Cyber Security Consultant

We're currently looking for a new Consultant to join our Crisis and Security strategy consulting team: historically this team has focussed on physical security crisis and strategy, but we’re looking for someone with a cyber background to build out our ability to work with clients on digital threats.

It’s an important client facing role, delivering work every day for clients to improve their ability to manage information and digital risk across their environment and helping translate this to external stakeholders like insurers – this is particularly true for highly critical and interconnected industries. You’d be working with global organisations – from technology, to global manufacturing, to insurers, to NGOs – to help them understand how to become more resilient to changes in the digital and cyber security environment. Most of the time you’ll be asking what could go wrong, what threat actors are doing, and how organisations should best be setting up their cyber governance and risk management to prepare for compromise. Usually, we’re working with the CISO, CIO, or Chief Risk Officer/Head of Risk Management.

Some examples of recent and ongoing projects include:

  • Carrying out a strategic organisational cyber risk assessment for a major passenger airline in the Middle East, and the same for another airline in Asia;
  • Working with one of the world’s largest space companies to understand the potential impact of a breach or ransomware attack on orbit-based telecommunications;
  • Mapping out the supply chain resilience of a very well known consumer electronics manufacturer to try to assess how the organisation might respond to the loss of a manufacturing location as a result of a digital threat;
  • Working with NGOs on their digital and operational security, particularly in environments where state surveillance is sophisticated and widespread.
  • Engaging with major cyber risk insurers in the Lloyd’s of London market to analyse their requirements for coverage, and working with clients to ensure these are met.

We’re also very keen on the position working on non-cyber and non-digital projects where possible, as well as with our intelligence and investigations teams. We’re huge believers in the power of cross-functional teams, learning new skills, and broadening the consulting knowledge of our existing team members to provide our clients with true trusted advisors who can take a risk-led approach to helping them protecting their organisations from a range of threat actors – threat actors who will use a range of potential methods and tactics to achieve their aims across the digital and non-digital realms.

Who are we looking for?

We’re very open minded about who this position would suit – and so predominantly we’re looking for particular character traits and experiences rather than knowledge or expertise in a particular sector. Do you:

  • have a real passion for, and obsession with, cyber and how it’s evolving?
  • get on easily with people from a wide range of backgrounds?
  • become obsessed with identifying and fixing problems, and with researching detailed and appropriate potential ways of solving them?
  • find yourself reading extensively about areas of digital and cyber security that you're unfamiliar with?
  • find it interesting to ‘get under the hood’ of well known organisations and see how they actually work?
  • have an interest in how organisations respond to serious crises, such as cyber breaches, cyber extortion, ransomware, or campaigns targeting their online reputation?
  • have experience dealing with sometimes demanding (but rewarding) clients?
  • naturally take to using new technologies easily?
  • feel you'd want to be ready to work with clients when they need you, even if it's on the weekend or in the middle of the night?
  • consistently read and are interested in current events, particularly how the operating environment is changing for organisations as a result of cyber threats?
  • have the ability to continuously process, organise and analyse information to reach a conclusion as part of a consulting project?
  • feel comfortable managing and delivering a project, including reacting to client queries and concerns, from beginning to end?
  • want to work really closely with a tight-knit team?

If you think all of these apply to you, and you have experiences that can back that up, we can teach you the rest. Experience in a similar client-facing role would be desirable, whether in the public or private sector.

What kind of work would I be doing?

Like any job, it varies: we feel the work that we do is absolutely fascinating, and enables us to see parts of the world (and parts of organisations) that very few get to see. That being said, it’s not always possible to work on the most interesting projects all of the time: but you’ll definitely learn, a lot, consistently and build extremely close relationships with our clients and with the team. Your day to day would generally fall into a few different areas:

  • Meeting with clients for the first time, and using your curiosity and interest to understand their problem in detail.
  • Review problems that clients are facing (for example, assessing how resilient they are to a major ransomware attack) and identify ways of solving it.
  • Outlining your solution in a proposal for the client in a way which is easy to read, graphical and convincing.
  • Travelling to work with that client anywhere in the world – post-pandemic, we expect that travel will once again form a part of what we do, including for cyber and digital threats.
  • Working with individuals and teams within our clients, collecting information and intelligence which could help them achieve an objective.
  • Running workshops and desktop exercises to test organisations on how well they would respond to a cyber breach, and to assess what would break or fail.
  • Helping clients to explain and justify their risk to cyber insurers, including in the world famous Lloyd’s of London market.
  • Monitoring events and the methods and tactics of potential cyber attack vectors and keeping an eye on how they could affect your clients.
  • Help clients to deliver sometimes difficult messages about the level of their cyber and digital security readiness.
  • Get involved in intelligence and investigations projects to broaden your experience - including everything from collecting human source information, to conducting surveillance.
  • Occasionally, work with clients in the middle of crises alongside lawyers, insurers and cyber teams to provide a strategic view on what actions to take, considerations to think about, and generally advise on how to respond to the crisis.
  • Spending a lot of time with the rest of the team socialising, visiting clients, meeting new people, and building up a really good knowledge of the wider cyber risk ecosystem.

Currently, we’re working from our office in Bermondsey Street, London Bridge, around 3-4 days a week. We completely understand some people’s desire for full remote working, but in our line of work it’s not really workable – so this is definitely a position for someone that enjoys working with people on problems in the flesh. That having been said, people still work from home very regularly.

What's the package?

We’ve always felt that it’s really important to be totally transparent with our people about what we can offer. It’s also very important to us that our team are completely incentivised to do their best to help our clients, and feel comfortable that they have a future in a fast-growing, innovative firm where their personal growth is prioritised and they can have influence over what we do, the direction we’re going in, and the work we do for our clients. The successful candidate will:

  • Receive between £60,000 and £70,000 per annum depending on experience.
  • Benefit from full BUPA health insurance.
  • Regular access to a training budget for external professional development courses, as well as courses we run internally (like Crisis Management or language courses).
  • Be incentivised through a 10% commission on the gross profit of any consulting or technology engagements they win for themselves with new clients, with no cap - which is extremely unusual in our industry.
  • Flexible working and holiday arrangements (although we'd expect you to work usually in the London office, at least 2-3 days a week depending on projects).
  • Have the opportunity to have a real say on what we do and how we do it, including our direction and culture in a small but high growth firm.
  • Gain experience on software product ownership, design and development with our Cascade platform.
  • Get to travel to engage with our clients on cyber and digital threats, both as part of projects and on business development trips.
  • Cycle to Work scheme access.

What's the application process?

We tend to get in touch with particular individuals that fit the bill to take forward to a first round of interviews in an informal setting with our team, and then a remote assessment to test your analytical and report writing skills. From that point, we’ll then conduct a more formal face-to-face interview. Once that’s complete, we’ll check references with your permission.  

Every individual that gets to the final assessment phase will be automatically considered for future positions. The assessments will be designed to test your ability to absorb new information, scope out a problem, devise a solution and present it confidently and convincingly using writing, graphic design and any other skills you can muster to convince us of the merits of your chosen approach. We’ll also take time in the process for you to get to know our team, and you’ll also have the opportunity to spend time with individuals at a similar level to ask honest and open questions about what it’s like to work with us and about our culture.

How do I apply?

Please send your CV/resume to us at:
The deadline for these submissions will be:
August 31, 2022