Technical Cyber Security Consultant

- Deliver security risk identification, assessment, analysis and logging activities, ensuring risks are clearly articulated, consistently scored and recorded in approved Information Security Risk Management (ISRM) tools. - Perform control assurance activities to validate how control objectives are being met in practice, working closely with technical delivery teams to understand design and implementation. - Identify and document control gaps, assess residual risk, and clearly articulate outcomes within control and assurance artefacts. - Support the delivery, rollout and continuous improvement of Information Security Risk Management methodologies, including the discovery, review and transformation of historic risk assessments into an updated, consistent approach. - Manage allocated assignments end-to-end, ensuring all control, assurance and risk outputs are delivered accurately and in a timely manner. - Maintain oversight of risk remediation activities, tracking actions through to implementation and ensuring ongoing risk treatment and control effectiveness. - Provide advice, guidance and intelligent challenge on enterprise control alignment during reviews of solution designs, security documentation and architecture artefacts. - Lead and facilitate collaborative control and risk workshops with business and technical stakeholders to drive shared understanding, surface key risks and agree appropriate outcomes. - Contribute to post-incident and remedial assurance activities, ensuring lessons learned are captured and embedded into control improvements. - Provide input into formal scoping, ensuring key security risks are reflected in test scope and that critical controls are robustly assessed against expected security outcomes. - Prepare clear, concise risk summary statements and assurance outputs for senior stakeholders and risk owners, translating technical issues into business-focused language to enable effective information risk decisions. - Present assurance findings and risk positions at governance forums and stakeholder meetings, representing the security assurance function with credibility. - Ensure effective knowledge transfer on key assignments, building capability and understanding across business and technical stakeholders. - Contribute to the continuous improvement of assurance practices, maintaining awareness of emerging threats, vulnerabilities and industry best practice.