Job Description
Our client, a leading global security service provider, partners with some of the world’s most recognised security technology brands and is looking for passionate, curious, and motivated individuals to join their team. They are currently hiring a Cloud Security Risk & Compliance Specialist to support clients in assessing, managing, and enhancing their security risk posture.
Role Responsibilities:
As a Cloud Security Risk & Compliance Specialist, you will:
* Assess and test the effectiveness of security controls, documenting compliance levels to identify risks and control gaps.
* Understand the UK and EU security regulatory landscape that affects business and IT areas.
* Evaluate security risks against client-specific risk models or established frameworks such as ISO3100, NIST, ISO27000, ISF, CIS, and UK CAF.
* Develop and review security risk models, standards, procedures, and controls to manage and mitigate client risks.
* Enhance security risk posture by defining improvement processes, leveraging platforms, policy, automation, and continuously evolving capabilities.
* Ensure that security controls are operational and effective, evaluating them as necessary.
* Recommend tooling and process improvements, develop reporting metrics, dashboards, and document evidence.
* Report and document control failures and gaps, providing remediation guidance and preparing management reports to track activities.
What You Bring:
This role offers the chance to work on challenging projects in an environment that values tangible, impactful solutions. You should have a comprehensive background in security risk management, with demonstrated experience in several of the following areas:
* Proficiency in risk assessment and management methodologies or frameworks.
* Expertise in applying qualitative and quantitative risk or threat-based models.
* Knowledge of UK/EU information security governance, compliance principles, and relevant laws/regulations.
* Experience with Security Risk Management, Compliance, or Data Protection technology platforms.
* Proficiency in implementing or operating compliance frameworks, including:
* ISO 27001 compliant ISMS
* PCI DSS / SOX compliance
* UK NCSC CAF compliance
* UK or EU GDPR / Data Protection compliance
* NIS/NIS2, DORA compliance
* UK Operational Resilience / TSA(R) compliance
* UK CNI / OT / IIOT compliance
* Understanding of cyber and cloud security standards and frameworks, including architecture, design, operations, controls, technology, solutions, and service orchestration.
* Core knowledge of IT systems and processes, network infrastructure, data architecture, and protocols.
* Experience in information systems auditing, monitoring, controlling, and assessment.
* Knowledge of incident response management.
* Excellent written English skills for technical documentation and process improvements (e.g., policies and reports).
* The ability to explain complex topics to a diverse range of audiences.
* Keen attention to detail and commitment to delivering high-quality work.
* A valid right to work in the UK and UK SC clearance.
* A relevant professional Security / Risk / Compliance certification supporting the role, such as CISSP, PCI ISA, ISO 27001 ISMS Lead Implementer, or CRISC.