Director, Digital Risks Cyber Assurance

Thanks to continued growth we now have a brand new role for a Director to join our Digital Risks (Cyber Security) practice in London. We are seeking a senior leader to drive the growth of Digital Risks in the United Kingdom, with a primary focus on cyber assurance, third-party risk management, and large-scale regulatory compliance audits. In this role, you will collaborate closely with our cyber threat intelligence, advisory, and response teams to expand our digital risk business. Your responsibility will include representing our global penetration testing team, overseeing the assessment of cybersecurity programs, ensuring alignment with industry standards and regulatory requirements, and guiding clients through complex third-party audits.

Key Responsibilities

• Cybersecurity Program Evaluation
  • Lead cyber assurance engagements, assessing client cybersecurity programs for compliance with industry standards such as NIST, ISO 27001, and other relevant frameworks.
  • Act as a trusted advisor, ensuring client cybersecurity postures are resilient, compliant, and in line with regulatory requirements.
• Vulnerability Assessment and Penetration Testing Management
  • Represent our vulnerability assessment and penetration testing team.
  • Partner with the penetration testing team to incorporate findings into broader cyber assurance reviews.
  • Lead remediation efforts for high-risk vulnerabilities, aligning them with the client’s overall compliance and cybersecurity objectives.
• Third-Party Risk Management Audits
  • Oversee large-scale third-party risk and compliance audits, ensuring alignment with industry-specific frameworks, regulatory standards, and contractual obligations.
• Regulatory Compliance Audits
  • Oversee regulatory compliance audits to ensure clients meet required standards and regulations.
  • Advise clients on audit preparation and guide them through maintaining compliance while improving cybersecurity measures.
  • Ensure clients' compliance programs address both current and emerging regulatory requirements.
• Client Relationship & Business Development
  • Build and sustain relationships with key stakeholders, positioning Digital Risks as a leader in cyber assurance and regulatory compliance.
  • Identify and capitalize on new business opportunities in cyber assurance, third-party risk assessments, and compliance audits.
  • Provide thought leadership on cyber assurance trends, regulatory updates, and best practices to enhance client relationships and grow the practice.
  • Advise clients on continuously improving their cybersecurity and compliance frameworks based on audit findings and risk assessments.
  • Recruit, develop, and lead a high-performing team specializing in cyber assurance, third-party risk management, and regulatory compliance.
  • Foster a culture of continuous learning, ensuring the team stays ahead of emerging trends in cybersecurity and compliance.
  • Contribute to the creation of innovative services and solutions to meet clients' evolving needs in cyber assurance and compliance auditing.

Requirements

• 12+ years of experience in cybersecurity, specializing in cyber assurance, third-party risk management, and regulatory compliance audits.
• Proven track record of leading cyber assurance engagements and guiding clients through risk management and compliance processes based on industry frameworks (e.g., NIST, ISO 27001).
• Expertise in managing third-party audits and ensuring regulatory compliance across audit lifecycles.
• In-depth understanding of regulatory frameworks, with hands-on experience delivering compliance audits for both commercial and government sectors.
• In-depth understanding of penetration testing and vulnerability assessments and their integration into broader cyber assurance projects.

Education & Certifications:

• Bachelor’s or master’s degree in information security, Computer Science, Engineering, or a related field.
• Relevant certifications such as CREST, OSCP, CISSP, CISM, CISA, ISO 27001 Lead Auditor, SANS, or other recognized credentials in cybersecurity, third-party risk management, and compliance auditing.

Skills:

• Strong commercial acumen, with proven ability to generate new business in cyber assurance and regulatory compliance services.
• Exceptional communication, presentation, and analytical skills with the ability to influence senior stakeholders and deliver impactful insights that improve cybersecurity resilience and regulatory compliance.

Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarised in the full job offer. We operate a discretionary global bonus scheme that incentivises, and rewards individuals based on company and individual performance. Control Risks supports hybrid working arrangements, wherever possible, that emphasise the value of in-person time together - in the office and with our clients - while continuing to support flexible and remote working. As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment process.