IT Risk Advisor

An IT Risk Assessment advisor that specialises in Technical Security Architecture 'by design' to provide technical security oversight and architectural assurance across both delivery projects and business as usual (BAU) operations.

The role sits at the heart of the company's technology governance, ensuring secure design decisions, controlled change, and proportionate risk treatment across cloud, on premises, and hybrid environments.

You will work closely with architects, engineers, delivery teams, and operations to keep security embedded without slowing the business.

Security architecture governance and interface with enterprise architecture:

Define and maintain security architecture patterns, reference designs, and secure configuration baselines (cloud and on-prem) Drive awareness of secure-by-design practices across engineering teams. Attend and contribute to the Architecture Review Board (ARB) Maintain and evolve security architecture patterns and standards (e.g. IAM, network segmentation, cloud security baselines) Review and assess high risk security architecture exceptions, ensuring risks are clearly understood and appropriately managed

Provide technical and specialised 'Secure by design' and security architecture project advisory:

Provide hands-on security architecture advice to delivery teams to ensure secure patterns, reference architectures, and hardening baselines are applied. Perform threat-informed design reviews and ensure appropriate control selection Enable early engagement to reduce downstream risk and rework

Change and Operational security oversight (BAU):

Attend Change Advisory Boards (CABs) to provide security approval and challenge Review and approve high risk firewall rule changes Review high risk configuration changes across Azure and on prem environments. Perform targeted reviews of high-risk configurations (e.g. firewall, network, cloud, infrastructure). Identify misconfigurations and exposure risks against defined baselines Risk prioritise high risk and zero-day vulnerabilities, working with technology and operations teams on remediation approach and urgency Provide pragmatic security input to IT Teams and Infrastructure Suppliers - aligned to operational and availability requirements Provide BAU IT teams clear, actionable recommendations to reduce attack surface and improve resilience

Strong background in technical security architecture within complex enterprise environments Experience across cloud (Azure) and on prem infrastructure Comfortable operating in governance forums while remaining technically credible Confident challenging design and change decisions constructively Able to translate technical security risk into clear business impact

Advantageous: Bachelor's in CS, InfoSec, or equivalent experience Certifications: GICSP, CISSP, or equivalent qualification Experience working as a security architect Understanding of regulatory frameworks e.g. NIS2, Cyber Resilience Act

Orion Group was founded in 1987 and is now one of the largest, independent, international recruitment companies. We have a network of 200 employees working from 24 offices, delivering a range of services - Talent Acquisition, Recruitment Outsourcing Services, Retained Search, Global Workforce Solutions, Completions & Commissioning and Materials Management - across 68 countries. As a global leader in workforce solutions, we recruit personnel across the Engineering & Technical, Office & Commercial, Scientific and Skilled Trades disciplines, for sectors including Oil & Gas, Life Science, Power & Utilities, Constructions & Infrastructure, Manufacturing and Renewables