Security Risk Specialist

Security Risk Specialist - 6-Month Contract - Inside IR35 - Hybrid London (2-3 Days Onsite) A leading technology-driven organisation is seeking an experienced Security Risk Specialist to support the ongoing development and operation of its security risk function. This role sits within a growing security team and will focus on strengthening how the business identifies, evaluates, and manages security-related risks across a modern, cloud-centric environment. Working closely with the Head of Security Risk & Assurance, you will play an integral part in shaping risk methodology, enhancing processes, and advising stakeholders across engineering, product, operations, and wider business units. This is a hands-on contract suitable for someone who enjoys driving practical improvements and embedding risk management into day-to-day operations. Key Responsibilities You will: • Contribute to the operation, enhancement, and governance of the security risk management framework, ensuring alignment with business goals, regulatory needs, and recognised industry practices. • Conduct detailed security risk assessments and support the creation of appropriate risk responses, mitigation plans, and treatment recommendations. • Review, refine, and optimise existing risk processes-highlighting inefficiencies, identifying gaps, and advising on improvements, including automation and tooling opportunities. • Collaborate with engineering, technology, and non-technical teams to embed risk-aware thinking into projects, initiatives, and operational decision-making. • Develop and improve risk dashboards, reporting packs, and metrics to increase visibility and support stakeholder decision processes. • Contribute to the creation and evolution of security awareness materials and internal training related to risk management. Required Experience You will have: • Hands-on experience in security risk management within a dynamic, high-growth, or highly regulated environment. • A background designing, maintaining, or enhancing governance processes and procedures, ideally related to security or technology risk. • Strong experience performing risk assessments across cloud environments and modern technology stacks. • Good understanding of how agile, product-led, and engineering-focused organisations operate. • Experience producing and interpreting security metrics, plus building reporting that supports risk-based decision-making. • Confidence engaging stakeholders of varying technical levels, from engineers to senior non-technical leaders. • Familiarity with frameworks and standards such as ISO 27001, NIST CSF, NIST 800-53, SOC 2, PCI DSS, etc. • Practical experience applying Large Language Models (LLMs) in security workflows, including: • Speeding up risk analysis and documentation • Supporting control assessments and evidence evaluation • Drafting and refining policies, standards, and procedures • Improving reporting, insights, and communication • Ability to identify where automation, AI, or LLM-based tooling can improve consistency and operational efficiency. Nice to Have • A blend of consultancy and in-house experience within security, assurance, or risk management. • Exposure to enterprise GRC / integrated risk management platforms. • Relevant certifications such as CISM, CRISC, CISSP, CISA, or similar.