I am looking for a senior, hands‑on security risk role focused on technical risk assessment, security control design and effectiveness. This position operates at the intersection of security architecture, service delivery and assurance, working closely with engineers and architects to ensure security controls are technically sound, proportionate and operationally effective across internal and third‑party services.
This is a technical risk role, not a pure governance or policy position.
Key Responsibilities
Act as the central security risk contact for complex IT services and platforms
Partner with architects and engineering teams to review and influence security design decisions
Lead technical security risk assessments across services, projects and supplier environments
Assess the design and operating effectiveness of security controls, identifying gaps and systemic risks
Drive risk remediation plans with clear control owners, milestones and measurable outcomes
Support assurance, audit and regulatory activities with evidence‑based, technically credible input
Contribute to security standards, control frameworks and third‑party security requirements
Track and report security risk exposure across services in a pragmatic, decision‑focused manner
Experience & Skills
Strong background in information security risk, control design and security architecture concepts
Ability to engage confidently with engineers, architects and delivery teams using technical language
Deep understanding of security frameworks and standards (e.g. ISO 27001, ISO 31000, COBIT; AI governance exposure a plus)
Experience working within outsourced, vendor‑led and multi‑supplier environments
Proven ability to balance risk, control effectiveness and operational reality
Excellent stakeholder communication and documentation skills
Experience bridging architecture, risk and assurance functions
Exposure to reporting, analytics or automation tools (e.g. Power BI, workflow tools)
#J-18808-Ljbffr