Cyber GRC – DV – Inside IR35

• Initial 6 months (High likelihood of extension)
• Clearance: DV
• Location: London
• Inside
• Type: 3 days on-site
• Rate: £675

Role Overview

Cyber Security Governance & Risk Management specialist, accountable for ensuring cyber security governance and risk management is embedded across the Service Group ensuring that cyber risks are identified, assessed, managed, and accepted in line with policy and risk appetite.

Responsibilities:

o Own and maintain visibility of cyber risks across the Service Group.
o Accept cyber risks within delegated authority or escalate risks exceeding tolerance to appropriate senior forums.
o Monitor compliance with agreed cyber security policies and standards.
o Ensure Secure by Design principles are applied consistently.
o Provide governance oversight of security architecture decisions.
o Ensure design approaches align with policy and risk appetite (without designing systems).
o Act as primary interface to formal assurance, audit, and external assessment activities.

Key Skills:

o Information risk assessment and risk management
o Applied security capability
o Protective security
o Threat understanding

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Head of Information Security (Contract)

Rate: £850 – £1,000 per day (Inside IR35 – total to umbrella)
Duration: 6 months
Location: London (2 days onsite per week)

Overview:

We’re supporting a major organisation undergoing a critical phase of security uplift and transformation who’re looking for an experienced Head of Information Security to take immediate ownership of their security function.

This is a hands-on leadership role suited to a contractor who can quickly assess the current landscape, stabilise risk and deliver a clear, actionable security roadmap. You’ll be expected to operate at both strategic and operational levels, engaging senior stakeholders while driving tangible security improvements at pace.

Key Responsibilities:

• Rapidly assess current security posture, risks and gaps across the organisation
• Define and implement a pragmatic, business aligned security roadmap
• Lead GRC, security operations and architecture oversight
• Drive improvements across identity & access management, cloud security and incident response
• Act as the senior escalation point for security incidents and risk decisions
• Engage with C-suite and board stakeholders, providing clear, commercially focused risk insight
• Support or lead audit and compliance activities (ISO 27001, NIST, GDPR)
• Stabilise and where needed, restructure internal teams and third-party suppliers

Skills & Experience:

• Proven experience operating as a Head of Security / Security Director / Interim CISO
• Strong track record delivering security transformation or uplift in contract roles
• Ability to hit the ground running in complex, ambiguous environments
• Deep understanding of security frameworks (ISO 27001, NIST, CIS)
• Experience across cloud environments (Azure/AWS), enterprise architecture and cyber operations
• Strong stakeholder management – comfortable challenging and influencing at exec level
• Background in regulated environments (Financial Services, Insurance, etc.) highly desirable

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Security Assurance Coordinator (SAC)

Salary: £70,000 – £80,000 (negotiable DOA)

Location: Hybrid (1-2 days per week in Corsham)

Essential: Live SC clearance

Role Overview

We are seeking experienced Security Assurance Coordinators to support the delivery of secure and compliant ICT capabilities across Defence Digital programmes. The successful candidates will play a key role in coordinating security assurance activities, delivering Secure by Design (SbD) guidance, and ensuring risks are identified, assessed, and effectively managed throughout programme delivery.

This role is suited to individuals with strong Defence security knowledge, experience operating in high-classification environments, and a solid understanding of Defence assurance frameworks and governance requirements.

Key Responsibilities

• Deliver and track Secure by Design (SbD) advice and security assurance artefacts across Defence Digital programmes in line with SoR Requirements 1-35
• Assess and mitigate risks associated with ICT capability changes in accordance with SoR Requirement 4
• Provide security assurance support for complex programmes, service transitions, and higher-classification environments in line with SoR Requirement 1
• Contribute to risk management activities, including RAID logs and programme risk registers
• Coordinate Security Improvement Plans and support the implementation of security controls
• Engage with programme teams, technical stakeholders, and governance functions to ensure security assurance activities are completed effectively
• Support compliance with Defence security standards, policies, and governance processes
• Assist in maintaining consistent assurance practices across multiple workstreams and programmes

Relevant Experience

• Minimum 5 years’ experience in security assurance, cyber security governance, or risk management roles
• Strong understanding of:
• JSP453
• JSP440
• DEFSTAN 05-138
• Experience working within Defence environments or programmes
• Demonstrable experience supporting security assurance activities within complex ICT or high-assurance environments

Minimum Qualifications

Candidates must hold at least one of the following qualifications:

• UKCSC Practitioner or Principal – Governance and Risk Management
• UKCSC Practitioner or Principal – Cyber Security Management
• CISSP
• CISM
• CRISC

Key Skills & Attributes

• Strong understanding of Defence security governance and assurance processes
• Experience managing security risks within complex programmes
• Ability to coordinate multiple assurance activities across stakeholders and delivery teams
• Excellent communication and stakeholder engagement skills
• Strong analytical and risk assessment capabilities
• Ability to work effectively within high-security and regulated environments

Benefits / Value Delivered

• High-quality security assurance aligned to Defence standards and governance requirements
• Reduced risk across complex and high-classification environments
• Improved visibility and management of security risks and assurance activities
• Enhanced coordination of security improvement initiatives and control implementation
• Increased confidence in programme security posture and compliance

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Security Architect

Salary: £90,000 – £100,000 DOE

Location: Hybrid – Corsham (1-2 days per week)

Essential: Live SC clearance

Role Overview

We are seeking an experienced Security Architect to support the delivery of secure, assured, and compliant architecture solutions within a Defence environment. The successful candidate will provide architectural governance, design assurance, and subject matter expertise to ensure that security is embedded throughout solution development and delivery in line with Defence standards and Secure by Design (SbD) principles.

This role requires a collaborative individual who can influence stakeholders across programmes and workstreams, contribute to governance activities, and help maintain consistency and quality across security architecture outputs.

Key Responsibilities

• Support the development, review, and approval of architecture documentation, including High-Level Designs (HLDs) and Low-Level Designs (LLDs)
• Provide feedback and guidance to projects, programmes, and formal Architecture Governance Boards in accordance with SoR Requirement 29
• Ensure consistent implementation of architecture processes aligned to Defence standards, approved architectural blueprints, and design patterns
• Provide subject matter expertise into solution design activities, ensuring alignment with Secure by Design (SbD) principles
• Collaborate closely with Workstream Leads, Security Assurance Coordinators (SACs), SbD Leads, and Risk Leads to maintain architectural coherence across programmes
• Contribute to architectural governance and design assurance activities to reduce delivery risk and improve security outcomes
• Support the adoption and application of defence security standards and architectural governance frameworks

Relevant Experience

• Minimum 5 years’ experience in Security Architecture or related security assurance roles
• Applied experience of defence security standards, design assurance, and architectural governance
• Experience working within Defence environments or programmes
• Demonstrable experience supporting secure solution design and governance processes

Minimum Qualifications

Candidates must hold either:

One of the following:

• UKCSC Principal – Secure System Architecture

Or two or more of the following:

• TOGAF
• MODAF
• CCSP
• SABSA Practitioner

Key Skills & Attributes

• Strong understanding of secure architecture principles and governance
• Knowledge of Secure by Design (SbD) methodologies
• Ability to influence stakeholders and provide clear architectural direction
• Strong communication and collaboration skills
• Experience working within regulated or high-assurance environments
• Ability to balance security requirements with operational and programme needs

Benefits / Value Delivered

• Improved quality and consistency of security architecture and Secure by Design outputs
• Strong alignment with Defence architecture governance and standards
• Reduced risk of rework through early-stage design assurance
• Enhanced confidence in security controls across all classifications
• Improved collaboration and architectural coherence across programmes and workstreams

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Sanderson are working with a consultative client who are looking to grow their Cyber Security function. The client is looking across all skills and expertise of Cyber Security and seeking enthusiastic and competent individuals to join their team.

The core responsibilities / skills of the role will include:

• Identify and deploy innovative security solutions to real world problems, across a variety of industries
• How to work with both clients and internal stakeholders, across a wide range of disciplines, providing expert input and influencing design of large and complex IT solutions
• How to apply a range of risk methodologies, advising both internal and external stakeholders on risk mitigations.
• How to work with a wide range of security technologies, including new and emerging technologies
• Design security architectures for a range of IT solutions, including large digital transformational programmes
• Provide advisory to wider complex transformation programmes that shape the future of the UK
• Advise clients on regulatory compliance
• Identify security vulnerabilities in system architectures
• Strong understanding of cybersecurity principles and risk management
• Experience applying security technologies to architectures and solution designs
• Understanding of IT infrastructure, technical concepts, and design methodologies
• Understand threat modelling and development of reference architecture
• Preferred hands-on experience in Network and/or Cloud security

This role will require you to be willing and eligible to undergo UK security clearance.

If you’re interested in the above, apply or reach out to [email protected]

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Sanderson are working with a consultative client who are looking to grow their Cyber Security function. The client is looking across all skills and expertise of Cyber Security and seeking enthusiastic and competent individuals to join their team.

The core responsibilities / skills of the role will include:

• Identify and deploy innovative security solutions to real world problems, across a variety of industries
• How to work with both clients and internal stakeholders, across a wide range of disciplines, providing expert input and influencing design of large and complex IT solutions
• How to apply a range of risk methodologies, advising both internal and external stakeholders on risk mitigations.
• How to work with a wide range of security technologies, including new and emerging technologies
• Design security architectures for a range of IT solutions, including large digital transformational programmes
• Provide advisory to wider complex transformation programmes that shape the future of the UK
• Advise clients on regulatory compliance
• Identify security vulnerabilities in system architectures
• Strong understanding of cybersecurity principles and risk management
• Experience applying security technologies to architectures and solution designs
• Understanding of IT infrastructure, technical concepts, and design methodologies
• Understand threat modelling and development of reference architecture
• Preferred hands-on experience in Network and/or Cloud security

This role will require you to be willing and eligible to undergo UK security clearance.

If you’re interested in the above, apply or reach out to [email protected]

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

GRC Security Analyst

Rate – £400 – £500 Inside IR35

Duration – 6 months

Location – London three times a week on site

We’re looking for a hands on GRC Security Analyst to support a growing security function within a fast paced and developing environment.

This is a great opportunity for someone early in their GRC career who wants to build strong foundational experience across risk, policy and third-party assurance.

The Role:

You’ll be supporting core GRC activities in a pragmatic, delivery-focused environment, helping to improve security maturity while keeping day to day operations moving.

Key responsibilities include:

• Supporting third-party risk and assurance activities
• Assisting with security policy reviews and updates
• Maintaining and updating risk registers and documentation
• Supporting audits and compliance activities
• Helping drive basic GRC processes and controls
• Carrying out tasks aligned with wider “Know Your System” (KYS) principles (understanding assets, processes and risks across the environment)

Environment:

• Currently a developing / low-maturity security environment
• Work is often reactive and fast-moving
• Strong need for someone who can roll up their sleeves and deliver
• You’ll play a key role in establishing and improving GRC basics

Experience with:

• Third-party risk / supplier assurance
• Policy management
• Risk and compliance processes
• Understanding of frameworks such as:
  • ISO 27001 / NIST / CIS (basic awareness is fine)
• Comfortable working in a delivery-focused, directive environment
• Someone practical, reliable and detail oriented

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Security Consultant

Location: London / Flexible Hybrid Working (3 days onsite per week)
Salary: £50,000 – £65,000 + Competitive Benefits Package & Signing on Bonus

Security Clearance Requirements

Please note that any offer of employment is subject to successful BPSS and SC security clearance checks. Applicants must be able to demonstrate a continuous 5-year UK address history at the point of application, typically with no periods of 30 consecutive days or more spent outside of the UK. Full British nationality is also required for this position.

About the Team

Join a collaborative and innovative team delivering complex security solutions across the UK public sector, healthcare, defence, and central government environments. You’ll work alongside experienced professionals on high-profile transformation programmes, using the latest technologies to help clients strengthen and modernise their security capabilities.

This is an opportunity to develop your expertise in a fast-paced environment that encourages continuous learning, diverse thinking, and career progression. With access to industry-leading training and a global network of specialists, you’ll gain exposure to cutting-edge technologies and large-scale projects that make a real impact.

What You’ll Learn

As part of the team, you will gain experience in:

• Designing and implementing innovative security solutions to address real-world business challenges across multiple industries.
• Collaborating with clients and multidisciplinary internal teams to influence the design of large-scale, complex IT solutions.
• Applying security and risk management methodologies to advise stakeholders on risk mitigation strategies.
• Working with a broad range of established and emerging security technologies.
• Partnering with industry experts and technology leaders on transformational programmes.

The Role

As a Security Consultant, you will:

• Design secure architectures for a variety of IT solutions, including large-scale digital transformation programmes.
• Provide security advisory services across complex programmes that support critical UK public sector initiatives.
• Advise clients on regulatory and compliance frameworks, including ISO 27001, NIST, GDPR, and PCI-DSS.
• Communicate secure design principles and risk mitigation strategies to both technical and non-technical stakeholders.
• Research and develop innovative approaches to solving complex security challenges.
• Identify vulnerabilities within solution architectures and communicate associated risks effectively.

Skills & Experience Required

We are looking for candidates with:

• A genuine passion for improving cybersecurity across the UK public sector.
• Strong knowledge of cybersecurity principles, governance, and risk management practices.
• Experience applying security technologies within enterprise architectures, including Privileged Access Management (PAM), Single Sign-On (SSO), Identity & Access Management (IDAM), network security, and encryption solutions.
• A solid understanding of IT infrastructure, technical architecture, and solution design methodologies.
• Knowledge of threat modelling and the development of secure reference architectures.
• The ability to learn quickly and adapt within fast-moving technical environments.
• Hands-on experience in network and/or cloud security (preferred).
• Industry certifications such as CISSP, SABSA, or equivalent (desirable).
• Current Government Security Clearance (SC/DV) or eligibility to obtain clearance (preferred).

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Security Consultant

Location: Manchester / Flexible Hybrid Working (3 days onsite per week)
Salary: £45,000 – £55,000 + Competitive Benefits Package & Signing on Bonus

Security Clearance Requirements

Please note that any offer of employment is subject to successful BPSS and SC security clearance checks. Applicants must be able to demonstrate a continuous 5-year UK address history at the point of application, typically with no periods of 30 consecutive days or more spent outside of the UK. Full British nationality is also required for this position.

About the Team

Join a collaborative and innovative team delivering complex security solutions across the UK public sector, healthcare, defence, and central government environments. You’ll work alongside experienced professionals on high-profile transformation programmes, using the latest technologies to help clients strengthen and modernise their security capabilities.

This is an opportunity to develop your expertise in a fast-paced environment that encourages continuous learning, diverse thinking, and career progression. With access to industry-leading training and a global network of specialists, you’ll gain exposure to cutting-edge technologies and large-scale projects that make a real impact.

What You’ll Learn

As part of the team, you will gain experience in:

• Designing and implementing innovative security solutions to address real-world business challenges across multiple industries.
• Collaborating with clients and multidisciplinary internal teams to influence the design of large-scale, complex IT solutions.
• Applying security and risk management methodologies to advise stakeholders on risk mitigation strategies.
• Working with a broad range of established and emerging security technologies.
• Partnering with industry experts and technology leaders on transformational programmes.

The Role

As a Security Consultant, you will:

• Design secure architectures for a variety of IT solutions, including large-scale digital transformation programmes.
• Provide security advisory services across complex programmes that support critical UK public sector initiatives.
• Advise clients on regulatory and compliance frameworks, including ISO 27001, NIST, GDPR, and PCI-DSS.
• Communicate secure design principles and risk mitigation strategies to both technical and non-technical stakeholders.
• Research and develop innovative approaches to solving complex security challenges.
• Identify vulnerabilities within solution architectures and communicate associated risks effectively.

Skills & Experience Required

We are looking for candidates with:

• A genuine passion for improving cybersecurity across the UK public sector.
• Strong knowledge of cybersecurity principles, governance, and risk management practices.
• Experience applying security technologies within enterprise architectures, including Privileged Access Management (PAM), Single Sign-On (SSO), Identity & Access Management (IDAM), network security, and encryption solutions.
• A solid understanding of IT infrastructure, technical architecture, and solution design methodologies.
• Knowledge of threat modelling and the development of secure reference architectures.
• The ability to learn quickly and adapt within fast-moving technical environments.
• Hands-on experience in network and/or cloud security (preferred).
• Industry certifications such as CISSP, SABSA, or equivalent (desirable).
• Current Government Security Clearance (SC/DV) or eligibility to obtain clearance (preferred).

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Security Consultant

Location: Cheltenham / Flexible Hybrid Working (3 days onsite per week)
Salary: £45,000 – £55,000 + Competitive Benefits Package & Signing Bonus

Security Clearance Requirements

Please note that any offer of employment is subject to successful BPSS and SC security clearance checks. Applicants must be able to demonstrate a continuous 5-year UK address history at the point of application, typically with no periods of 30 consecutive days or more spent outside of the UK. Full British nationality is also required for this position.

About the Team

Join a collaborative and innovative team delivering complex security solutions across the UK public sector, healthcare, defence, and central government environments. You’ll work alongside experienced professionals on high-profile transformation programmes, using the latest technologies to help clients strengthen and modernise their security capabilities.

This is an opportunity to develop your expertise in a fast-paced environment that encourages continuous learning, diverse thinking, and career progression. With access to industry-leading training and a global network of specialists, you’ll gain exposure to cutting-edge technologies and large-scale projects that make a real impact.

What You’ll Learn

As part of the team, you will gain experience in:

• Designing and implementing innovative security solutions to address real-world business challenges across multiple industries.
• Collaborating with clients and multidisciplinary internal teams to influence the design of large-scale, complex IT solutions.
• Applying security and risk management methodologies to advise stakeholders on risk mitigation strategies.
• Working with a broad range of established and emerging security technologies.
• Partnering with industry experts and technology leaders on transformational programmes.

The Role

As a Security Consultant, you will:

• Design secure architectures for a variety of IT solutions, including large-scale digital transformation programmes.
• Provide security advisory services across complex programmes that support critical UK public sector initiatives.
• Advise clients on regulatory and compliance frameworks, including ISO 27001, NIST, GDPR, and PCI-DSS.
• Communicate secure design principles and risk mitigation strategies to both technical and non-technical stakeholders.
• Research and develop innovative approaches to solving complex security challenges.
• Identify vulnerabilities within solution architectures and communicate associated risks effectively.

Skills & Experience Required

We are looking for candidates with:

• A genuine passion for improving cybersecurity across the UK public sector.
• Strong knowledge of cybersecurity principles, governance, and risk management practices.
• Experience applying security technologies within enterprise architectures, including Privileged Access Management (PAM), Single Sign-On (SSO), Identity & Access Management (IDAM), network security, and encryption solutions.
• A solid understanding of IT infrastructure, technical architecture, and solution design methodologies.
• Knowledge of threat modelling and the development of secure reference architectures.
• The ability to learn quickly and adapt within fast-moving technical environments.
• Hands-on experience in network and/or cloud security (preferred).
• Industry certifications such as CISSP, SABSA, or equivalent (desirable).
• Current Government Security Clearance (SC/DV) or eligibility to obtain clearance (preferred).

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.