IT RISK ADVISOR, OPERATIONS & DESIGN

Our client, a Major Oil and Gas Operator is seeking an IT Risk Assessment Advisor. This is a 12 Month PAYE contract role based in Aberdeen with a hybrid working system in place.

Role overview

Our client is seeking an IT Risk Assessment Advisor that specialises in Technical Security Architecture ‘by design’ to provide technical security oversight and architectural assurance across both delivery projects and business as usual (BAU) operations. The role sits at the heart of the client’s technology governance, ensuring secure design decisions, controlled change, and proportionate risk treatment across cloud, on premises, and hybrid environments. You will work closely with architects, engineers, delivery teams, and operations to keep security embedded without slowing the business.

Security architecture governance and interface with enterprise architecture:

Define and maintain security architecture patterns, reference designs, and secure configuration baselines (cloud and on-prem)

Drive awareness of secure-by-design practices across engineering teams.

Attend and contribute to the Architecture Review Board (ARB)

Maintain and evolve security architecture patterns and standards (e.g. IAM, network segmentation, cloud security baselines)

Review and assess high risk security architecture exceptions, ensuring risks are clearly understood and appropriately managed

Provide technical and specialised ‘Secure by design’ and security architecture project advisory

Provide hands-on security architecture advice to delivery teams to ensure secure patterns, reference architectures, and hardening baselines are applied.

Perform threat-informed design reviews and ensure appropriate control selection

Enable early engagement to reduce downstream risk and rework

Change and Operational security oversight (BAU)

Attend Change Advisory Boards (CABs) to provide security approval and challenge

Review and approve high risk firewall rule changes

Review high risk configuration changes across Azure and on prem environments. Perform targeted reviews of high-risk configurations (e.g. firewall, network, cloud, infrastructure). Identify misconfigurations and exposure risks against defined baselines

Risk prioritise high risk and zero-day vulnerabilities, working with technology and operations teams on remediation approach and urgency

Provide pragmatic security input to IT Teams and Infrastructure Suppliers - aligned to operational and availability requirements

Provide BAU IT teams clear, actionable recommendations to reduce attack surface and improve resilience

Skills, experience & attributes of candidate:

Strong background in technical security architecture within complex enterprise environments

Experience across cloud (Azure) and on prem infrastructure

Comfortable operating in governance forums while remaining technically credible

Confident challenging design and change decisions constructively

Able to translate technical security risk into clear business impact

Advantageous:

Bachelor’s in CS, InfoSec, or equivalent experience

Certifications: GICSP, CISSP, or equivalent qualification

Experience working as a security architect

Understanding of regulatory frameworks e.g. NIS2, Cyber Resilience Act