Cyber Risk Consultant

Ensign is hiring !

Title: Cyber Risk Consultant

About the Role

We are looking for a Cyber Risk Consultant to join our consulting team. In this client-facing role, you will help clients strengthen their cybersecurity posture through risk assessments, security-by-design, and compliance activities. You will work closely with stakeholders to identify risks, recommend mitigation strategies, and ensure security is built into projects and systems from the start.

What We’re Looking For

We are seeking someone who enjoys working across both governance and technical areas of cybersecurity. The ideal candidate is confident in reading and working with policies and compliance frameworks, and comfortable sitting in a design workshop or vendor meeting to provide input on security controls.

Strong communication skills are essential, as you will represent clients in discussions and guide project teams through risk decisions. This role is a good fit for someone who is consulting-minded with hands-on involvement and delivering value in day-to-day engagements, not just high-level work. An interest in OT security will also be an advantage, whether you already have experience in this space or are eager to expand beyond IT security.

Key Responsibilities

• Conduct cybersecurity risk assessments across IT and OT environments.
• Partner with project and application teams to embed security-by-design practices throughout the lifecycle, from procurement to design and implementation.
• Review and guide project risk assessments, ensuring findings and mitigation controls are adequate.
• Perform network and system architecture reviews, to ensure alignment with security requirements and industry best practices.
• Represent clients in vendor and stakeholder discussions, providing subject matter expertise.
• Support compliance and governance activities, including audits, gap assessments, and reporting against regulatory and industry requirements.
• Develop, evaluate, and maintain cybersecurity policies, standards, and procedures in line with frameworks such as ISO/IEC 27001 and applicable regulatory expectations.
• Contribute to the development of security awareness programs and other client-specific initiatives.
• Provide input into cybersecurity roadmaps and strategic initiatives, to support planning for emerging threats and regulatory expectations.

Requirements

• 7+ years of experience in cybersecurity, with exposure to GRC, risk assessments and CISO office functions.
• Proven experience conducting risk assessments and guiding security-by-design practices across IT and OT environments.
• Strong understanding of OT and IT security concepts, technologies, and associated risks.
• Familiarity with recognized security frameworks and standards such as ISO/IEC 27001 and NIST.
• Strong communication and interpersonal skills, with the ability to represent clients in discussions and work effectively with both technical and non-technical stakeholders.
• Certifications such as CISSP, CISM, CISA, or CRISC are preferred.