Cyber Risk & Security Manager

We are seeking an experienced Cyber Risk & Security Manager to lead the delivery of cyber risk assessments, governance advisory services, security maturity programmes, and SOC strategy engagements. The role requires a highly capable security professional with experience across risk advisory, vulnerability management, security operations design, compliance frameworks, and executive reporting.

The successful candidate will operate at both strategic and technical levels, supporting board-level decision‑making while driving operational security improvements aligned to recognised standards such as NIST CSF, ISO 27001, DORA, PCI‑DSS, and MITRE ATT&CK.

Reporting To:
Director / Head of Cyber Security

Location:
London (Hybrid)

Employment Type:
Full‑Time

Salary:
£50,000 – £70,000 (dependent on experience and sponsorship thresholds)

Key Responsibilities

• Lead end‑to‑end cyber risk assessments and cyber maturity reviews.
• Conduct cyber risk quantification exercises using recognised methodologies (e.g., FAIR).
• Develop and deliver tabletop exercises and resilience simulations.
• Produce executive‑level cyber risk reports and mitigation roadmaps.
• Provide strategic advisory support to senior stakeholders and underwriters.

Security Operations & Vulnerability Management

• Design and implement Security Operations Centre (SOC) operating models.
• Conduct vulnerability management programmes, gap analyses, and remediation tracking.
• Lead penetration testing and application security assessments (OWASP Top 10).
• Oversee DLP and DDA monitoring strategies.

Compliance & Regulatory Alignment

• Support ISMS implementation aligned with ISO 27001.
• Ensure alignment with GDPR, PCI‑DSS, DORA, NIST CSF, COBIT, SANS, and related frameworks.
• Develop security policies, SOPs, and governance documentation.
• Conduct IT resilience and cloud security audits.

Technical & Transformation Advisory

• Advise on cloud migration security and VDI transformation programmes.
• Conduct asset management audits and security architecture reviews.
• Perform cyber breach investigations and incident management leadership.
• Implement automation initiatives to improve cyber risk evaluation processes.

Stakeholder & Practice Development

• Engage with senior executives and cross‑functional stakeholders.
• Contribute to proposal development and client solution design.
• Mentor junior consultants and contribute to internal capability development.
• Support cybersecurity awareness and outreach initiatives.

Required Skills & Experience

• 10+ years’ experience in cyber security, risk advisory, or security operations.
• Proven experience delivering cyber maturity assessments and risk advisory engagements.
• Experience designing SOC or security operating models.
• Strong understanding of vulnerability management and penetration testing.
• Experience aligning organisations to NIST CSF, ISO 27001, and related frameworks.
• Executive report writing and board‑level presentation capability.
• Experience leading client engagements and managing stakeholders.
• Ideally big 4 experience

Technical Expertise

• Familiarity with MITRE ATT&CK and FAIR methodologies.

Qualifications

• MSc in Cyber Security (or equivalent)
• CEH, CompTIA Security+ (required or equivalent experience)
• CE Advisor or prepared to become a Cyber Essentials Assessor
• Strategic thinker with strong analytical capability
• Strong documentation and structured reporting ability
• Leadership and mentoring capability
• Process improvement and automation mindset

Working Hours

37.5 – 40 hours per week

This role meets Skilled Worker sponsorship skill‑level requirements (RQF Level 6+). Sponsorship may be considered subject to eligibility and Home Office compliance requirements.

How to Apply:

Call 0208 1234 365, submit the application form or email info@spirituk.com

Apply For Role:

Either call 0208 1234 365 or complete the form below

#J-18808-Ljbffr