Security Risk Principle

Security Risk Principal £110,000–£120,000 + Bonus Hybrid | London (2–3 days per week)

We’re partnered with one of the UK’s most recognisable brands, seeking a Security Risk Principal to play a pivotal role in shaping and safeguarding their global cyber‑risk posture. This is a senior, high‑visibility position where you’ll define risk strategy, ope rationalise a new cybersecurity risk assessment framework, and influence decision‑making across business and technology functions.

As Security Risk Principal, you’ll act as the organisation’s authority on cyber risk — blending technical understanding with strategic oversight. You’ll work closely with engineering, architecture, BISOs, and senior stakeholders to translate threat intelligence into actionable, business‑aligned risk decisions. Expect to lead risk assessments, guide tooling strategy, mentor specialists, and present clear, compelling risk insights to governance forums.

• Deep knowledge of cybersecurity risk management and strong grounding across governance domains.
• Experience implementing or leveraging frameworks such as NIST CSF, ISO 27001, or similar.
• Strong understanding of attacker tactics, techniques, and procedures (TTPs) and how they translate into business risk.
• Ability to break down complex problems, identify root causes, and communicate clearly to non‑technical stakeholders.
• 5+ years’ experience in cybersecurity risk roles, ideally across multiple sectors (Retail, Financial Services, etc.).

• Hands‑on technical background (e.g., security engineering, architecture, infrastructure).
• Familiarity with FAIR, risk quantification, and modern risk methodologies.
• Understanding of technologies such as Active Directory, Entra , Azure, and ability to interpret high‑level designs.
• Relevant certifications (CISSP, CISM, CRISC, COBIT, ITIL, etc.).

• £110,000–£120,000 + Bonus
• Hybrid working (London HQ)
• Group bonus scheme
• 33 days holiday (Inc Bank Holiday)
• Excellent pension scheme