At a Glance
- Tasks: Lead cybersecurity risk assessments and implement secure design solutions in public sector environments.
- Company: Dynamic tech firm focused on innovative security solutions for MOD and public sectors.
- Benefits: Competitive salary, hybrid working, and continuous career development opportunities.
- Other info: Inclusive culture that values diversity and supports your career growth.
- Why this job: Join a team of experts and make a real impact in cybersecurity.
- Qualifications: Experience in cybersecurity and relevant frameworks; DV clearance required.
The predicted salary is between 60000 - 80000 β¬ per year.
Location: Cambridgeshire / London, Hybrid - c. 3 days minimum on-site presence required
Contract Type: Permanent & Full-time
Salary: Competitive + Benefits
About the Role
As a Cyber Security Consultant, you will play a pivotal role in delivering Secure by Design risk and security assurance services within MOD and Public Sector environments. You'll collaborate with multi-disciplinary teams to define and implement security risk assessments and best practice solutions, ensuring alignment with business risk appetites and transformation goals. You'll be part of a knowledge-sharing culture, working alongside expert peers in Secure Architecture and Risk Planning.
Key Responsibilities
- Deliver Secure by Design risk and security assurance functions within MOD/Public Sector.
- Lead and advise on risk management frameworks, ISMS, and Enterprise Security Risk Management.
- Facilitate security and risk workshops with Authority departments.
- Produce clear reporting on vulnerabilities, risks, controls, and treatment activities.
- Provide pragmatic remediation and risk management guidance.
- Support secure design across technology platforms including cloud infrastructures.
- Contribute to blogs and research within the business community.
Experience Required
The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC and UK Cyber Security Council professional registration at either Chartered or Principal for Risk Management. Active DV clearance required.
Strong working knowledge of:
- Security Assurance Coordinator or Delivery Team Security Lead roles
- JSP440, JSP604/453 & JSP490
- Working with system secure design
- MOD/GDS Secure by Design Principles
- Supplier Chain Assurance and Risks.
- Security related legislation (e.g. GDPR, PCI DSS, ICO requirements).
- Security Control Frameworks such as ISO 27001, NIST CSF and CIS Controls v8.
- HMG, NPSA and NCSC security policies, standards and guidance.
Have experience building and implementing secure by design principles within the software development lifecycle (SDLC). Threat Modelling - Kill Chain - Attack tree analysis.
Working understanding of:
- Cloud security including Azure, Amazon Web Service, Key Management Systems, Containerisation, Network Security Groups, Host based firewalls, Web Application Firewalls
- Physical Network Infrastructure, Anti-Patterns, Network Firewalls, IDS/IPS, DMZs
- AI use cases, secure configuration (ISO42001 knowledge preferable), ITHC scoping and remediation action plans.
- HLD and LLD reviews and analysis.
Working knowledge and experience of tooling relating to cloud security posture management offerings, cloud native security (AWS/Azure) and endpoint security.
Proficient in Public Key Infrastructure, Data at Rest/in Transit, Cryptography, Privileged User Access Management, Zero Trust, Cross Domain Solutions and Role-based Access Controls.
Thrives on tackling challenges with creative solutions, challenging the normal.
What's in it for You
- Hybrid Working: c. 3 days onsite per week.
- Career Development: Continuous learning and professional growth.
Interested? Submit your application to learn more about this exciting opportunity.
Reasonable Adjustments: Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients. If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.
Cyber GRC Consultant (DV Cleared) in Reading employer: Sanderson Government and Defence
As a Cyber GRC Consultant with us, you'll be part of a dynamic and inclusive team that values knowledge sharing and professional growth. Our hybrid working model allows for flexibility while ensuring you engage with expert peers in the field, all within a supportive environment that prioritises your career development and well-being. Join us in making a meaningful impact in the MOD and Public Sector, where your contributions will be recognised and rewarded.
Contact Detail:
Sanderson Government and Defence Recruiting Team
StudySmarter Expert Adviceπ€«
We think this is how you could land Cyber GRC Consultant (DV Cleared) in Reading
β¨Tip Number 1
Network like a pro! Get out there and connect with folks in the cyber security field. Attend meetups, webinars, or even local events. You never know who might have the inside scoop on job openings or can put in a good word for you.
β¨Tip Number 2
Show off your skills! Create a portfolio or a personal website where you can showcase your projects, blogs, or any relevant work. This is a great way to demonstrate your expertise and passion for cyber security to potential employers.
β¨Tip Number 3
Prepare for interviews by practising common questions and scenarios related to Cyber GRC. Think about how you would handle specific risk management challenges or security assessments. The more prepared you are, the more confident you'll feel!
β¨Tip Number 4
Don't forget to apply through our website! We love seeing applications directly from candidates who are excited about joining our team. Plus, it gives you a chance to stand out and show us why you're the perfect fit for the role.
We think you need these skills to ace Cyber GRC Consultant (DV Cleared) in Reading
Some tips for your application π«‘
Tailor Your Application:Make sure to customise your CV and cover letter to highlight your experience in cybersecurity and risk management. We want to see how your skills align with the specific requirements of the Cyber GRC Consultant role.
Showcase Relevant Experience:When detailing your past roles, focus on your achievements related to security assurance and risk frameworks. We love seeing concrete examples of how you've tackled challenges in similar environments.
Be Clear and Concise:Keep your application straightforward and to the point. Use bullet points for easy reading and ensure your key skills and experiences stand out. We appreciate clarity as much as you do!
Apply Through Our Website:Donβt forget to submit your application through our website! Itβs the best way for us to receive your details and ensures youβre considered for this exciting opportunity.
How to prepare for a job interview at Sanderson Government and Defence
β¨Know Your Cyber Security Stuff
Make sure you brush up on your knowledge of security frameworks like ISO 27001 and NIST CSF. Be ready to discuss how you've applied these in past roles, especially in MOD or Public Sector environments. This shows you're not just familiar with the theory but can also implement it in practice.
β¨Prepare for Scenario-Based Questions
Expect questions that ask you to solve hypothetical security challenges. Think about how you would lead a risk management workshop or advise on secure design principles. Practising these scenarios will help you articulate your thought process clearly during the interview.
β¨Showcase Your Collaborative Spirit
Since the role involves working with multi-disciplinary teams, be prepared to share examples of how you've successfully collaborated in the past. Highlight any experience you have in facilitating workshops or knowledge-sharing sessions, as this will demonstrate your ability to work well with others.
β¨Stay Updated on Current Trends
Cybersecurity is always evolving, so make sure you're aware of the latest trends and threats. Being able to discuss recent developments in cloud security or new legislation like GDPR will show that you're proactive and engaged in the field, which is a big plus for any employer.
