Cyber Risk & Security Manager
Posted 4 days 14 hours ago by Spirit UK Ltd
We are seeking an experienced Cyber Risk & Security Manager to lead the delivery of cyber risk assessments, governance advisory services, security maturity programmes, and SOC strategy engagements. The role requires a highly capable security professional with experience across risk advisory, vulnerability management, security operations design, compliance frameworks, and executive reporting.
The successful candidate will operate at both strategic and technical levels, supporting board-level decision making while driving operational security improvements aligned to recognised standards such as NIST CSF, ISO 27001, DORA, PCI DSS, and MITRE ATT&CK.
Reporting To:
Director / Head of Cyber Security
Location:
London (Hybrid)
Employment Type:
Full Time
Salary:
£50,000 - £70,000 (dependent on experience and sponsorship thresholds)
- Lead end to end cyber risk assessments and cyber maturity reviews.
- Conduct cyber risk quantification exercises using recognised methodologies (e.g., FAIR).
- Develop and deliver tabletop exercises and resilience simulations.
- Produce executive level cyber risk reports and mitigation roadmaps.
- Provide strategic advisory support to senior stakeholders and underwriters.
- Design and implement Security Operations Centre (SOC) operating models.
- Conduct vulnerability management programmes, gap analyses, and remediation tracking.
- Lead penetration testing and application security assessments (OWASP Top 10).
- Oversee DLP and DDA monitoring strategies.
- Support ISMS implementation aligned with ISO 27001.
- Ensure alignment with GDPR, PCI DSS, DORA, NIST CSF, COBIT, SANS, and related frameworks.
- Develop security policies, SOPs, and governance documentation.
- Conduct IT resilience and cloud security audits.
- Advise on cloud migration security and VDI transformation programmes.
- Conduct asset management audits and security architecture reviews.
- Perform cyber breach investigations and incident management leadership.
- Implement automation initiatives to improve cyber risk evaluation processes.
- Engage with senior executives and cross functional stakeholders.
- Contribute to proposal development and client solution design.
- Mentor junior consultants and contribute to internal capability development.
- Support cybersecurity awareness and outreach initiatives.
- 10+ years' experience in cyber security, risk advisory, or security operations.
- Proven experience delivering cyber maturity assessments and risk advisory engagements.
- Experience designing SOC or security operating models.
- Strong understanding of vulnerability management and penetration testing.
- Experience aligning organisations to NIST CSF, ISO 27001, and related frameworks.
- Executive report writing and board level presentation capability.
- Experience leading client engagements and managing stakeholders.
- Ideally big 4 experience
- Familiarity with MITRE ATT&CK and FAIR methodologies.
- MSc in Cyber Security (or equivalent)
- CEH, CompTIA Security+ (required or equivalent experience)
- CE Advisor or prepared to become a Cyber Essentials Assessor
- Strategic thinker with strong analytical capability
- Strong documentation and structured reporting ability
- Leadership and mentoring capability
- Process improvement and automation mindset
37.5 - 40 hours per week
This role meets Skilled Worker sponsorship skill level requirements (RQF Level 6+). Sponsorship may be considered subject to eligibility and Home Office compliance requirements.
How to Apply:Call , submit the application form or email
Apply For Role:Either call or complete the form below