCSP CISA - ISACA Certified Information Systems Auditor, with willingness to work towards ChCSP QiCA - Institute of Internal Auditors Qualification in Computer Auditing, with willingness to work towards ChCSP Additional professional certifications of interest include IRM Chartered Risk Manager certification ISACA certifications such as CISM, CRISC, CGEIT CISSP (Certified Information Systems Security Professional) Other essential skills Proven experience in cyber security risk management and audit, ideally within regulated industries Strong knowledge of security frameworks, including ISO 27001, NIST, CIS Controls, and GDPR compliance Ability to conduct security assessments, risk analyses, and internal audits Familiarity with security tooling and governance platforms (e.g., SIEM, GRC platforms) Excellent communication skills with the ability to influence senior stakeholders A proactive mindset with the ability to work independently and as part of a team This role will require you hold or achieve Security Clearance. As part of the onboarding process candidates will be asked to complete a Baseline Personnel Security Standard; details of the evidence required to apply may be found on the government website Gov.UK. If you are unable to meet this and any associated criteria, then your employment may be delayed, or rejected - Details of this will be discussed with you at interview Methods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy. By joining us you can expect Autonomy to develop and grow your skills and experience Be part of exciting project work that is making a difference in society Strong, inspiring and thought-provoking leadership A supportive and collaborative environment Development - access to LinkedIn Learning, a management development programme, and training Wellness - 24/7 confidential employee assistance programme Flexible Working - including home working and part time Social - office parties, breakfast Tuesdays, monthly pizza Thursdays, Thirsty Thursdays, and commitment to charitable causes Time Off - 25 days of annual leave a year, plus bank holidays, with the option to buy 5 extra days each year Volunteering - 2 paid days per year to volunteer in our local communities or within a charity organisation Pension - Salary Exchange Scheme with 4% employer contribution and 5% employee contribution Discretionary Company Bonus - based on company and individual performance Life Assurance - of 4 times base salary Private Medical Insurance - which is non contributory (spouse and dependants included) Worldwide Travel Insurance - which is non contributory (spouse and dependants included) Enhanced Maternity and Paternity Pay Travel - season ticket loan, cycle to work scheme For a full list of benefits please visit our website ()
Apr 07, 2026
Full time
Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future. Our human touch sets us apart from other consultancies, system integrators and software houses - with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet. We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Predominantly focused on the public sector, Methods is now building a significant private sector client portfolio. Methods was acquired by the Alten Group in early 2022. Role Overview Methods is a leading digital transformation consultancy, partnering with public and private sector organisations to deliver innovative and secure solutions. With a strong focus on governance, risk, and compliance (GRC), we help businesses navigate complex security landscapes while ensuring regulatory and operational resilience. Principal Cyber Security Risk & Audit Consultant This role is ideal for a professional with a strong background in cyber security, risk management, and internal audit. The ideal candidate will have experience across both the public and private sectors, with exposure to or experience in management consultancy. Strong team building and leadership experience is highly desirable. Lead and execute cyber security audits, ensuring compliance with regulatory and industry standards. Develop and maintain risk management frameworks, aligning with best practices such as ISO 27001, NIST, and GDPR. Collaborate with stakeholders to identify and mitigate cyber risks across digital and operational infrastructures. Provide expert guidance on cyber risk governance, resilience, and assurance strategies. Assess third party risk management practices and conduct security audits on suppliers and partners. Work closely with CISOs, IT, and compliance teams to drive a proactive security culture. Report findings and recommendations to senior leadership, ensuring risk mitigation strategies are effectively implemented. Essential Skills & Qualifications Candidates must have one of the following qualifications or be willing to work towards them: ChCSP in the Audit and Assurance (specialism) - Chartered status with the UK Cyber Security Council (CSC) PriCSP in the Audit and Assurance (specialism) - Principal level with the CSC, with a commitment to attaining Chartered status CMIIA - Chartered Member of the Institute of Internal Auditors, with willingness to work towards ChCSP CISA - ISACA Certified Information Systems Auditor, with willingness to work towards ChCSP QiCA - Institute of Internal Auditors Qualification in Computer Auditing, with willingness to work towards ChCSP Additional professional certifications of interest include IRM Chartered Risk Manager certification ISACA certifications such as CISM, CRISC, CGEIT CISSP (Certified Information Systems Security Professional) Other essential skills Proven experience in cyber security risk management and audit, ideally within regulated industries Strong knowledge of security frameworks, including ISO 27001, NIST, CIS Controls, and GDPR compliance Ability to conduct security assessments, risk analyses, and internal audits Familiarity with security tooling and governance platforms (e.g., SIEM, GRC platforms) Excellent communication skills with the ability to influence senior stakeholders A proactive mindset with the ability to work independently and as part of a team This role will require you hold or achieve Security Clearance. As part of the onboarding process candidates will be asked to complete a Baseline Personnel Security Standard; details of the evidence required to apply may be found on the government website Gov.UK. If you are unable to meet this and any associated criteria, then your employment may be delayed, or rejected - Details of this will be discussed with you at interview Methods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy. By joining us you can expect Autonomy to develop and grow your skills and experience Be part of exciting project work that is making a difference in society Strong, inspiring and thought-provoking leadership A supportive and collaborative environment Development - access to LinkedIn Learning, a management development programme, and training Wellness - 24/7 confidential employee assistance programme Flexible Working - including home working and part time Social - office parties, breakfast Tuesdays, monthly pizza Thursdays, Thirsty Thursdays, and commitment to charitable causes Time Off - 25 days of annual leave a year, plus bank holidays, with the option to buy 5 extra days each year Volunteering - 2 paid days per year to volunteer in our local communities or within a charity organisation Pension - Salary Exchange Scheme with 4% employer contribution and 5% employee contribution Discretionary Company Bonus - based on company and individual performance Life Assurance - of 4 times base salary Private Medical Insurance - which is non contributory (spouse and dependants included) Worldwide Travel Insurance - which is non contributory (spouse and dependants included) Enhanced Maternity and Paternity Pay Travel - season ticket loan, cycle to work scheme For a full list of benefits please visit our website ()
Oliver James is partnered with a world class leading consulting group in their latest phase of cyber security growth. We are interested in connecting with Senior Cyber Security Strategy Manager candidates based in London. Oliver James is partnered with a world class leading consulting group in their latest phase of cyber security growth. We are interested in connecting with Senior Cyber Security Strategy Manager candidates based in London. This grade pays up to £120,000 basic salary plus bonuses, pension, broad benefits, professional membership costs, training & development and more. In addition, our client offers a clear and defined path career progression where employees have complete control of their development. Candidates carrying a number of the below skills would be particularly relevant:- Strong skills in areas such as cyber strategy, cyber risk, cyber maturity, security architecture, cyber transformation and regulatory compliance for cyber. Experience of various recognised cyber security relevant standards and regulations, such as NIST CSF, CRI2.0, ISO27001, NCSC CAF, GDPR and NIS2. Experience working in a variety of environments or organisational contexts to develop cyber strategy and manage cyber risk. Desire to work with large organisations trying to solve the latest cyber security problems. Relevant certifications, such as M.Inst.ISP, CISSP, CISM, CISA or an MSc in cyber security or a related discipline. Practical experience across various areas of cyber security, such as cyber architecture, cyber GRC, cyber threat management, vulnerability management, cyber security reviews. Detail oriented and strong problem-solving skills. Excellent oral and written communication skills including concisely communicating status and creating customer reports and presentations.
Apr 06, 2026
Full time
Oliver James is partnered with a world class leading consulting group in their latest phase of cyber security growth. We are interested in connecting with Senior Cyber Security Strategy Manager candidates based in London. Oliver James is partnered with a world class leading consulting group in their latest phase of cyber security growth. We are interested in connecting with Senior Cyber Security Strategy Manager candidates based in London. This grade pays up to £120,000 basic salary plus bonuses, pension, broad benefits, professional membership costs, training & development and more. In addition, our client offers a clear and defined path career progression where employees have complete control of their development. Candidates carrying a number of the below skills would be particularly relevant:- Strong skills in areas such as cyber strategy, cyber risk, cyber maturity, security architecture, cyber transformation and regulatory compliance for cyber. Experience of various recognised cyber security relevant standards and regulations, such as NIST CSF, CRI2.0, ISO27001, NCSC CAF, GDPR and NIS2. Experience working in a variety of environments or organisational contexts to develop cyber strategy and manage cyber risk. Desire to work with large organisations trying to solve the latest cyber security problems. Relevant certifications, such as M.Inst.ISP, CISSP, CISM, CISA or an MSc in cyber security or a related discipline. Practical experience across various areas of cyber security, such as cyber architecture, cyber GRC, cyber threat management, vulnerability management, cyber security reviews. Detail oriented and strong problem-solving skills. Excellent oral and written communication skills including concisely communicating status and creating customer reports and presentations.
Senior Security Threat & Vulnerability Manager role at a leading UK telecoms provider. Own the end-to-end TVM lifecycle across hybrid on-prem/cloud environments: strategy, scanning, triage, remediation, and governance.? Lead Enterprise Threat & Vulnerability Management - Own the Cyber Frontline! Senior Security Threat & Vulnerability Manager My client is a leading UK Telecoms Provider looking for an experienced Threat & Vulnerability Manager to lead enterprise threat and vulnerability management across hybrid on-prem and cloud environments. Own it all : From asset discovery & scanning to patch orchestration and exec reporting - unblock teams, automate noise, integrate with ITSM/CMDB/CI/CD.? Influence at scale : Partner with platform/app owners, security risk managers, and seniors to hit SLAs and trend risk down.? Tech-forward : Champion tooling, threat intel, and cloud-native TVM in a fast-paced telco environment. ? Essential : Enterprise TVM programme leadership, deep threat and vulnerability lifecycle expertise, stakeholder management, standards knowledge (ISO/PCI/TSA).? Desirable : DevOps/CI-CD integration, GRC tooling, CISSP/CISM/AZ-500 certification. InsightVM, rapid7, Qualys Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
Apr 01, 2026
Full time
Senior Security Threat & Vulnerability Manager role at a leading UK telecoms provider. Own the end-to-end TVM lifecycle across hybrid on-prem/cloud environments: strategy, scanning, triage, remediation, and governance.? Lead Enterprise Threat & Vulnerability Management - Own the Cyber Frontline! Senior Security Threat & Vulnerability Manager My client is a leading UK Telecoms Provider looking for an experienced Threat & Vulnerability Manager to lead enterprise threat and vulnerability management across hybrid on-prem and cloud environments. Own it all : From asset discovery & scanning to patch orchestration and exec reporting - unblock teams, automate noise, integrate with ITSM/CMDB/CI/CD.? Influence at scale : Partner with platform/app owners, security risk managers, and seniors to hit SLAs and trend risk down.? Tech-forward : Champion tooling, threat intel, and cloud-native TVM in a fast-paced telco environment. ? Essential : Enterprise TVM programme leadership, deep threat and vulnerability lifecycle expertise, stakeholder management, standards knowledge (ISO/PCI/TSA).? Desirable : DevOps/CI-CD integration, GRC tooling, CISSP/CISM/AZ-500 certification. InsightVM, rapid7, Qualys Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
Lead Cyber Security Solution Architect - Banking - London - Up to 120,000 Basic Salary + Hybrid Working Overview We are seeking an experienced Lead Cyber Security Solution Architect to lead a team of Governance, Risk, and Control (GRC) specialists. This team is responsible for conducting Secure-by-Design assessments on technology projects, ensuring compliance with IT security policies and requirements. Role and Responsibilities Lead and manage the Secure-by-Design team across multiple business entities. Oversee security reviews for technology projects prior to implementation. Define KPIs for the team and monitor performance. Engage with business and technology stakeholders to assess technical and non-technical controls. Review reports and validate evidence of control effectiveness. Develop and implement testing strategies for IT security controls. Identify and document risks, gaps, findings, and recommend actions. Ensure timely completion of security assessments and manage team workload effectively. Essential Skills & Experience Proven ability to manage complex tasks with broad scope and ambiguity. Strong background in cybersecurity assurance, policies, and standards. Expertise across IT security domains: Governance, IAM, Risk Management, Security Testing, Incident Management, Vulnerability Management. Experience in senior stakeholder engagement and management reporting. Ability to coach and mentor team members. Deep understanding of IT security frameworks (SOX, FFIEC, ISO27001, NIST, PCI-DSS, Cloud Security Alliance). Strong managerial and leadership skills. Hands-on experience as an IT auditor, security auditor, or GRC analyst. Excellent planning, prioritization, and documentation skills. Broad technical knowledge of IT systems (OS, databases, firewalls, SIEM, DLP). Cloud Platforms: AWS and Azure. AI Knowledge: Understanding of AI principles and security implications. Solutions / Technical Network Architecture: Ability to design secure technical solutions and network architectures. Controls Experience: Strong background in implementing and assessing security controls. Splunk Knowledge: Familiarity with SIEM tools and log analysis. CyberArk: Experience with privileged access management solutions. Package Salary: Up to 120,000 Up to 20% Bonus Hybrid, with travel to London Career Development Opportunities Benefits: Pension scheme, professional training, paid holiday Lead Cyber Security Solution Architect - Banking - London - Up to 120,000 Basic Salary + Hybrid Working
Jan 21, 2026
Full time
Lead Cyber Security Solution Architect - Banking - London - Up to 120,000 Basic Salary + Hybrid Working Overview We are seeking an experienced Lead Cyber Security Solution Architect to lead a team of Governance, Risk, and Control (GRC) specialists. This team is responsible for conducting Secure-by-Design assessments on technology projects, ensuring compliance with IT security policies and requirements. Role and Responsibilities Lead and manage the Secure-by-Design team across multiple business entities. Oversee security reviews for technology projects prior to implementation. Define KPIs for the team and monitor performance. Engage with business and technology stakeholders to assess technical and non-technical controls. Review reports and validate evidence of control effectiveness. Develop and implement testing strategies for IT security controls. Identify and document risks, gaps, findings, and recommend actions. Ensure timely completion of security assessments and manage team workload effectively. Essential Skills & Experience Proven ability to manage complex tasks with broad scope and ambiguity. Strong background in cybersecurity assurance, policies, and standards. Expertise across IT security domains: Governance, IAM, Risk Management, Security Testing, Incident Management, Vulnerability Management. Experience in senior stakeholder engagement and management reporting. Ability to coach and mentor team members. Deep understanding of IT security frameworks (SOX, FFIEC, ISO27001, NIST, PCI-DSS, Cloud Security Alliance). Strong managerial and leadership skills. Hands-on experience as an IT auditor, security auditor, or GRC analyst. Excellent planning, prioritization, and documentation skills. Broad technical knowledge of IT systems (OS, databases, firewalls, SIEM, DLP). Cloud Platforms: AWS and Azure. AI Knowledge: Understanding of AI principles and security implications. Solutions / Technical Network Architecture: Ability to design secure technical solutions and network architectures. Controls Experience: Strong background in implementing and assessing security controls. Splunk Knowledge: Familiarity with SIEM tools and log analysis. CyberArk: Experience with privileged access management solutions. Package Salary: Up to 120,000 Up to 20% Bonus Hybrid, with travel to London Career Development Opportunities Benefits: Pension scheme, professional training, paid holiday Lead Cyber Security Solution Architect - Banking - London - Up to 120,000 Basic Salary + Hybrid Working
