Principal Cyber Risk Management & Assurance Advisor
Clearance Level: SC
Location: UK (Flexible / Remote options)
Salary: Competitive + Benefits
A growing UK digital and cybersecurity organisation is seeking a Principal Cyber Risk Management & Assurance Advisor to join their senior team. This is a high-impact role providing expert cyber risk management, assurance, and architectural guidance across major applications and digital services.
Key Responsibilities
Lead cyber and information security risk management and assurance across digital services during alpha, beta, and early live phases.
Conduct critical security assessments and IT Health Checks, ensuring SaaS tools comply with NCSC Cloud Security Principles.
Facilitate and oversee Security Working Groups, ensuring risks are captured, tracked, and reported with clear, actionable recommendations.
Prepare formal risk assessments and risk treatment plans, ensuring digital services operate within defined risk appetites.
Advise on Secure by Design policies, covering secure coding, regulatory compliance frameworks (e.g., OWASP, DPIA, GovAssure), and safe AI use.
Coordinate cross-platform activities to support secure delivery of digital services, including incident management and ongoing improvements.
Provide regular and ad-hoc risk briefings to senior leaders, highlighting critical risks, mapping exposure, and recommending mitigations.
Mentor and train digital service teams and Information Security staff, building capability and expertise across the organisation.
Oversee the implementation and use of risk management tools, ensuring all data is accurate and up-to-date.
Engage with internal and external stakeholders to promote a strong security culture and enable confident delivery.
Take on future line management responsibilities as the team grows.
About You
Extensive experience delivering high-quality cyber risk assessments and assurance in complex digital environments, preferably in government or critical infrastructure.
Strong knowledge of cyber risk management, threat modelling, security architecture, and IT Health Checks, including experience with SaaS and cloud security.
Skilled at applying cyber security standards, regulatory frameworks, and secure-by-design principles in multi-disciplinary teams.
Confident self-starter, capable of working independently and collaboratively.
Proven ability to build cross-functional relationships, lead security initiatives, and influence senior stakeholders.
Excellent written and verbal communication, able to convey technical findings as clear, actionable recommendations.
Committed to continuous learning and developing others through mentoring and capability-building.
Ability to assess emerging technology risks (AI, SaaS, cloud) and recommend proactive security measures.
Understanding of organisational values such as respect, collaboration, inclusivity, with a focus on public service ethos.
Qualifications / Certifications
Relevant industry certifications (e.g., CISSP) or a Master's degree in a relevant discipline.
