About Us
We are a technology consultancy and digital transformation partner that helps organisations tackle complex challenges through strategy, design, engineering and delivery.
About You
You are a motivated and adaptable professional with a strong analytical mindset and a passion for using technology to solve real‑world problems. You enjoy working in collaborative, agile teams and take pride in delivering high‑quality solutions that make a tangible impact. With strong communication skills and a consultative approach, you are comfortable engaging with clients, understanding their needs, and translating them into effective outcomes.
The Role
We are looking for an experienced Cyber Risk Manager to join our growing cyber practice on a permanent basis, supporting major public sector clients with a particular focus on Local Government. Your responsibilities will include:
- Acting as a trusted advisor to identify, assess, manage and communicate cyber risks across programmes and operational environments.
- Supporting the evolution of our Local Digital Cyber Risk capability, improving reporting processes, risk insights and the use of the NCSC Cyber Assessment Framework (CAF).
- Leading cyber risk activities, mentoring colleagues and fostering best practice to ensure clients remain resilient against an evolving threat landscape.
Requirements
- Leading and facilitating cyber risk assessments across programmes, projects and operational environments.
- Maintaining cyber risk reporting processes for the Local Government sector, ensuring timely and accurate reporting of cyber risks and emerging trends.
- Enhancing metrics, reporting frameworks and governance structures to mature the Local Digital Cyber Risk function.
- Analyzing NCSC CAF returns to identify themes, trends and actionable risk insights.
- Planning and executing assessments to determine cyber risk levels for strategic departmental goals and initiatives.
- Providing a cyber risk perspective on the development and refinement of the CAF process to ensure alignment with organisational objectives.
- Engaging directly with councils, when required, to validate risk profiles and provide pragmatic risk‑based guidance.
- Developing and maintaining cyber risk registers, ensuring risks are documented, prioritised, and managed to resolution.
- Assessing security controls and recommending proportionate improvements.
- Producing high‑quality risk reports, dashboards and presentations for senior stakeholders and governance forums.
- Providing risk‑based guidance to technical and business teams throughout project lifecycles.
- Conducting third‑party and supplier cyber risk assessments where appropriate.
- Supporting internal and external audits, assurance reviews and regulatory activities.
- Monitoring emerging threats and vulnerabilities to assess potential impacts to client environments.
- Promoting cyber risk awareness and embedding a positive security culture across client organisations.
Key Skills and Experience
- Demonstrable experience in cyber security, technology risk, information security or enterprise risk management roles.
- Strong understanding of cyber risk management principles and methodologies.
- Experience working with recognised frameworks and standards, including:
- NIST Cybersecurity Framework (CSF)
- NCSC Cyber Assessment Framework (CAF)
- ISO/IEC 27001 and ISO/IEC 27005
- CIS Critical Security Controls
- COBIT
- Experience analysing risk data and translating findings into meaningful recommendations and reporting outputs.
- Experience maintaining risk registers and tracking remediation activities.
- Strong stakeholder management skills, engaging senior leaders and external organisations.
- Ability to communicate technical risks effectively to both technical and non‑technical stakeholders.
- Experience facilitating workshops and conducting interviews to gather evidence and validate risk assessments.
- Experience operating within Agile and multidisciplinary delivery environments.
- Knowledge of cloud security risks and controls across platforms such as Azure, AWS or Google Cloud (beneficial).
- Experience within Local Government or the wider public sector (highly advantageous).
- Experience using data and reporting tools to develop metrics and management information (beneficial).
Desirable Certifications
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- CISA (Certified Information Systems Auditor)
- ISO 27001 Lead Implementer or Lead Auditor
- NCSC or other recognised cyber security and risk management certifications
Benefits
- Competitive Salary
- Bonus Scheme
- Private Healthcare Insurance
- 25 Days Annual Leave + Bank Holidays
- Up to 10 days allocated for development training per year
- Enhanced Parental Leave
- Paid Fertility Leave (5 days)
- Statutory & Contributory Pension
- EAP with Help@Hand
- Gym Membership Benefits
- Cycle to Work and Electric Vehicle Schemes
- Flexible Working
- Annual Away Days/Company Socials
Diversity and Inclusion
We are an equal opportunities employer and are committed to encouraging equality, diversity and social mobility. All processes are based on merit, competence and business needs. We welcome a diverse range of perspectives and provide an inclusive environment for all employees.
