The Lead Cyber Risk Consultant CGEMJP00334279
| Dyddiad hysbysebu: | 13 Mawrth 2026 |
|---|---|
| Oriau: | Llawn Amser |
| Dyddiad cau: | 20 Mawrth 2026 |
| Lleoliad: | Knutsford, Cheshire, WA16 9EU |
| Cwmni: | Experis |
| Math o swydd: | Cytundeb |
| Cyfeirnod swydd: | BBBH434790_1773393931 |
Crynodeb
Role Title: Lead Cyber Risk Consultant
Duration: contract to run until 30/10/2026
Location: Knutsford, Hybrid 3 days per week onsite
Rate: up to £511.29 p/d Umbrella inside IR35
Role purpose / summary
The Lead Cyber Risk Consultant will spearhead the EOL risk assessment project, providing strategic direction and oversight. In this role, you will lead a comprehensive evaluation of cybersecurity risks associated with End-of-Life technologies across the bank and apply a new cyber risk methodology to assign risk ratings. You will identify opportunities to reduce residual risk in obsolete systems, and guide remediation efforts through to successful transition into BAU processes. This position requires excellent leadership, communication, and stakeholder management to coordinate between technical teams and senior management.
Key Responsibilities:
Lead Risk Assessments: Plan and conduct a full stock assessment of EOL technologies within the bank, utilizing the new cyber risk methodology to evaluate and rate risks. Ensure the assessment covers all in-scope systems and aligns with the Client's governance frameworks and risk policies.
Risk Rating & Analysis: Oversee the analysis of identified vulnerabilities and weaknesses, and produce risk ratings and reports that clearly prioritize risks to the organization. Use strong analytical judgment to make risk-based recommendations, ensuring that risk findings are documented and actionable.
Residual Risk Reduction: Identify and recommend risk mitigation opportunities to reduce residual risk in legacy platforms and applications. This includes advising on possible compensating controls or quick wins to address high-risk EOL items.
Remediation Planning: Collaborate closely with technology owners and engineering teams to develop remediation plans and prioritize fixes or upgrades for EOL systems1. Provide guidance on remediation pathways (e.g. system upgrades, migrations, decommissioning) and ensure plans are feasible and aligned with business priorities.
Project Leadership & Coordination: Coordinate the efforts of the Cyber Risk Analysts (and any other team members), assigning tasks and monitoring progress. Provide mentorship and technical guidance to the analysts, and review their assessment outputs for quality and consistency. (Acts as a small team manager - able to work independently while managing a team as needed.)
Stakeholder Engagement: Serve as the primary point of contact for stakeholders (e.g. Cybersecurity management, IT owners, Risk committees). Communicate risk findings and status updates in a clear, business-oriented manner. Prepare and present risk assessment reports and remediation progress to both technical and non-technical audiences, including mid-level management and potentially CISO or 2nd Line Risk functions.
Transition to BAU: Ensure that remediation activities and improved risk practices are handed over smoothly to the permanent operational teams. Support the development of any process changes (e.g. updates to Technology Lifecycle Management reporting or risk oversight processes) so that continuous management of EOL risks is embedded into BAU. Provide knowledge transfer and documentation to internal staff as needed.
Required Skills & Competencies:
Cyber Risk Expertise: Deep knowledge of cyber risk management practices, including risk assessment methodologies and frameworks (e.g. NIST CSF, ISO 27005, FAIR). Ability to identify, classify, and prioritize cybersecurity risks in a large enterprise environments.
Technical Understanding: Strong understanding of IT infrastructure and applications, especially the challenges posed by End-of-Life technologies (outdated operating systems, unsupported software, legacy hardware). Capable of evaluating technical dependencies and security implications of obsolete systems xx.
Analytical & Methodological Skills: Advanced analytical skills ("cyber analytics'), including proficiency with risk analysis tools or GRC platforms for tracking risk items. Comfortable analyzing data (e.g. asset inventories, vulnerability scan results) to quantify risk levels and support data-driven decision making.
Leadership & Coordination: Proven ability to lead a team or project in a cybersecurity context. Excellent organizational skills to manage multiple parallel workstreams (risk assessment phase, remediation phase, reporting, etc.), ensuring milestones are met on time.
Communication & Stakeholder Management: Exceptional communication skills, both written and verbal. Able to translate technical risk issues into business terms and present findings/recommendations to stakeholders at various levels2. Strong stakeholder management and negotiation skills to drive consensus on remediation priorities and resource allocation.
Problem-Solving: Adept at solving complex problems and devising risk mitigation strategies. Can balance security requirements with operational practicalities, recommending solutions that reduce risk while enabling business objectives.
Adaptability: Flexibility to work with both onshore and offshore teams. If offshore, willingness to align part of your working hours to UK business hours for effective collaboration3 4.
Qualifications & Certifications:
Certifications: Industry-recognized certifications in cybersecurity/risk are highly desirable. Examples include CISSP, CISM (information security management), and especially CRISC (Certified in Risk and Information Systems Control) or CISA for IT risk control. These certifications demonstrate a solid foundation in managing enterprise IT risks and controls.
Framework Knowledge: Familiarity with relevant security standards and regulations. Knowledge of ISO 27001 information security management and risk assessment standards, NIST cybersecurity framework, and banking industry regulations or guidelines for operational risk/cyber risk is beneficial.
Other: Any certifications in cloud security or technical areas are a bonus if EOL systems span on-prem and cloud (e.g. AWS/Azure security certifications), as well as project management certifications (e.g. PRINCE2, PMP) which can aid in managing the engagement.
Experience:
Years of Experience: Approximately 8-10+ years of experience in cybersecurity, with a significant portion in cyber risk management or security consulting roles. Prior experience leading risk assessment projects or large-scale security consulting engagements is expected.
Domain Experience: Demonstrated experience in conducting risk assessments, security audits, or vulnerability management in complex IT environments. Experience should include evaluating technology lifecycle issues, such as dealing with outdated systems or large-scale remediation programs, ideally within a financial services or highly-regulated industry.
Project Leadership: Past roles should reflect the ability to manage or coordinate security projects and to work cross-functionally (e.g., working with IT infrastructure teams, application owners, and governance/Risk functions). Evidence of successfully driving risk remediation initiatives or advising on risk treatment plans is important.
Financial Industry Experience (Desirable): Experience in the banking or financial services sector is highly desirable, given the Client's context. Familiarity with financial industry cybersecurity challenges, regulatory requirements (e.g. operational resilience, data protection, Basel/BCBS guidance on risk), and typical bank technology environments will enable faster onboarding and credibility.
All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!