At a Glance
- Tasks: Lead Secure by Design practices and conduct cyber risk assessments for MOD and Public Sector services.
- Company: Join a forward-thinking organisation dedicated to cybersecurity excellence.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Collaborative environment with mentorship opportunities and a focus on continuous improvement.
- Why this job: Make a real difference in securing digital services while working with cutting-edge technology.
- Qualifications: Experience in cybersecurity frameworks and strong communication skills are essential.
The predicted salary is between 60000 - 80000 £ per year.
We are seeking an experienced Secure by Design Lead & Cyber Risk Advisor to drive Secure by Design practices across a portfolio of MOD and Public Sector digital services. You will lead risk identification, mitigation, and assurance activities, ensuring that products and services are designed, built, and operated securely while aligned with organisational and Authority risk appetites. This role requires deep understanding of cyber risk methodologies, excellent communication skills, and the ability to guide multi‑disciplinary teams through Secure by Design processes at pace. You will act as the primary advisor on cyber risk and SbD compliance, producing concise, decision‑ready outputs and leading security assurance activities.
Secure by Design Leadership
- Lead Secure by Design discovery and assessment activities across digital services and portfolios.
- Provide Secure by Design risk and security assurance functions within MOD/Public Sector accounts.
- Define pragmatic security control expectations aligned to service context and business risk appetite.
- Coach delivery teams to adopt secure working practices in Agile and iterative environments without impeding delivery speed.
Risk Assessment & Threat Modelling
- Conduct cyber risk assessments using NIST 800‑30/37 (rev.5), ISO 27005, and NIST Cyber Security Framework (CSF).
- Perform threat modelling using STRIDE, attack trees, and other contemporary analytical methods.
- Identify vulnerabilities, threats, impacts, and control gaps to inform risk treatment decisions.
- Carry out technical and control-based risk assessments, incorporating outcomes of architecture reviews and testing activities.
Risk Treatment & Remediation Planning
- Develop actionable, prioritised risk remediation plans, including responsibilities, timelines, and mitigation steps.
- Provide pragmatic and business‑aligned risk remediation guidance, balancing operational needs with security obligations.
- Work closely with risk owners and technical leads to negotiate and agree treatment strategies.
Governance, Assurance & Reporting
- Support governance and assurance forums by articulating risk, mitigation options, and residual exposure.
- Produce concise, informative documentation including:
- Risk assessment reports
- Threat modelling outputs
- Vulnerability and control analysis
- Residual risk statements
- Secure by Design compliance evidence
- Validate that required control patterns, assurance activities, and security testing have been completed.
Stakeholder Collaboration & Workshops
- Facilitate security, risk, and threat modelling workshops with multi‑disciplinary teams and Authority stakeholders.
- Engage with business and technical stakeholders to ensure alignment with broader transformation goals and regulatory requirements.
- Work with MOD/Public Sector teams to ensure security expectations and compliance obligations are met.
Compliance & Evidence Production
- Identify, collect, and review evidence demonstrating compliance with Secure by Design principles.
- Produce documentation including:
- Risk assessments
- Security testing results
- Evidence packs for Secure by Design compliance
- Residual risk reports
Leadership, Coaching & Knowledge Sharing
- Mentor junior consultants, technical specialists, stakeholders and program across multiple business units.
- Produce and deliver awareness sessions on Secure by Design, secure development, governance, and best practice.
- Promote a culture of continuous security improvement.
Skills & Experience Required
- Eligibility for UK security clearance
- Proven experience leading Secure by Design across portfolios or multiple digital services.
- Strong experience supporting MOD, Defence, or UK Public Sector clients.
- Deep expertise in cybersecurity risk frameworks including:
- NIST 800‑30/37
- ISO 27005
- NIST CSF
- Demonstrated ability to facilitate structured threat modelling (STRIDE, attack trees).
- Highly skilled in producing clear, concise, decision‑focused reporting for senior stakeholders.
- Strong capability in running governance, risk, and assurance activities.
- Experience working with Agile, DevOps, and multi‑disciplinary delivery teams.
- Excellent stakeholder management and communication skills.
- Experience in Secure by Design frameworks used within Defence and Government.
- Knowledge of MOD security governance, assurance, and accreditation processes.
- Background in risk consultancy, or security assurance.
- Certifications such as CISM, CRISC, CISSP, SABSA, CCP, or equivalent.
What You Will Deliver
- Secure by Design discovery assessments and control expectations.
- Threat models, risk assessments, vulnerability analyses.
- Risk remediation action plans with clear owners and timelines.
- Concise assurance documentation and residual risk reports.
- Secure by Design compliance evidence aligned to programme and Authority requirements.
- Clear risk recommendations supporting decision‑making and governance.
Secure by Design Lead & Cyber Risk Advisor in Newcastle upon Tyne employer: 慨正橡扯
As a Secure by Design Lead & Cyber Risk Advisor, you will join a forward-thinking organisation that prioritises security and innovation within the MOD and Public Sector. Our collaborative work culture fosters continuous learning and professional growth, offering mentorship opportunities and access to cutting-edge cybersecurity frameworks. Located in a dynamic environment, we provide a unique chance to make a meaningful impact while ensuring compliance with Secure by Design principles across vital digital services.
StudySmarter Expert Advice🤫
We think this is how you could land Secure by Design Lead & Cyber Risk Advisor in Newcastle upon Tyne
✨Tip Number 1
Network like a pro! Attend industry events, webinars, and meetups related to cyber security and risk management. Engaging with professionals in the field can open doors and lead to job opportunities that aren't even advertised.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your experience with Secure by Design practices, risk assessments, and threat modelling. This can be a game-changer during interviews, giving you a tangible way to demonstrate your expertise.
✨Tip Number 3
Practice makes perfect! Prepare for interviews by rehearsing common questions related to cyber risk methodologies and Secure by Design principles. The more comfortable you are discussing these topics, the more confident you'll appear to potential employers.
✨Tip Number 4
Don't forget to apply through our website! We often have exclusive job listings that you won't find elsewhere. Plus, it shows you're genuinely interested in joining our team and helps us keep track of your application.
We think you need these skills to ace Secure by Design Lead & Cyber Risk Advisor in Newcastle upon Tyne
Some tips for your application 🫡
Tailor Your Application:Make sure to customise your CV and cover letter to highlight your experience with Secure by Design and cyber risk methodologies. We want to see how your skills align with the specific requirements of the role, so don’t hold back on showcasing your relevant achievements!
Showcase Your Communication Skills:Since this role involves guiding multi-disciplinary teams, it’s crucial to demonstrate your excellent communication abilities. Use clear and concise language in your application to reflect how you can articulate complex concepts effectively.
Highlight Relevant Experience:Be sure to emphasise your experience with MOD or Public Sector clients, as well as your familiarity with frameworks like NIST and ISO. We’re looking for candidates who can hit the ground running, so make your relevant experience stand out!
Apply Through Our Website:We encourage you to submit your application through our website for a smoother process. It helps us keep track of your application and ensures you don’t miss any important updates from us!
How to prepare for a job interview at 慨正橡扯
✨Know Your Cyber Risk Frameworks
Make sure you brush up on NIST 800-30/37, ISO 27005, and the NIST Cyber Security Framework. Be ready to discuss how you've applied these methodologies in past roles, as this will show your deep understanding of cyber risk.
✨Prepare for Threat Modelling Questions
Expect questions about threat modelling techniques like STRIDE and attack trees. Have examples ready where you've identified vulnerabilities and informed risk treatment decisions using these methods.
✨Showcase Your Leadership Skills
As a Secure by Design Lead, you'll need to demonstrate your ability to guide multi-disciplinary teams. Prepare to share experiences where you've coached teams in Agile environments without slowing down delivery speed.
✨Communicate Clearly and Concisely
You'll be producing decision-ready outputs, so practice articulating complex information simply. Think about how you can present risk assessments and compliance evidence in a way that’s easy for stakeholders to understand.
