Summary: The role of Senior Cyber Security Auditor involves leading high-quality security audits and assessments within a Security Practice in Bristol, focusing on Cyber Assessment Framework compliance. The position requires engagement with both public and private sector clients, identifying opportunities, and supporting presales activities. Candidates must possess UK SC Clearance and have experience with secure projects, particularly with MoD or Government clients. The role emphasizes the ability to communicate findings effectively and provide actionable recommendations to stakeholders.
Key Responsibilities:
- Conduct comprehensive cyber security audits aligned to NCSC CAF and other recognised frameworks.
- Assess organisational security posture across the full system lifecycle, ensuring compliance and identifying areas for improvement.
- Produce clear, actionable audit reports and recommendations for technical and non-technical stakeholders.
- Facilitate workshops and assurance reviews with business leaders and diverse project teams.
- Act as a trusted advisor, supporting clients in developing and maintaining secure systems and managing complex security risks.
Key Skills:
- Ability to lead audits, engage stakeholders, and communicate findings effectively.
- Proven expertise in Cyber Security Auditing, with strong knowledge of NCSC Cyber Assessment Framework (CAF).
- ISO 27000 series, NIST Cyber Security & Risk Management Frameworks.
- Familiarity with MOD security frameworks (e.g., JSP 453, JSP 440, JSP 902, DEFCON 659A).
- Technical understanding of Defensive Cyber principles, Enterprise Architecture, Secure Systems, Network & Cloud Security, System Hardening, Cryptographic Controls, Protective Monitoring, and Security Assurance.
- Essential CISSP, CISM, or another industry recognised cyber security certification.
- Desirable Membership of the Chartered Institute of Information Security (CIISec) at an appropriate level.
- Professional Registration via the UK Cyber Security Council for Audit and Assurance.
Salary (Rate): undetermined
City: Greater Bristol Area
Country: United Kingdom
Working Arrangements: undetermined
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Cyber Security Auditor
We are seeking an experienced Senior Cyber Security Auditor to join a high performing Security Practice in Bristol, specialising in Cyber Assessment Framework (CAF) compliance and assurance. You’ll work across multiple projects within both public and private sector organisations, taking the lead on day-to-day client engagement and delivering high-quality security audits and assessments. You will also be comfortable identifying new opportunities, supporting bids, and contributing to presales activities where required. Due to the secure nature of the projects UK SC Clearance is required, with experience working on secure projects with MoD or Government clients. As well as sole UK National status to work in this environment.
The role:
- Conduct comprehensive cyber security audits aligned to NCSC CAF and other recognised frameworks.
- Assess organisational security posture across the full system lifecycle, ensuring compliance and identifying areas for improvement.
- Produce clear, actionable audit reports and recommendations for technical and non-technical stakeholders.
- Facilitate workshops and assurance reviews with business leaders and diverse project teams.
- Act as a trusted advisor, supporting clients in developing and maintaining secure systems and managing complex security risks.
What you’ll bring:
- Ability to lead audits, engage stakeholders, and communicate findings effectively.
- Proven expertise in Cyber Security Auditing, with strong knowledge of: NCSC Cyber Assessment Framework (CAF).
- ISO 27000 series, NIST Cyber Security & Risk Management Frameworks.
- Legacy IA standards and NCSC guidance.
- Familiarity with MOD security frameworks (e.g., JSP 453, JSP 440, JSP 902, DEFCON 659A).
- Technical understanding of: Defensive Cyber principles.
- Enterprise Architecture and Secure Systems.
- Network & Cloud Security, System Hardening.
- Cryptographic Controls (PKI, Data at Rest/In Transit).
- Protective Monitoring and Security Assurance.
Qualifications:
- Essential CISSP, CISM, or another industry recognised cyber security certification.
- Desirable Membership of the Chartered Institute of Information Security (CIISec) at an appropriate level – highly desirable.
- Professional Registration via the UK Cyber Security Council for Audit and Assurance.
If you’re an expert in Cyber Security audit and compliance, and want to work as a true customer-facing security consultant, we’d love to hear from you.
