Senior Cyber Security Consultant

Whitehall Resources Limited

Cambridge, United Kingdom

2 days ago

Role details

Contract type

Temporary contract

Employment type

Full-time (> 32 hours)

Working hours

Regular working hours

Languages

English

Experience level

Senior

Job location

Cambridge, United Kingdom

Tech stack

Computer Security

Decision Support Systems

Software Design Patterns

Identity and Access Management

Remote Access Technology

Cybercrime

Job description

Whitehall Resources require 2x Senior Cyber Security Consultants to work with a key client on a 6 week initial contract. *This role will involve on site work in Cambridge 2 days per week. *Inside IR35. Senior Cyber Security Consultant We require specialist cyber security expertise to support ongoing security consulting activities across strategic initiatives, including mergers & acquisitions (M&A), third-party access risk management, enterprise risk consulting, and threat modelling engagements. To strengthen capability and accelerate delivery, two senior security consultants with expert-level cyber security skills and demonstrable experience in complex enterprise environments. Objectives: The objective of this engagement is to provide expert-level cyber security advisory and delivery support to:

Assess and articulate cyber risks to the business
Develop secure design recommendations
Produce actionable mitigation strategies
Support M&A security due diligence and integration activities
Strengthen third-party and supply chain security posture
Enhance enterprise threat modelling and risk management capability The consultants will deliver structured security artefacts that inform decision-making at both technical and executive levels. Scope of Services The consultants will provide services including, but not limited to: Mergers & Acquisitions (M&A) Security
Cyber due diligence assessments
Target company security posture evaluations
Identification of inherited risks and liabilities
Gap analysis against industry standards and internal policies
Day 1 / Day 100 security integration planning
Post-acquisition remediation planning Third-Party Access & Supply Chain Security
Assessment of third-party connectivity and access models
Review of identity, privilege, and remote access controls
Risk assessment of supplier and partner integrations
Recommendations for secure onboarding and monitoring
Design of improved third-party governance controls Risk Consulting
Enterprise security risk assessments
Business impact analysis of cyber threats
Control effectiveness reviews
Risk register development and enhancement
Risk quantification and prioritisation
Alignment to frameworks (e.g., NIST, ISO 27001, CIS, etc.) Threat Modelling & Secure Design
Application and system-level threat modelling
STRIDE / attack-path modelling workshops
Identification of abuse cases and threat scenarios
Secure architecture reviews
Design validation against security principles
Mitigation strategy development Deliverables The consultants will produce high-quality security artefacts including, but not limited to: Risk & Assessment Artefacts
Cyber Due Diligence Reports
Security Risk Assessment Reports
Third-Party Risk Assessment Reports
Threat Model Documentation
Risk Registers and Risk Heat Maps
Executive Risk Summaries Architecture & Design Artefacts
Secure Architecture Review Documents
Security Design Recommendations
Control Gap Analysis Reports
Remediation Roadmaps
Target-State Security Architecture Diagrams Mitigation & Improvement Plans
Prioritised remediation plans
Control implementation guidance
Compensating control recommendations
Governance improvement recommendations
Integration security playbooks (for M&A) All artefacts will:
Clearly articulate business risk
Identify likelihood and impact
Provide pragmatic, risk-based recommendations
Include implementation considerations
Be suitable for both technical and executive audiences, * Leading workshops and stakeholder interviews
Conducting assessments and technical reviews
Producing formal security artefacts
Presenting findings to leadership
Advising on prioritisation and remediation strategy Client Responsibilities
Provide timely access to systems, documentation, and stakeholders
Identify key business contacts and decision-makers
Support scheduling of workshops and interviews
Review and approve deliverables Success Criteria The engagement will be considered successful if:
Security risks are clearly identified and articulated
Executives are provided actionable decision support
Secure design patterns are adopted in key initiatives
M&A risks are identified pre-transaction or early in integration
Third-party and supply chain access risks are reduced or better controlled
Remediation roadmap is agreed and funded where required Assumptions & Dependencies
Access to relevant documentation and SMEs will be provided
Business stakeholders will be available for workshops
Existing security standards and frameworks are documented
Required tooling and collaboration platforms are available Confidentiality & Data Protection The consultants will comply with all applicable data protection, confidentiality, and information security policies. Any sensitive information reviewed during M&A or third-party assessments will be handled in accordance with corporate and regulatory requirements. All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description. Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.