Principal Consultant - Security Auditor

Leonardo
Bristol
1 year ago
Applications closed

Related Jobs

View all jobs

Senior or Principal Security Consultant (Risk Management)

Principal Cyber Security Consultant

Principal Security Architect

Senior Information Security Consultant

Junior Controls Software Engineer

Team Manager - Social Care Qualified - Children's Services

Job Description:

We have an exciting opportunity for a Principal Cyber Security Consultant - Auditor, to join Leonardo Cyber & Security Solutions Division.

This is a highly rewarding role with exposure across both traditional and cutting-edge enterprise IT as well as bespoke Operational Technology systems with a clear and defined pathway to achieve chartership, NCSC certification and greater responsibility. Your work at Leonardo will see you inspire and lead in solving customer problems in an agile, innovative and team centric manner. We are after creative, passionate, technically savvy and personable people to help grow our practice and solve some of the most challenging, exciting and critical security challenges to the UK’s digital landscape.

For this role, you will be working on one of our most high-profile programmes, conducting security assessments against well-known frameworks and helping a key customer to transform the way that they understand and improve their security maturity.

The role is based at our offices in Bristol or Luton (hybrid working) and travel will be required to other UK company and client locations.

Relate - Our customers and their problems are at the heart of what we do. As a Consultant and Auditor you will help to actively listen and empathise with our customers to build intimacy. Understand – We add value by solving problems, as a Consultant and Auditor you will help define potential solutions to these problems with only limited information based on your experience and technical knowledge. Assure – Giving our customers confidence that security is where it needs to be is a key requirement across heavily regulated industries. As a Consultant and Auditor you will assist in defining, implementing and performing assessments of our customer’s environment against a given set of criteria spanning people, process and technology. You will develop requirements and recommendations that the customer should enact to correct any observations made. Assess – At Leonardo we adopt a risk-based approach to any security problem. As a Consultant and Auditor you will need to identify, measure and analyse the risks attracted by a given digital system and its information assets through the completion of risk assessments. You will also assist in defining appropriate and proportionate security solutions to those risks, spanning people, process and technology. Develop – All our offerings are based on a core set of products. As a Consultant and Auditor you will assist in building a viable offering as part of the Leonardo business winning process for a customer as well as help in the technical development of our products to be used across our customer sectors. At least one of the following qualifications: CCP IA/Auditor Senior, CISM, CRISC, CISA, ISO27K Lead Auditor or Lead Implementer Demonstrable experience in Cyber Risk Management or Auditing in a Defence and/or public sector context. Experience of directly managing project delivery and associated metrics such as time, cost and quality. Experience of and ability to manage multiple stakeholders and their needs with empathy, finding an appropriate balance of listening and speaking. UK SC Clearance or the ability obtain it as well as other more in-depth security clearances. An Expert understanding of security maturity & detailed knowledge of a security maturity framework such as NIST CSF and its Implementation Tiers, C2M2 and NCSC CAF. An understanding of other security frameworks such as ISO27001, CIS and/or SOC2 would also be beneficial. Extensive experience in measuring compliancy of an organisation or digital system against a given set of security criteria. An Expert understanding of security compliance & detailed knowledge of a control framework such as NIST SP800-53 and ISO270002, IEC62443. Be certified by a well-known standards body in the provision of audits such as ISACA. Extensive experience in the development and mentoring of junior team members. An ambitious and creative drive to help safeguard UK national infrastructure and become a recognised cyber expert. Evaluating internal security systems, controls and policies. Ensuring compliance with application laws and regulations. Ability to write technical reports that analyse and interpret audit results. Leading and facilitating Audit Workshops to clients prepare for audit. A good understanding of TCP/IP based networking concepts across the OSI model layer as well as the common protocols in use and their risks.

Security Clearance

:

Life at Leonardo

With a company funded benefits package, a commitment to learning and development, and a flexible approach to working hours focused on the needs of both our employees and customers, a career with Leonardo has never offered as many opportunities or been more accessible to as many people.

Flexible Working:Flexible hours with hybrid working options. For part time opportunities, please talk to us

Company funded flexible benefits:Access to private healthcare, dental schemes, Workplace ISA, Go Green Car Scheme, technology and lifestyle options (£500 annual allowance)

Holidays:25 days plus bank holidays, option to buy/sell leave and to accrue up to 12 additional flexi leave days per year

Pension:Award winning pension scheme (up to 10% employer contribution)

Wellbeing: Employee Assistance Programme with access to free mental health support, financial wellbeing support and network groups to demonstrate our ongoing commitment to diversity & inclusion (Enable, Pride, Equalise, Reservists, Carers)

Lifestyle:Discounted Gym membership, Cycle to work scheme

Training:Free access to more than 4000 online courses via Coursera

Referral Incentive:You can earn a reward for successfully referring a friend or family member

Bonus:Scheme in place for all employees at management level and below

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Negotiating Your Cybersecurity Job Offer: Equity, Bonuses & Perks Explained

How to Secure Compensation That Reflects Your Value in the UK’s High-Stakes Cybersecurity Sector Introduction As cyber threats grow more sophisticated and frequent, cybersecurity professionals have never been more in demand. From thwarting ransomware attacks to architecting secure cloud infrastructures, mid‑senior cybersecurity experts play a critical role in safeguarding a company’s data and reputation. Thanks to this growing reliance on cybersecurity, employers in the UK are going above and beyond simple salary offers to attract the top echelon of talent. Although base salary remains a key component of any job offer, the broader package—encompassing equity, bonuses, and perks—can often surpass what you’d gain from a small bump in monthly pay. For cybersecurity specialists working in areas such as threat intelligence, incident response, penetration testing, or compliance, the complexity and risk mitigation you bring to the table is massive. Knowing how to negotiate the entire package ensures you are duly rewarded for keeping an organisation’s data, assets, and operations safe. In this guide, we’ll delve into every aspect of negotiating a cybersecurity job offer. Whether you’re pivoting to a mid‑senior role or cementing your expertise at an established security consultancy, understanding the full range of compensation elements will help you secure an offer that acknowledges the criticality of what you do. Let’s explore equity options, performance bonuses, and the perks that matter most, so you can come out of your next job negotiation confident that you’re getting more than just a salary.

Jobs

Cyber Security Jobs in the Public Sector: Protecting the UK’s Digital Future

Cyber threats have grown exponentially in recent years, targeting both private businesses and government institutions. As technology becomes ever more embedded in daily life—managing everything from national security to healthcare records—the risk of cyber attacks also increases. In the UK public sector, where vital services and sensitive citizen data are at stake, cyber security has become a top priority. For professionals looking for a meaningful career at the intersection of technology, national security, and public service, cyber security jobs in the UK public sector present an exciting and fulfilling path. In this blog post, we’ll delve into why cyber security is so critical to government agencies, the most in-demand roles, the skills and qualifications required, and how to navigate the application process. By the end, you’ll have a clearer sense of how you can leverage your technical expertise to protect the nation’s digital infrastructure.

Jobs

Contract vs Permanent Cybersecurity Jobs: Which Pays Better in 2025?

Cybersecurity has become one of the fastest-growing and most crucial fields in modern business. With high-profile breaches dominating headlines and the ongoing digital transformation exposing organisations to new threats, companies across the UK are competing to attract skilled cybersecurity professionals. Roles range from penetration testers (pen testers) and SOC (Security Operations Centre) analysts to compliance officers, cloud security architects, threat intelligence analysts, and CISOs (Chief Information Security Officers). As demand continues to surge, cybersecurity salaries have climbed accordingly, and businesses have turned to more flexible hiring practices. Alongside permanent employment, many professionals explore short-term day‑rate contracting or fixed-term contracts (FTCs), searching for the ideal balance of pay, job security, and growth opportunities. Which arrangement truly pays better in 2025—and which best aligns with your ambitions? In this article, we dive into the contract vs. permanent debate with a focus on cybersecurity roles. We will examine the current market, the structure of day‑rate vs. FTC vs. permanent positions, the pros and cons of each, and some hypothetical pay comparisons. By the end, you should have a clearer sense of which career path might suit your situation and goals—whether you are a seasoned specialist aiming for top rates, or an up-and-coming analyst seeking a stable environment to develop in.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.