Cyber Security Consultant – SC Cleared

Ref: BBBH66977_1780053506

Cyber Security Consultant

Whitehall Resources are currently looking for a Cyber Security Consultant based in Lancashire for an initial 4-month contract.

***INSIDE IR35***
***SC CLEARANCE REQUIRED***

Job Spec:
The Security Incident & Vulnerability Management Consultant operates within the Operational Integrator (OI) function to support the transition to a multi-supplier (SIAM) model within a Defence environment.
The role focuses on understanding, aligning and governing existing high-severity security incident management (S3/S4) and vulnerability management processes across suppliers. Ensuring a consistent, risk-based approach in line with client policy and regulatory requirements, supported by appropriate evidence. The outcome is a coherent, evidence-driven view of security risk, covering both active incidents and underlying vulnerabilities, with processes standardised and ready for BAU handover. This is a governance and coordination role, not a hands-on SOC, incident response, or vulnerability remediation function.

Main responsibilities:
Governance & Process Alignment
Review and align existing supplier processes for:
High-severity incident management (S3/S4)
Vulnerability management, across suppliers from existing processes
Ensure processes are:
Consistent across suppliers
Aligned to client policy and regulatory requirements
Establish and govern:
Incident severity classification and escalation thresholds
Vulnerability prioritisation approaches (e.g. CVSS, KEV, EPSS)
Exception and risk acceptance processes
Supplier Coordination (SIAM Model)
Coordinate multiple suppliers to ensure consistent handling of incidents and vulnerabilities
Act as the integration point across suppliers, aligning outputs without redesigning underlying processes into a common model
Identify and manage gaps in process maturity, coverage, data quality and Compliance with standards
Incident Management (S3/S4 Focus)
Govern the lifecycle of high-severity incidents, including escalation, coordination, communication and reporting
Ensure suppliers:
Detect and escalate incidents appropriately
Meet defined escalation and communication expectations
Maintain structured incident records
Define and agree the required level of visibility from SOC outputs, without requiring direct tooling access
Vulnerability Management (SOC-led)
Oversee the vulnerability lifecycle from identification through to closure
Ensure vulnerabilities are:
Prioritised consistently using agreed Client approaches
Tracked through remediation or formal risk acceptance
Validate, track and monitor:
Remediation timelines and SLA adherence
Handling of high risk vulnerabilities, exceptions and waivers
Identify risks relating to:
Incomplete asset coverage
Obsolescent, legacy or non-patchable systems
Evidence & Assurance
Define and align evidence requirements for both:
Incident management (event, escalation, response, closure)
Vulnerability management (identify, track, remediate, validate)
Ensure outputs are:
Consistent across suppliers
Traceable to risks and controls
Audit ready
Provide assurance that both domains align with ISMS and control requirements
Reporting & Transition Support
Support domain-specific reporting for:
Major incidents (S3/S4)
Vulnerability risk and remediation status
Support governance forums with clear, evidence-based reporting
Establish a transition baseline that enables a clean handover of processes to BAU without redesign

Key Skills:
Experience in security incident management, vulnerability management, or cyber governance roles
Strong understanding of:
Incident management lifecycle (detect, respond, recover)
Vulnerability lifecycle (identify, prioritise, remediate, validate)
Experience working in multi-supplier or SIAM environments
Ability to interpret outputs from SOC and vulnerability tooling without direct ownership

Desirable:
Familiarity with NIST CSF, NCSC or UK Government security guidance
Experience in Defence sector or highly regulated environments
Exposure to audit, assurance or ISMS processes
ITIL alignment

Key Deliverables:
Standardised and aligned incident and vulnerability management processes
Consistent supplier reporting and lifecycle governance
Evidence models supporting audit and assurance
Established transition baseline for BAU handover

All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.

Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.

Apply Now

الاسم الأول*

اللقب*

رقم الهاتف*

البريد الإلكتروني*

قم بتحميل سيرتك الذاتية

من خلال تقديم هذا النموذج، فإنك توافق على احتفاظنا ببياناتك بموجب لوائح اللائحة العامة لحماية البيانات، لأغراض خدمات التوظيف. يمكنك إلغاء الاشتراك في أي وقت. لن نستخدم المعلومات الشخصية التي تقدمها لنا إلا وفقًا لسياسة الخصوصية الخاصة بنا.