Security Design Consultant

HCLTech is a global technology company, spread across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. We re powered by our people a global, diverse, multi-generational talent - representing 161 nationalities whose unique spark, perspective and boundless passion drive our culture of proactive value creation and problem-solving.

Our purpose is to bring together the best of technology and our people to supercharge progress for everyone, everywhere our clients, partners, their stakeholders, communities, and the planet. As a company, we are deeply focused on accelerating our ESG agenda. We are also creating technology-enabled sustainable solutions with and for our clients and partners. We embed ESG imperatives into every aspect of our business and ensure that the progress we supercharge is responsible, inclusive and beneficial to all our stakeholders in the long term. We have committed to achieving net zero by 2040

To learn more about how we can supercharge progress for you, visit www.hcltech.com

Job Title- Senior Security Design Consultant

Location- Manchester or Leeds or Bristol

Hybrid - 2days work from office

Contract Duration- 6 Months

Key Responsibilities

We are seeking a Senior Security Design Consultant to provide expert cyber security consultancy, security design assurance and risk-based guidance across business and technology change. The role is responsible for assessing new and amended services, applications, cloud platforms and third-party solutions to ensure security risks are understood, controlled and aligned to organisational risk appetite, regulatory obligations and industry best practice.

Key Responsibilities

Core Responsibilities

• Lead security design reviews, threat modelling and risk assessments for applications, infrastructure, cloud services and third-party solutions.
• Define and recommend proportionate security controls, patterns and design guardrails aligned to business objectives and risk appetite.
• Provide consultancy on secure architecture for internet-facing services, internal platforms, data flows and integration patterns.
• Advise on identity and access management, privileged access, recertification and access control design.
• Work closely with engineering, architecture, product and delivery teams in Agile and DevOps environments to embed security by design.
• Support compliance with security and regulatory frameworks including ISO 27001, PCI DSS, OWASP and internal standards.
• Review security posture of vendors and outsourced services, providing due diligence and third-party risk assurance.
• Present security findings, risk opinions and design recommendations clearly to both technical and non-technical stakeholders, including senior leadership.

1. Required Experience and Skills

• Extensive experience in cyber security, security consulting, risk assessment or security architecture within regulated environments, ideally financial services.
• Strong knowledge of threat modelling methodologies, secure design principles, attack vectors and mitigating controls across network, application and cloud domains.
• Practical understanding of cloud security, secure application delivery, third-party risk management and access management practices.
• Experience applying recognised frameworks and standards such as ISO 27001, PCI DSS, OWASP, NIST and enterprise security control frameworks.
• Ability to translate complex technical risks into business language and provide clear, evidence-based recommendations.
• Exposure to contemporary architectures. E.g. RESTful APIs and containerised microservices
• Strong stakeholder management, written communication and presentation skills, with confidence engaging senior managers and control functions.

Qualifications and Certifications

Essential: Demonstrable experience in security design, cyber risk, security consulting or related cyber security disciplines.

Desirable: Professional certifications such as CISSP, CISM, CCSP, CEH, GIAC or equivalent.

Preferred background: Experience supporting cloud transformation, digital delivery, third-party assurance and regulated change programmes.

1. Desirable Attributes

• Commercially aware and able to balance risk reduction with pragmatic business delivery.
• Capable of working independently while influencing multidisciplinary teams and senior stakeholders.
• Understanding or awareness about banking systems
• Comfortable operating in fast-paced, high-pressure environments with changing priorities.
• Structured, detail-oriented and focused on producing high-quality, repeatable outcomes.

1. Success Measures

Success in this role will be measured by the quality and timeliness of security assessments, the effectiveness of recommended controls, stakeholder confidence in security advice, and the consultant’s ability to enable secure delivery without unnecessary friction to business change.