Job Specifications
Role Title:Lead Cyber Risk Consultant
Duration:contract to run until 30/10/2026
Location:Knutsford, Hybrid 3 days per week onsite
Rate:up to £511.29 p/d Umbrella inside IR35
Role purpose/summary
The Lead Cyber Risk Consultant will spearhead the EOL risk assessment project, providing strategic direction and oversight. In this role, you will lead a comprehensive evaluation of cybersecurity risks associated with End-of-Life technologies across the bank and apply a new cyber risk methodology to assign risk ratings. You will identify opportunities to reduce residual risk in obsolete systems, and guide remediation efforts through to successful transition into BAU processes. This position requires excellent leadership, communication, and stakeholder management to coordinate between technical teams and senior management.
Key Responsibilities:
Lead Risk Assessments: Plan and conduct a full stock assessment of EOL technologies within the bank, utilizing the new cyber risk methodology to evaluate and rate risks. Ensure the assessment covers all in-scope systems and aligns with the Client's governance frameworks and risk policies.
Risk Rating & Analysis: Oversee the analysis of identified vulnerabilities and weaknesses, and produce risk ratings and reports that clearly prioritize risks to the organization. Use strong analytical judgment to make risk-based recommendations, ensuring that risk findings are documented and actionable.
Residual Risk Reduction: Identify and recommend risk mitigation opportunities to reduce residual risk in Legacy platforms and applications. This includes advising on possible compensating controls or quick wins to address high-risk EOL items.
Remediation Planning: Collaborate closely with technology owners and engineering teams to develop remediation plans and prioritize fixes or upgrades for EOL systems1. Provide guidance on remediation pathways (eg system upgrades, migrations, decommissioning) and ensure plans are feasible and aligned with business priorities.
Project Leadership & Coordination: Coordinate the efforts of the Cyber Risk Analysts (and any other team members), assigning tasks and monitoring progress. Provide mentorship and technical guidance to the analysts, and review their assessment outputs for quality and consistency. (Acts as a small team manager - able to work independently while managing a team as needed.)
Stakeholder Engagement: Serve as the primary point of contact for stakeholders (eg Cybersecurity management, IT owners, Risk committees). Communicate risk findings and status updates in a clear, business-oriented manner. Prepare and present risk assessment reports and remediation progress to both technical and non-technical audiences, including mid-level management and potentially CISO or 2nd Line Risk functions.
Transition to BAU: Ensure that remediation activities and improved risk practices are handed over smoothly to the permanent operational teams. Support the development of any process changes (eg updates to Technology Lifecycle Management reporting or risk oversight processes) so that continuous management of EOL risks is Embedded into BAU. Provide knowledge transfer and documentation to internal staff as needed.
Required Skills & Competencies:
Cyber Risk Expertise: Deep knowledge of cyber risk management practices, including risk assessment methodologies and frameworks (eg NIST CSF, ISO 27005, FAIR). Ability to identify, classify, and prioritize cybersecurity risks in a large enterprise environments.
Technical Understanding: Strong understanding of IT infrastructure and applications, especially the challenges posed by End-of-Life technologies (outdated operating systems, unsupported software, Legacy hardware). Capable of evaluating technical dependencies and security implications of obsolete systems xx.
Analytical & Methodological Skills: Advanced analytical skills ("cyber analytics'), including proficiency with risk analysis tools or GRC platforms for tracking risk items. Comfortable analysing data (eg asset inventories, vulnerability scan results) to quantify risk levels and support data-driven decision making.
Leadership & Coordination: Proven ability to lead a team or project in a cybersecurity context. Excellent organizational skills to manage multiple parallel workstreams (risk assessment phase, remediation phase, reporting, etc.), ensuring milestones are met on time.
Communication & Stakeholder Management: Exceptional communication skills, both written and verbal. Able to translate technical risk issues into business terms and present findings/recommendations to stakeholders at various levels2. Strong stakeholder management and negotiation skills to drive consensus on remediation priorities and resource allocation.
Problem-Solving: Adept at solving complex problems and devising risk mitigation strategies. Can balance security requirements with operational practicalities, recommending solutions that reduce risk while enabling business objectives.
Adaptabil
About the Company
Experis is a global leader in IT professional resourcing, project solutions, and managed services specializing in Business Transformation, Enterprise Applications, Cloud and Infrastructure, Digital Workspace and Cyber Security. As digital transformation and acute skills shortages in tech continue unabated, Experis provides talent with the powerful combination of in-demand technical skills together with the soft skills that are critical for business success. We can connect you to individuals with a specific skill set, manage ...
Know more