Vulnerability Architect

About Us

Turnkey Consulting is an independent risk and security consultancy that brings together people, protection, and performance to help organisations achieve Digital Enterprise Resilience. For more than 20 years, Turnkey has enabled the world’s leading companies to understand and optimise their risk and security landscape through assessment-based road mapping, organisational empowerment, and expert application of market-leading technologies. Turnkey is headquartered in London with offices across Asia, Australia, Europe, and North America.

Role Overview

We are seeking an experienced individual with a strong foundation in SAP Vulnerability Management and Threat Detection systems, including associated controls, proficiency in SAP environments, and awareness of Cybersecurity frameworks.

Key Responsibilities

• Design, implement, and assess vulnerability management frameworks, primarily within SAP-enabled environments.
• Lead client conversations on SAP Vulnerability and Threat Management strategy, compliance challenges, and controls optimisation.
• Provide insight on Information Security frameworks (OWASP/NIST/NIS2 etc.) and the Secure Operations Map, helping communicate regulatory or good practice obligations and actionable solutions.
• Manage and mentor junior consultants and analysts to aid a high-performance team culture.
• Support business development activities, including scoping, proposal development, and client pitches throughout the sales lifecycle.
• Build long-term relationships with clients as a trusted advisor in controls and compliance.

Required Core Behaviours

• Ability to focus on the “why” of our solutions, not just the how.
• Demonstrable experience in prioritising the client’s objectives.
• Passionate about improving the perception of the industry towards a more business growth enabling function.
• Demonstrable ability to build productive relationships with both internal and external stakeholders in a hybrid working environment.

Required Skills & Experience

• Strong experience designing and executing detection and protective controls, ideally within SAP ERP systems.
• Experience in one of Onapsis, Security Bridge, SAP ETD, Pathlock CAC.
• Strong experience of implementing vulnerability management controls (implementation and testing).
• Knowledge of relevant industry frameworks and vendor solutions aligned to provide such control solutions.
• Demonstrated ability to lead engagements and communicate effectively with senior stakeholders.
• Proven track record in team management and mentoring.
• Familiarity with the consulting sales lifecycle, including opportunity identification and bid support.
• Excellent analytical, presentation, and organisational skills.

Preferred Qualifications

• Professional certifications such as CREST or equivalent.
• Experience in risk advisory or Big Four consultancy environment.
• Exposure to emerging technologies in risk and controls, such as automation, data analytics, AI etc.

Reports to: RSC Director

Salary: Competitive salary depending on a combination of factors, including level of experience and expertise, in addition to an OTE bonus.

Benefits

• Pension: on joining, employees will be automatically enrolled in our workplace pension scheme
• Holiday Entitlement: employees receive 25 days per holiday year plus all statutory bank and public holidays in England and Wales
• Private Medical Insurance: employees will be enrolled onto the company BUPA healthcare scheme
• Insurances: Life Insurance and Critical Illness cover are provided to all employees
• Carbon Offset: Employees will be enrolled on the company\’s carbon offset scheme, which is committed to offsetting at least 50% of all employees\’ personal carbon emissions. All Turnkey employees are entitled to £40 worth of carbon credits each year, which can offset 7 tonnes of carbon. Options are available to increase carbon credit amounts, which would be treated as a benefit in kind.

Location: Based in our London office, with hybrid working (expected office working 2-3 days per week). Occasional travel to our offices in other countries will be expected as part of this role if there is a requirement to do so.