Director, Cyber security & Privacy Practice, Proactive Services

Location: City Of London

Ankura is a team of excellence founded on innovation and growth.

This position supports the Data & Technology practice - one of six practices focused on client delivery services across the Firm.

Our global team of over 100 professionals includes former federal law enforcement personnel, in-house security experts, Big 4 consultants, federal regulators, threat intel and dark web experts, etc. We have helped clients and partners for 10+ years across industries and geographies with the following services:
* Incident Response, Intelligence, and Investigations.
* Technology, Privacy, and Cyber Risk Advisory.
* End Point & Managed Detection & Response.

The EMEA Cyber security & Privacy practice is growing and has ambitions to expand its capabilities from a strong base in incident response, intelligence and investigations into additional proactive security, AI security and managed detection & response services.
** Why Join Ankura
**** Role:
** The Director role is Manager level position. Ankura’s Cyber security and Privacy Practice is a full-service suite of cyber security and privacy solutions, regardless of industry or size.
** Responsibilities**
* ** Cyber Security Program & Strategy:
** Evaluate and enhance client cyber security programmes against recognised frameworks like NIST, ISO, DORA, and NIS
2. Advise on security strategy for cloud and hybrid environments, acting as a vCISO to guide their cyber resilience and security posture. This is a core part of our advisory services.
* ** Risk Management & Remediation:
** Conduct comprehensive cyber risk assessments, including third-party risk management and cyber risk quantification. Develop and oversee remediation plans, from initial assessment to full delivery, ensuring a seamless consulting engagement.
* ** Policy & Incident Response:
** Develop and refine security policies, including Business Continuity Plans (BCPs) and incident response plans. Support the delivery of cyber security and crisis tabletop exercises to test client resilience.
* ** Mergers & Acquisitions (M&A):
** Conduct Cyber Due Diligence (DD) for pre-acquisition and post-acquisition reviews, specifically for private equity (PE) houses and other corporate clients.
* ** Project Leadership & Delivery:
** Lead and manage end-to-end client engagements. This includes project scoping, proposal development, and ensuring timely delivery of all project deliverables within a consulting framework.
* ** Technology & Expertise:
** Possess deep knowledge of security technologies and architectures, with an understanding of AI risk and the use of AI technologies in cyber security.
* ** Team Leadership:
** Supervise and mentor less experienced consultants and client personnel.
** Requirements:**
* *
* Experience:

** Proven experience in a consulting or advisory role, with a strong background in leading cyber security projects and acting in a vCISO capacity.

Experience with scoping projects, developing budgets, and crafting proposals for new business is essential.
* ** Technical Knowledge:
** In-depth understanding of security principles and network architectures. Ability to assess security controls across major cloud platforms (Azure, AWS, GCP, Office 365).
* ** Frameworks:
** Strong familiarity with NIST, ISO, PCI, DORA, NIS2, EU AI Act, NIST AI RMF and other relevant frameworks.
* *
* Qualifications:

** Professional certifications such as CISSP, CISM, CISA, Prince2 or PMP are preferred.
* *
* Skills:

** Strong analytical, communication (written and verbal), and organisational skills. Ability to work both independently and as part of a team in a high-paced consulting environment.
* ** Travel:
** Flexibility to travel outside the UK for work, which may involve a few weeks at a time on short notice.
* ** Good to have:
** Knowledge / experience of the incident management lifecycle, ethical hacking, DFIR, secure development practices and internal audit. Experience and exposure to AI technology challenges and opportunities.

Ankura is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity,…