Technical Cyber Security Consultant

Join Cyberfort as a Technical Cyber Security Consultant (SC) in a remote role based in the UK with occasional travel.

Role Requirements: Candidates must hold government security vetting at SC level and be able to meet UK residency requirements.

About Cyberfort: At Cyberfort, we’re securing the digital future. As a leading UK provider of cybersecurity solutions, we deliver cutting‑edge services in Managed Detection & Response (MDR), Penetration Testing, Security Operations, and Strategic Consulting. We’re large enough to offer exciting opportunities, yet agile enough to ensure every voice is heard. At Cyberfort, you’re not just joining a company, you’re becoming part of a mission‑driven team.

Why Join Us?

• Purpose‑Driven Work: Help protect businesses and communities from evolving cyber threats.
• Growth & Development: Access mentoring, apprenticeships, graduate schemes, and continuous learning platforms.
• Inclusive Culture: We champion diversity through our Women’s Network, Neurodiversity Awareness, and Inclusion Committee.
• Flexible Working: Hybrid and remote options to support work‑life balance.
• Top‑Tier Benefits: Competitive salary, private healthcare, wellbeing support, generous holiday allowance, and more.

About the Role: The Cyber Security Consultant will support digital security risk management capability through the identification, assessment, analysis, logging and ongoing monitoring of information and cyber security risks. The role is responsible for delivering effective control assurance, validating that security control objectives are met across people, process and technology, and support the business in making well‑informed, risk‑based decisions.

Key Responsibilities:

• Deliver security risk identification, assessment, analysis and logging activities, ensuring risks are clearly articulated, consistently scored and recorded in approved Information Security Risk Management (ISRM) tools.
• Perform control assurance activities to validate how control objectives are being met in practice, working closely with technical delivery teams to understand design and implementation.
• Identify and document control gaps, assess residual risk, and clearly articulate outcomes within control and assurance artefacts.
• Support the delivery, rollout and continuous improvement of Information Security Risk Management methodologies, including the discovery, review and transformation of historic risk assessments into an updated, consistent approach.
• Manage allocated assignments end‑to‑end, ensuring all control, assurance and risk outputs are delivered accurately and in a timely manner.
• Maintain oversight of risk remediation activities, tracking actions through to implementation and ensuring ongoing risk treatment and control effectiveness.
• Provide advice, guidance and intelligent challenge on enterprise control alignment during reviews of solution designs, security documentation and architecture artefacts.
• Lead and facilitate collaborative control and risk workshops with business and technical stakeholders to drive shared understanding, surface key risks and agree appropriate outcomes.
• Contribute to post‑incident and remedial assurance activities, ensuring lessons learned are captured and embedded into control improvements.
• Provide input into formal scoping, ensuring key security risks are reflected in test scope and that critical controls are robustly assessed against expected security outcomes.
• Prepare clear, concise risk summary statements and assurance outputs for senior stakeholders and risk owners, translating technical issues into business‑focused language to enable effective information risk decisions.
• Present assurance findings and risk positions at governance forums and stakeholder meetings, representing the security assurance function with credibility.
• Ensure effective knowledge transfer on key assignments, building capability and understanding across business and technical stakeholders.
• Contribute to the continuous improvement of assurance practices, maintaining awareness of emerging threats, vulnerabilities and industry best practice.

What We’re Looking For:

• Experience in information security, risk management, or assurance roles.
• Desirable qualifications – CISM, CRISC, CISSP, CISA, CGEIT, ISO 27001 Lead Auditor (or equivalent).
• Hold an active and transferable SC clearance.
• Strong analytical skills with the ability to interpret technical and procedural evidence.
• Excellent written and verbal communication skills.
• Ability to work collaboratively within a multidisciplinary team.
• Familiarity with security frameworks and standards (e.g., ISO 27001, NIST, CIS Controls).
• Attention to detail and commitment to producing high‑quality documentation.

Inclusive Hiring: We understand that one size doesn’t fit all. If you need adjustments during the recruitment process, we’re here to support you. Cyberfort is proud to be a Disability Confident Employer, a CyberFirst partner, and a signatory of the Armed Forces Covenant.