Cyber Risk Manager - Active Security Clearance Required

About You: You are a motivated and adaptable professional with a strong analytical mindset and a passion for using technology to solve real-world problems. You enjoy working in collaborative, agile teams and take pride in delivering high-quality solutions that make a tangible impact. With strong communication skills and a consultative approach, you’re comfortable engaging with clients, understanding their needs, and translating them into effective outcomes.

The Role: We are looking for an experienced Cyber Risk Manager to join our growing cyber practice on a permanent basis, supporting major public sector clients, with a particular focus on Local Government. You will work closely with client stakeholders to identify, assess, manage, and communicate cyber risks across a variety of programmes and operational environments. Acting as a trusted advisor, you will help organisations establish effective cyber risk management practices, improve governance processes, and implement proportionate controls aligned to their risk appetite.

You will play a key role in supporting the continued evolution of our Local Digital Cyber Risk capability, helping to mature reporting processes, strengthen risk insights, and enhance the use of the NCSC Cyber Assessment Framework (CAF) to support informed decision‑making across the sector. You will be a fundamental member of the team, responsible for leading cyber risk activities, supporting and developing colleagues, fostering best practice, and ensuring our clients remain resilient against an evolving threat landscape.

• Leading and facilitating cyber risk assessments across programmes, projects, and operational environments.
• Supporting and maintaining the Cyber Risk reporting process for the Local Government sector, ensuring timely and accurate reporting of cyber risks and emerging trends.
• Supporting the continued development and maturity of the Local Digital Cyber Risk function through the enhancement of metrics, reporting frameworks, and governance structures.
• Analysing NCSC Cyber Assessment Framework (CAF) returns to identify themes, trends, and actionable risk insights that inform decision‑making and prioritisation.
• Planning and executing assessments to determine the cyber risk levels associated with strategic departmental goals, programmes, and initiatives.
• Providing a cyber risk perspective on the development, refinement, and implementation of the CAF process to ensure it remains effective and aligned to organisational objectives.
• Directly engaging with councils, when required, to validate risk profiles, understand local challenges, and provide pragmatic risk‑based guidance.
• Developing and maintaining cyber risk registers, ensuring risks are appropriately documented, prioritised, assigned, and managed through to resolution.
• Assessing the effectiveness of security controls and recommending proportionate improvements to reduce risk exposure.
• Producing high‑quality risk reports, dashboards, and presentations for senior stakeholders and governance forums.
• Providing risk‑based guidance to technical and business teams throughout project lifecycles.
• Conducting third‑party and supplier cyber risk assessments where appropriate.
• Supporting internal and external audits, assurance reviews, and regulatory activities.
• Monitoring emerging threats and vulnerabilities to assess potential impacts to client environments.
• Promoting cyber risk awareness and embedding a positive security culture across client organisations.

Key Skills and Experience:

• Demonstrable experience working in cyber security, technology risk, information security, or enterprise risk management roles.
• Strong understanding of cyber risk management principles and methodologies.
• Experience working with recognised frameworks and standards, including:
• NIST Cybersecurity Framework (CSF)
• NCSC Cyber Assessment Framework (CAF)
• ISO/IEC 27001 and ISO/IEC 27005
• CIS Critical Security Controls
• COBIT
• Experience analysing risk data and translating findings into meaningful recommendations and reporting outputs.
• Experience maintaining risk registers and tracking remediation activities.
• Strong stakeholder management skills, with experience engaging senior leaders, executive audiences, and external organisations.
• Ability to communicate technical risks effectively to both technical and non‑technical stakeholders.
• Experience facilitating workshops and conducting interviews to gather evidence and validate risk assessments.
• Experience operating within Agile and multidisciplinary delivery environments.
• Knowledge of cloud security risks and controls across platforms such as Azure, AWS, or Google Cloud is beneficial.
• Experience within Local Government, the wider public sector, or regulated environments would be highly advantageous.
• Experience using data and reporting tools to develop metrics and management information would be beneficial.

Desirable Certifications:

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• ISO 27001 Lead Implementer or Lead Auditor
• NCSC or other recognised cyber security and risk management certifications.

Competitive Salary, Bonus Scheme, Private Healthcare Insurance, 25 Days Annual Leave + Bank Holidays, Up to 10 days allocated for development training per year, Enhanced Parental Leave, Paid Fertility Leave (5 Days), Statutory & Contributory Pension, EAP with Help@Hand, Gym Membership Benefits, Cycle to Work and Electric Vehicle Schemes, Flexible Working, Annual Away Days/Company Socials.

Diversity and Inclusion: As an equal opportunities employer, we are committed to creating a work environment that supports, celebrates, encourages and respects all individuals, where all processes are based on merit, competence, and business needs. Encouraging high social mobility is really important to us. We foster an inclusive culture by welcoming different perspectives, enabling equitable opportunities, and promoting open dialogue. This commitment is reflected in initiatives that support diversity, mental health, wellbeing, and professional development. Whatever stage you are at in your career, you will find an environment where you can thrive. Should you require further assistance or require any reasonable adjustments to be put in place to better support your application process, please do not hesitate to raise this with us. As a Disability Confident employer, we are committed to ensuring our recruitment process is accessible and inclusive, enabling all candidates to demonstrate their skills, experience and potential.