Senior Security Risk Specialist - Inside IR35 - Hybrid

We are looking for a pragmatic and motivated Senior Security Risk Specialist with a strong understanding of security risk and information security control concepts to support our Security Risk Management function.

In this role, you will play a key part in the design, implementation, and ongoing improvement of the organisation's security risk management framework. Reporting to the Head of Security Risk Management & Assurance, this is a hands-on position working across a broad range of security risk management activities in support of the overall risk management strategy.

You will have the opportunity to directly influence how security risks are identified, assessed, and managed, while helping to drive increased maturity across the security risk function. What you'll be doing

You will:

• Operate and support the continuous improvement of the security risk management framework, ensuring alignment with business objectives, industry standards, regulatory requirements, and stakeholder expectations
• Conduct security risk assessments and support the development of risk mitigation recommendations and tailored risk treatment strategies
• Analyse and improve existing security risk management processes to identify inefficiencies, gaps, and opportunities for optimisation, including the use of automation and tooling
• Collaborate with teams across the business to implement security risk management processes and provide advice on projects, risks, and controls, balancing security best practices with business context
• Produce security risk metrics and enhance reporting capabilities to improve visibility, decision-making, and overall risk management maturity
• Support the design and continuous improvement of security awareness and risk management training materials

You are, or have:

• Hands-on experience in security risk management within a fast-paced organisation, ideally a public technology company or a regulated industry
• Experience designing, implementing, and improving processes and procedures for managing security risk
• Experience performing security risk assessments in cloud-based environments
• A strong understanding of the technologies and processes used by modern, agile technology organisations
• Experience defining, using, and improving security metrics and security risk management reporting to support effective decision-making
• Confidence discussing security risks with a wide range of stakeholders, including both technical/engineering and non-technical roles
• Familiarity with security standards and frameworks such as PCI-DSS, NIST SP 800-53, NIST CSF, ISO 27001, and SOC 2
• Practical experience using Large Language Models (LLMs) in day-to-day security risk management activities, including:

• Accelerating risk analysis and documentation
• Supporting control gap analysis and evidence review
• Assisting with policy, standard, and procedure development
• Enhancing reporting, insights, and stakeholder communications

• The ability to identify opportunities to responsibly apply automation and AI/LLMs to improve efficiency, consistency, and scalability of security risk management processes