Cyber Security Advisory Manager in City of Westminster

Ankura's Cyber Security and Privacy Practice is a full-service suite of cyber security and privacy solutions, regardless of industry or size.

Responsibilities

• Cyber Security Program & Strategy: Evaluate and enhance client cyber security programmes against recognised frameworks like NIST, ISO, DORA, and NIS2. Advise on security strategy for cloud and hybrid environments, acting as a vCISO to guide their cyber resilience and security posture.
• Risk Management & Remediation: Conduct comprehensive cyber risk assessments, including third-party risk management and cyber risk quantification. Develop and oversee remediation plans, from initial assessment to full delivery, ensuring a seamless consulting engagement.
• Policy & Incident Response: Develop and refine security policies, including Business Continuity Plans (BCPs) and incident response plans. Support the delivery of cyber security and crisis tabletop exercises to test client resilience.
• Mergers & Acquisitions (M&A): Conduct Cyber Due Diligence (DD) for pre-acquisition and post-acquisition reviews, specifically for private equity (PE) houses and other corporate clients.
• Project Leadership & Delivery: Lead and manage end-to-end client engagements, including project scoping, proposal development, and ensuring timely delivery of all project deliverables within a consulting framework.
• Technology & Expertise: Demonstrate deep knowledge of security technologies and architectures, with an understanding of AI risk and the use of AI technologies in cyber security.
• Team Leadership: Supervise and mentor less experienced consultants and client personnel.

Experience: Experience in a Big Four or a mid-tier consulting firm is essential, with a background in leading cyber security projects and acting in a vCISO capacity. Experience with scoping projects, developing budgets, and crafting proposals for new business is essential.

Technical Knowledge: In-depth understanding of security principles and network architectures. Ability to assess security controls across major cloud platforms (Azure, AWS, GCP, Office 365).

Frameworks: Strong familiarity with NIST, ISO, PCI, DORA, NIS2, EU AI Act, NIST AI RMF and other relevant frameworks.

Qualifications: Professional certifications such as CISSP, CISM, CISA, Prince2 or PMP are preferred.

Skills: Strong analytical, communication (written and verbal), and organisational skills. Ability to work both independently and as part of a team in a high-paced consulting environment.

Travel: Flexibility to travel outside the UK for work, which may involve a few weeks at a time on short notice.

Good to have: Knowledge/experience of the incident management lifecycle, ethical hacking, DFIR, secure development practices and internal audit. Experience and exposure to AI technology challenges and opportunities.

Benefits: You will have the opportunity to get involved with both Proactive and Reactive work. We can support and develop individuals who aspire to be an expert. Opportunities for career development, an assigned career mentor, access to Ankura Academy, and opportunities to collaborate on projects with other Ankura practices. Work with a collaborative environment, whereby our professionals have the freedom to innovate which promotes curiosity, learning and communication.

Ankura is a team of excellence founded on innovation and growth. This position supports the Data & Technology practice – one of six practices focused on client delivery services across the Firm. Our global team of over 100 professionals includes former federal law enforcement personnel, in-house security experts, Big 4 consultants, federal regulators, threat intel and dark web experts. We have helped clients and partners for 10+ years across industries and geographies with the following services: Incident Response, Intelligence, and Investigations; Technology, Privacy, and Cyber Risk Advisory; End Point & Managed Detection & Response.