Cyber Security Assurance – DV Cleared – Hybrid

• Location: London
• Pattern: Hybrid, 60% on-site
• IR Status: Inside
• Rate: £650 – £750
• Clearance: Must have active DV (any)
• Length: Initial 6 months, scope for extension

Multiple new contract opportunities have opened up with an organisation operating in the UK Public Sector, providing security assurance to on-going large scale technical projects across Cloud Computing and Broader IT Infrastructure technologies.

Essential

• Risk Assessment Methodologies: In-depth knowledge of identifying, evaluating, and prioritising security based upon best practice · Knowledge of Security Frameworks & Compliance: Proficiency in applying standardised control frameworks
• Critical Thinking & Problem Solving: Proven ability to navigate complex, unique scenarios, strong analytical and critical thinking skills supporting the ability to find feasible solutions.
• Communication & Presentation: The ability to distil complex technical information into meaningful, non-technical advice for stakeholders and executive leadership
• Stakeholder management, engagement and collaboration: The ability to engage positively, effectively and collaborate with stakeholders from various departments and grades.

Desirable

• Knowledge of Security Frameworks & Compliance: Proficiency in understanding and applying GDPR, ISO 27001, GovAssure and NCSC’s Cyber Assessment Framework.
• Network and System Security: Foundational understanding of network architecture, security protocols, firewalls, intrusion detection systems, and operating systems (Windows, Linux).

If you’re interested in learning more, apply or reach out to [email protected]

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Business Continuity, Operational Resilience, Incident & Crisis Management Consultant
Outside of IR35.
Hybrid working – 3 days per week

Our client, a leading financial services organisation based in the City of London is looking to hire an experience Business Continuity Consultant.

The outcome of the assignment will lead the organisation’s readiness programme in preparation for the PRA DyGIST exercise in May 26.

The successful candidate will provide leadership, coordination, and delivery oversight for our clients Business Continuity, Incident and Crisis Management framework to deliver a validated and operationally ready Business Continuity and Crisis Management framework.

This assignment has been deemed outside of IR35.
Hybrid working – 3 days per week.

General responsibilities and deliverables: –

Lead & coordinate Business Continuity, Incident and Crisis Management activities and acting as the central point of accountability for resilience.

• Partner and oversee the appointed consultancy, ensuring that deliverables meet regulatory, operational, and governance expectations.
• Deliver hands-on remediation and delivery of improvements to business continuity, incident response, and crisis management plans.
• Ensure alignment across all functions including Underwriting, Claims, Finance, Risk/Assurance, Operations and IT.
• Communicate and coordinate with stakeholders to ensure identified capability gaps are addressed promptly and progress is tracked through to a successful completion.
• Lead readiness activities for the PRA’s DyGIST exercise, including rehearsals/simulations etc.
• Provide Executive and Board-level briefings to present progress updates, risk summaries etc.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Sanderson are currently working with a client who are looking to develop their cyber software engineering capability, developing novel solutions of a mission critical nature. The role will include tackling hard problems across multiple platforms like Linux, Windows and Android with environments ranging from small IoT devices through to the Cloud.

The key requirements

You will likely have experience in the below areas:

• Software analysis, reverse engineering and vulnerability research of compiled or interpreted code that could be disguised or defensively structured
• Operating systems and/or firmware internals, security architectures and hardware generalisation.
• Engineering software from design to delivery in modern IDEs and languages
• Creating tested and testable code. Integrating with automated verification systems, CI and CD pipelines.

You will have likely used some of the below technologies:

• Ghidra or IDA Pro for reverse engineering.
• C, C++, Java or C# for solution creation.
• Python, Bash, Powershell or Groovy for prototyping and tool-making.

Experience in supporting areas is also beneficial, which could include:

• AI and ML models and their usage.
• Cloud technologies
• Virtualisation, emulation and containerisation.

This role will require eligibility to be clearable to DV Clearance

If you’re interested in the above, apply or reach out to [email protected]

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Role: Security & Information Risk Advisor (SIRA)

Location: London (hybrid)

Rate: £500-550 p/d

Duration: Initial 6 month work package

Start: January 2026

Active SC clearance is required.

We’re looking for an experienced Security & Information Risk Advisor to support secure, high‑impact programmes within a sensitive UK environment. You’ll help identify, assess, and manage information and cyber risks, ensuring systems and services remain secure, compliant, and resilient.

Key Responsibilities

• Assess and advise on information and cyber security risks
• Support accreditation and assurance activities
• Embed secure‑by‑design principles across digital services
• Ensure compliance with government security standards
• Work with technical and operational teams to manage risk throughout the lifecycle
• Review supplier and third‑party security controls

What You’ll Bring

• Experience in information security, risk management, or assurance
• Strong understanding of NCSC guidance, ISO 27001, and government security classifications
• Ability to communicate risk clearly to technical and non‑technical audiences

If you’re ready to apply your security expertise in a high‑trust, high‑impact environment, we’d love to hear from you. For more details, reach out to: [email protected]

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

The Role

As part of the Consulting team, you will support both new and existing clients to design, assess, and implement effective cyber security risk management solutions tailored to their needs. Working closely with client stakeholders, you will complement in-house Information and Cyber Security teams by providing expert guidance across information security, solution architecture, and business risk.

You will operate within a Secure by Design framework, taking responsibility for activities such as:

• Leading and advising on risk management frameworks and Information Security Management Systems (ISMS)
• Supporting Enterprise Security Risk Management
• Identifying architectural and security risks
• Monitoring emerging vulnerabilities and best practice, particularly in cloud environments
• Delivering security assurance coordination activities
• Providing pragmatic security and information risk advice

You will play a key role in helping clients make proportionate, risk-based decisions, protect critical assets, and evolve their security architecture across complex technology environments.

The Impact You’ll Make

In this role, you will:

• Provide Secure by Design risk and security assurance services
• Apply strong knowledge of risk management frameworks
• Collaborate with multi-disciplinary teams to ensure solutions align with business risk appetite
• Produce clear, concise reports detailing vulnerabilities, risks, controls, and treatment plans
• Facilitate security and risk workshops with Authority stakeholders
• Deliver practical, business-aligned remediation and risk management advice
• Support security risk assessment within agile delivery environments
• Demonstrate strong teamwork, communication, and stakeholder engagement skills
• Apply broad knowledge of cyber security across public and private sectors
• Understand modern IT and security technologies

Core Expertise

• Security Assurance Coordinator or Delivery Team Security Lead experience
• MOD and government standards
• Secure system design
• MOD/GDS Secure by Design principles
• Supplier assurance and supply-chain risk
• Security legislation
• Security frameworks: ISO 27001, NIST CSF, CIS Controls v8
• HMG, NPSA, and NCSC policies and guidance
• Secure by Design within the SDLC
• Threat modelling techniques
• HLD/LLD review and assurance

Technical Knowledge

• Cloud security
• Network and infrastructure security
• AI security and governance
• ITHC scoping and remediation
• Cryptography, PKI, Zero Trust, PAM, RBAC, Cross Domain Solutions
• Cloud security posture management and endpoint security tooling

Qualifications & Certifications

• Achieved or working toward Full Membership of CIISEC
• UK Cyber Security Council registration

This role will require you to be willing and eligible to undergo a high level of UK security clearance

If you’re interested in the above, apply or reach out to [email protected]

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Sanderson are working with a Cyber Security service provider as they look to build out their Cyber function. This role will encompass building out a secure cyber architecture piece working within public sector.

The Impact You’ll Make

As a Security Architect, you’ll play a critical role in shaping secure, resilient digital services from concept through to retirement. You’ll provide expert security design guidance across projects, ensuring solutions meet security standards while enabling innovation and cloud-first delivery.

In this role, you will:

• Provide secure design advice from Discovery phase through delivery, operation, and disposal.
• Ensure solution and product designs align with security standards, blueprints, and architectural patterns.
• Champion Secure by Design and architectural best practices to reduce information risk.
• Validate the design, implementation, and effectiveness of security controls.
• Deliver security architecture supporting large, data-driven services across private and public cloud environments.
• Design and scope IT Health Checks (ITHCs) to identify key security risks.
• Review ITHC outcomes, providing clear guidance and actionable remediation plans.
• Identify and assess security risks in proposed architectures, recommending mitigations and alternative solutions.
• Perform threat modelling, risk assessment, and security analysis for systems, applications, and infrastructure.
• Design proportionate security controls aligned to risk appetite, leveraging native cloud capabilities.
• Produce high-quality security architecture artefacts, including standards, patterns, and blueprints.

What You’ll Bring

You’re an experienced security professional with a strong architectural mindset and a passion for building secure, scalable systems.

You’ll bring:

• Proven experience in cybersecurity, security architecture, risk management, or related disciplines.
• Experience level: 5+ years in a Security Architect or senior technical security role.
• Strong working knowledge of:
  • Security-related legislation and regulatory requirements
  • Security control frameworks
  • HMG and NCSC policies, standards, and guidance
  • Cloud security, including AWS services
  • Event-driven, microservices-based architectures using native cloud technologies
• Certifications: One or more ofSABSA,TOGAF, AWS/Azure Solutions Architect,CISSP,CISM, or similar.
  • Achieved or working towards Full Membership of CIISEC and UK Cyber Security Council registration
• Technical expertise across cloud security posture management, cloud-native security tools and endpoint security.
• Strong foundations in PKI, cryptography, privileged access management, and role-based access control.
• A problem-solving mindset with the ability to design pragmatic, innovative security solutions.

This role will require you to be willing and eligible to undergo a high level of UK security clearance

If you’re interested in the above, apply or reach out to [email protected]

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

IT Risk and Controls Analyst, Access, Governance, Assurance, Access Controls, Hybrid

Our client, an industry leading Europe wide business, is looking to hire a security/risk analyst to assist in the maintenance governance, risk and assurance of frameworks, policies and procedures.

Coming from an IT and risk/security background, the successful candidate will leverage their technical knowledge and relevant experience to make a significant impact on a large-scale access and controls project.

The role requires a combination of information gathering and somebody that is willing to work proactively and under one’s own initiative to take the project forward (a doer!)

Excellent people skills and willingness to engage with heads of departments is essential.

Hybrid working – 2 days per week in the office.
Engagement via Umbrella Company Only; all taxes & NI deducted at source.

General responsibilities:

• Support preparation of dashboards for MI and governance meetings.
• Coordinate governance activities across the business.
• Risk identification through the Information Risk Management process.
• Track & maintaining risk registers and key risk indicators (KRIs)/issue logs.
• Assist the preparation of materials for risk workshops.
• Perform control testing.
• Evaluate design and operational effectiveness of internal controls.
• Conduct walkthroughs and gathering evidence to support control testing.

Skills & experience required:

• Strong problem-solving and analytical skills.
• Knowledge and experience with GRC tools
• Ability to meet tight deadlines.
• [desirable] experience with risk assessment methodologies and compliance frameworks e.g. COBIT.
• [desirable] CISA, CISM, CRISC quals.
• Relevant experience in Audit, Infosec, GRC, risk or similar.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

IT Risk and Controls Analyst, Access, Governance, Assurance, Access Controls, Hybrid

Our client, an industry leading Europe wide business, is looking to hire a security/risk analyst to assist in the maintenance governance, risk and assurance of frameworks, policies and procedures.

Coming from an IT and risk/security background, the successful candidate will leverage their technical knowledge and relevant experience to make a significant impact on a large-scale access and controls project.

The role requires a combination of information gathering and somebody that is willing to work proactively and under one’s own initiative to take the project forward (a doer!)

Excellent people skills and willingness to engage with heads of departments is essential.

General responsibilities:

• Support preparation of dashboards for MI and governance meetings.
• Coordinate governance activities across the business.
• Risk identification through the Information Risk Management process.
• Track & maintaining risk registers and key risk indicators (KRIs)/issue logs.
• Assist the preparation of materials for risk workshops.
• Perform control testing.
• Evaluate design and operational effectiveness of internal controls.
• Conduct walkthroughs and gathering evidence to support control testing.

Skills & experience required:

• Strong problem-solving and analytical skills.
• Knowledge and experience with GRC tools
• Ability to meet tight deadlines.
• [desirable] experience with risk assessment methodologies and compliance frameworks e.g. COBIT.
• [desirable] CISA, CISM, CRISC quals.
• Relevant experience in Audit, Infosec, GRC, risk or similar.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Sanderson are working with an exciting SME in their search for an IT / Cyber Security Analyst. The role will focus on adopting the application of new methodologies to protect the company from a range of cyber and security threats.

Key Responsibilities

• Monitor and analyse security events and alerts.
• Perform initial triage, investigation, and classification of potential security incidents
• Monitor security alerts.
• Generate reports on key metrics, processes, and the performance of different workflows.
• Escalate incidents to the appropriate teams
• Respond to cybersecurity incidents by adhering to standard operating procedures
• Conduct root cause analysis and document findings and lessons learned from security incidents
• Keep incident logs, reports, and tickets updated within incident tracking systems.
• Assist in threat intelligence gathering and analysis to enhance detection capabilities.
• Participate in vulnerability management activities.
• Stay updated with emerging cyber threats, attack techniques, and security trends.

This role will require you to be willing and eligible to undergo a high level of UK security clearance

If you’re interested in the above, apply or reach out to [email protected]

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Device Vulnerability, Governance & Lead
Hybrid working – 3 days on site
£500 – £750 per day (umbrella engagement)

Our client, a market leading national business, is looking to hire a contractor to consult Device Management and Security Vulnerability.

The is based on predominantly Microsoft Windows EUC technologies to assess vulnerability risk and application dependencies.

Working in a governance role, the successful candidate will address vulnerabilities on endpoints, especially those caused by applications not owned by a specific dept, team or individual. Also, the need to engage with third parties where applications owned by external companies are a potential risk.

A understanding of the detail of vulnerability remediation is also required e.g. Patching, Intune endpoint management.

Part of the project will be to analyse vulnerability data to identify root causes and develop solutions.

Knowledge and experience of security management tools highly beneficial e.g. Qualys, Defender.

Engagement via Umbrella Company Only; all taxes & NI deducted at source.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.