Director, Cyber security & Privacy Practice, Proactive Services
Ankura is a team of excellence founded on innovation and growth. This position supports the Data & Technology practice - one of six practices focused on client delivery services across the Firm. Our Global Team Of Over 100 Professionals Includes Former Federal Law Enforcement Personnel, In-house Security Experts, Big 4 Consultants, Federal Regulators, Threat Intel And Dark Web Experts, Etc. We Have Helped Clients And Partners For 10+ Years Across Industries And Geographies With The Following Services
- Incident Response, Intelligence, and Investigations.
- Technology, Privacy, and Cyber Risk Advisory.
- End Point & Managed Detection & Response.
- You will have the opportunity to get involved with both Proactive and Reactive work
- We can support and develop individuals who aspire to be an expert
- Opportunities for career development, an assigned career mentor, access to Ankura Academy, and opportunities to collaborate on projects with other Ankura practices
- Work with a collaborative environment, whereby our professionals have the freedom to innovate which promotes curiosity, learning and communication.
- Cyber Security Program & Strategy: Evaluate and enhance client cyber security programmes against recognised frameworks like NIST, ISO, DORA, and NIS2. Advise on security strategy for cloud and hybrid environments, acting as a vCISO to guide their cyber resilience and security posture. This is a core part of our advisory services.
- Risk Management & Remediation: Conduct comprehensive cyber risk assessments, including third-party risk management and cyber risk quantification. Develop and oversee remediation plans, from initial assessment to full delivery, ensuring a seamless consulting engagement.
- Policy & Incident Response: Develop and refine security policies, including Business Continuity Plans (BCPs) and incident response plans. Support the delivery of cyber security and crisis tabletop exercises to test client resilience.
- Mergers & Acquisitions (M&A): Conduct Cyber Due Diligence (DD) for pre-acquisition and post-acquisition reviews, specifically for private equity (PE) houses and other corporate clients.
- Project Leadership & Delivery: Lead and manage end-to-end client engagements. This includes project scoping, proposal development, and ensuring timely delivery of all project deliverables within a consulting framework.
- Technology & Expertise: Possess deep knowledge of security technologies and architectures, with an understanding of AI risk and the use of AI technologies in cyber security.
- Team Leadership: Supervise and mentor less experienced consultants and client personnel.
- Experience: Proven experience in a consulting or advisory role, with a strong background in leading cyber security projects and acting in a vCISO capacity. Experience with scoping projects, developing budgets, and crafting proposals for new business is essential.
- Technical Knowledge: In-depth understanding of security principles and network architectures. Ability to assess security controls across major cloud platforms (Azure, AWS, GCP, Office 365).
- Frameworks: Strong familiarity with NIST, ISO, PCI, DORA, NIS2, EU AI Act, NIST AI RMF and other relevant frameworks.
- Qualifications: Professional certifications such as CISSP, CISM, CISA, Prince2 or PMP are preferred.
- Skills: Strong analytical, communication (written and verbal), and organisational skills. Ability to work both independently and as part of a team in a high-paced consulting environment.
- Travel: Flexibility to travel outside the UK for work, which may involve a few weeks at a time on short notice.
- Good to have: Knowledge / experience of the incident management lifecycle, ethical hacking, DFIR, secure development practices and internal audit. Experience and exposure to AI technology challenges and opportunities.