Cyber Security Risk Consultant
Location:
Bristol, England, United Kingdom
Role Type:
Permanent – Full Time
Role Purpose
Understand and advise on cyber security vulnerability, risks, audit & compliance in a business or operational context and cyber security threat environment
Key Accountabilities
Cyber Risk Advisor/Consultant
1. Create business risk models and associated material, in support of operational cyber security and business planning across a range of different domains or sectors using established frameworks (e.g. NIST, UK Government)
2. Undertake cyber security audit processes in support of operational and business planning activity across a range of different domains or sectors against recognised standards (e.g. ISO27001, UK Government)
3. Undertake cyber security vulnerability analysis to provide a rich picture of organisational maturity and risk exposure to cyber security, in support of operational and business planning activity across a range of different domains or sectors using established frameworks (e.g. NIST, MITRE ATT&CK, UK Government)
4. Identify mitigations for cyber risk in a given business or operational scenario and threat environment
5. Support development of cyber security risk cases in a given business or operational context
Key Capabilities/Knowledge
- Understand relevant NIST frameworks and ISO27001 standards and how to apply in practice
- Knowledge of MITRE ATT&CK
- Understands the impact of cyber risk, security accreditation and certification on business or operational outcomes
- Able to articulate regulatory requirements and devise courses of action to meet these appropriate to the business or operational context.
- Able to devise effective and creative risk mitigation strategies that enhance business outcomes
- Understand cyber risk and mitigations put in place and can provide evidence to help refine risk mitigation approaches
- Able to identify, document and articulate security risk and mitigation approaches, against technology solutions and business processes
- Able to engage and communicate effectively with customers
- Able to engage and communicate effectively with stakeholders at all levels
- Good awareness of digital technology (in particular computer and computer network)
- Awareness of how architects and designers employ the technology to build systems of interest
- Demonstrate good judgement in relation to cyber risk and vulnerability assessment
- Able to articulate evidenced and convincing arguments for recommended courses of action
- Government, defence, CNI market understanding
- Able to work independently and seek guidance on own initiative for unusual or complex situations
Essential
- STEM degree or equivalent and relevant experience in cyber security role
- Digitally literate (including fluency in Microsoft Office tools)
- Minimum of 2-3 years of experience in security vulnerability, risk, audit & compliance
- Experience applying/work to relevant NIST and ISO27001 frameworks and standards in different sectors and domains including defence, wider UK Government, critical national infrastructure.
- Experience guiding successful security audit preparation and outcomes
- Membership of CIISec or equivalent
Understand and advise on cyber security vulnerability, risks, audit & compliance in a business or operational context and cyber security threat environment
Key Accountabilities
Cyber Risk Advisor/Consultant
1. Create business risk models and associated material, in support of operational cyber security and business planning across a range of different domains or sectors using established frameworks (e.g. NIST, UK Government)
2. Undertake cyber security audit processes in support of operational and business planning activity across a range of different domains or sectors against recognised standards (e.g. ISO27001, UK Government)3. Undertake cyber security vulnerability analysis to provide a rich picture of organisational maturity and risk exposure to cyber security, in support of operational and business planning activity across a range of different domains or sectors using established frameworks (e.g. NIST, MITRE ATT&CK, UK Government)
4. Identify mitigations for cyber risk in a given business or operational scenario and threat environment
5. Support development of cyber security risk cases in a given business or operational context
Key Capabilities/Knowledge
- Understand relevant NIST frameworks and ISO27001 standards and how to apply in practice
- Knowledge of MITRE ATT&CK
- Understands the impact of cyber risk, security accreditation and certification on business or operational outcomes• Able to articulate regulatory requirements and devise courses of action to meet these appropriate to the business or operational context.
- Able to devise effective and creative risk mitigation strategies that enhance business outcomes
- Understand cyber risk and mitigations put in place and can provide evidence to help refine risk mitigation approaches
- Able to identify, document and articulate security risk and mitigation approaches, against technology solutions and business processes
- Able to engage and communicate effectively with customers
- Able to engage and communicate effectively with stakeholders at all levels
- Good awareness of digital technology (in particular computer and computer network)
- Awareness of how architects and designers employ the technology to build systems of interest
- Demonstrate good judgement in relation to cyber risk and vulnerability assessment
- Able to articulate evidenced and convincing arguments for recommended courses of action
- Government, defence, CNI market understanding
- Able to work independently and seek guidance on own initiative for unusual or complex situations
Essential
- STEM degree or equivalent and relevant experience in cyber security role
- Digitally literate (including fluency in Microsoft Office tools)• Minimum of 2-3 years of experience in security vulnerability, risk, audit & compliance
- Experience applying/work to relevant NIST and ISO27001 frameworks and standards in different sectors and domains including defence, wider UK Government, critical national infrastructure.
- Experience guiding successful security audit preparation and outcomes
- Membership of CIISec or equivalent