Senior / Manager / Consultant – Enterprise Risk Security Management in London

Location: Hybrid (60% on-site presence required), Various locations covering UK hubs.

Department: Consultancy

Contract Type: Full-time, Permanent

Salary: Competitive + Benefits

Role Requirements: Candidates must hold government security vetting at SC level and be able to meet UK residency requirements.

About Cyberfort: At Cyberfort, we're securing the digital future. As a leading UK provider of cybersecurity solutions, we deliver cutting-edge services in Managed Detection & Response (MDR), Penetration Testing, Security Operations, and Strategic Consulting. We're large enough to offer exciting opportunities, yet agile enough to ensure every voice is heard. At Cyberfort, you're not just joining a company, you're becoming part of a mission-driven team.

Why Join Us?

• Purpose-Driven Work: Help protect businesses and communities from evolving cyber threats.
• Growth & Development: Access mentoring, apprenticeships, graduate schemes, and continuous learning platforms.
• Inclusive Culture: We champion diversity through our Women's Network, Neurodiversity Awareness, and Inclusion Committee.
• Flexible Working: Hybrid and remote options to support work-life balance.
• Top-Tier Benefits: Competitive salary, private healthcare, wellbeing support, generous holiday allowance, and more.

About the Role: This role plays a critical part in strengthening the security of government products and services through Enterprise Security Risk Management (ESRM). As a Senior Security Risk Assurance Manager, you may be placed within one of three key functions: Security Assurance, Supply Chain Security Assurance, or Security Risk. Each function contributes to protecting the organisation by assessing the effectiveness of security controls, ensuring supply chain resilience, and identifying enterprise-level risks. The role involves impartial evaluations, continuous improvement, stakeholder collaboration, and strategic guidance to support informed decision-making and regulatory compliance across the enterprise.

Key Responsibilities:

• Conduct research and gather evidence to assess the effectiveness of security controls.
• Evaluate and interpret assurance data to support a holistic view of organisational security.
• Record findings accurately using assurance tools and templates.
• Assist senior team members in testing controls and drafting assurance reports.
• Support post-incident assurance activities to ensure lessons learned are captured and improvements implemented.
• Contribute to continuous improvement of assurance methodologies and practices.
• Present findings to stakeholders and represent the assurance function in meetings and forums.
• Maintain awareness of current threats, vulnerabilities, and best practices in security assurance.

Experience Required:

• Experience in information security, risk management, or assurance roles.
• Desirable qualifications – CISM, CRISC, CISSP, CISA, CGEIT, ISO 27001 Lead Auditor (or equivalent).
• Hold an active and transferable SC clearance.
• Strong analytical skills with the ability to interpret technical and procedural evidence.
• Excellent written and verbal communication skills.
• Ability to work collaboratively within a multidisciplinary team.
• Familiarity with security frameworks and standards (e.g., ISO 27001, NIST, CIS Controls).
• Attention to detail and commitment to producing high-quality documentation.

Inclusive Hiring: We understand that one size doesn't fit all. If you need adjustments during the recruitment process, we're here to support you. Cyberfort is proud to be a Disability Confident Employer, a CyberFirst partner, and a signatory of the Armed Forces Covenant.

Ready to Apply? If you're passionate about cybersecurity and want to make a real impact, we'd love to hear from you.