Director, Cyber security & Privacy Practice, Proactive Services bei Ankura

Ankura is a team of excellence founded on innovation and growth.

This position supports the Data & Technology practice - one of six practices focused on client delivery services across the Firm.

Our global team of over 100 professionals includes former federal law enforcement personnel, in-house security experts, Big 4 consultants, federal regulators, threat intel and dark web experts, etc. We have helped clients and partners for 10+ years across industries and geographies with the following services:

• Incident Response, Intelligence, and Investigations.

• Technology, Privacy, and Cyber Risk Advisory.

• End Point & Managed Detection & Response.

The EMEA Cyber security & Privacy practice is growing and has ambitions to expand its capabilities from a strong base in incident response, intelligence and investigations into additional proactive security, AI security and managed detection & response services.  

Why Join Ankura

• You will have the opportunity to get involved with both Proactive and Reactive work

• We can support and develop individuals who aspire to be an expert

• Opportunities for career development, an assigned career mentor, access to Ankura Academy, and opportunities to collaborate on projects with other Ankura practices

• Work with a collaborative environment, whereby our professionals have the freedom to innovate which promotes curiosity, learning and communication.

Role:

The Director role is Manager level position. Ankura’s Cyber security and Privacy Practice is a full-service suite of cyber security and privacy solutions, regardless of industry or size.

Responsibilities

• Cyber Security Program & Strategy: Evaluate and enhance client cyber security programmes against recognised frameworks like NIST, ISO, DORA, and NIS2. Advise on security strategy for cloud and hybrid environments, acting as a vCISO to guide their cyber resilience and security posture. This is a core part of our advisory services.

• Risk Management & Remediation: Conduct comprehensive cyber risk assessments, including third-party risk management and cyber risk quantification. Develop and oversee remediation plans, from initial assessment to full delivery, ensuring a seamless consulting engagement.

• Policy & Incident Response: Develop and refine security policies, including Business Continuity Plans (BCPs) and incident response plans. Support the delivery of cyber security and crisis tabletop exercises to test client resilience.

• Mergers & Acquisitions (M&A): Conduct Cyber Due Diligence (DD) for pre-acquisition and post-acquisition reviews, specifically for private equity (PE) houses and other corporate clients.

• Project Leadership & Delivery: Lead and manage end-to-end client engagements. This includes project scoping, proposal development, and ensuring timely delivery of all project deliverables within a consulting framework.

• Technology & Expertise: Possess deep knowledge of security technologies and architectures, with an understanding of AI risk and the use of AI technologies in cyber security.

• Team Leadership: Supervise and mentor less experienced consultants and client personnel.

Requirements:

• Experience: Proven experience in a consulting or advisory role, with a strong background in leading cyber security projects and acting in a vCISO capacity. Experience with scoping projects, developing budgets, and crafting proposals for new business is essential.

• Technical Knowledge: In-depth understanding of security principles and network architectures. Ability to assess security controls across major cloud platforms (Azure, AWS, GCP, Office 365).

• Frameworks: Strong familiarity with NIST, ISO, PCI, DORA, NIS2, EU AI Act, NIST AI RMF and other relevant frameworks.

• Qualifications: Professional certifications such as CISSP, CISM, CISA, Prince2 or PMP are preferred.

• Skills: Strong analytical, communication (written and verbal), and organisational skills. Ability to work both independently and as part of a team in a high-paced consulting environment.

• Travel: Flexibility to travel outside the UK for work, which may involve a few weeks at a time on short notice.

• Good to have: Knowledge / experience of the incident management lifecycle, ethical hacking, DFIR, secure development practices and internal audit. Experience and exposure to AI technology challenges and opportunities.

Ankura is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against based on disability. Equal Employment Opportunity Posters, if you have a disability and believe you need a reasonable accommodation to search for a job opening, submit an online application, or participate in an interview/assessment, please email [email protected] or call toll-free +1.312-583-2122. This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes, such as following up on an application or technical issues unrelated to a disability, will not receive a response.