• The Role & Key Responsibilities

  • Job Title: Security Risk and Controls Lead (12 Month Fixed Term Contract)

    Location: Peterborough (Hybrid)

    Are you a senior security risk professional with deep expertise in controls, risk frameworks and compliance reporting? Do you enjoy translating complex standards into practical, effective controls that strengthen security posture and support strategic decision-making?

    ABF’s Business Technology Services (BTS) Cyber Security function is looking for a Security Risk and Controls Lead to play a pivotal role in driving the development and implementation of security controls and enhancing enterprise risk management. Reporting to the GRC Manager, you’ll lead on controls maturity, risk framework development and reporting, while providing hands-on support and guidance to the wider GRC team during a critical phase of cyber transformation.

     

    What you'll be doing:

    • Assessing existing BTS security controls and identifying gaps against NIST 800-53 and ISO 27001 requirements
    • Designing, developing and embedding an enhanced security controls framework aligned to industry-recognised standards
    • Leading risk assessments and strengthening the enterprise risk register to ensure both operational and strategic risks are accurately captured
    • Actively driving the closure of identified risk and control gaps, supporting remediation activities across BTS
    • Establishing and maintaining robust risk and controls reporting, including dashboards, scorecards and defined KPIs
    • Defining, tracking and reporting key metrics such as control effectiveness, risk coverage, gap closure rate and audit readiness
    • Maintaining audit-ready documentation and evidence to support internal and external audits and certifications
    • Providing hands-on support, coaching and guidance to GRC colleagues, ensuring consistency and maturity across risk-related activities
 

What you'll bring: 

  • Proven experience designing, implementing and embedding security controls and risk management frameworks within complex IT or cyber security environments
  • Expert-level knowledge of NIST 800-53 and ISO 27001, including control families, implementation and assurance activities
  • Strong experience leading risk management, control assurance and compliance programmes at enterprise level
  • Demonstrable ability to translate regulatory and framework requirements into practical, actionable controls
  • Experience building and maintaining enterprise risk registers, risk radars, dashboards and KPI-driven reporting
  • Solid understanding of IT and security environments (infrastructure, applications and cloud) to effectively assess and design controls
  • Excellent stakeholder engagement skills, with the confidence to influence senior leadership and cross-functional teams
  • Strong analytical, problem-solving and communication skills, with high attention to detail
 

Location

Hybrid, a mix of office and homeworking.  This role will be based at our Peterborough offices on the Lynchwood Business Park.  The office has recently been renovated and along with a modern work environment has great public transport links, free onsite parking, free drink facilities, free lunch option each day and a great team culture.


Job Spec Download Security Risk and Controls Lead Job Spec.docx
Questions about this role?

If you have any questions about this role or need help applying please contact Taylor Waldon via [email protected].

Supporting your application

We work with a number of ​external partners to ensure ​that our application process ​is as comfortable as ​possible, regardless of your ​circumstances or ​background.