Job Description

Exercising Consultant

Location:

UK-based (Hybrid)

Reports to:

Head of Cyber Incident Exercising

Department:

Cyber Incident Exercising

Role Purpose

The Exercising Consultant will design, develop, and deliver cyber incident exercises for clients across sectors. The role supports GDAK's Cyber Incident Exercising Framework to help organisations test and enhance their cyber response capabilities through structured and realistic exercises.

The consultant will work across the full exercise lifecycle, from defining objectives and developing scenarios to facilitating delivery and producing comprehensive reports.

Our Team

Our team brings together deep operational experience, many of us are ex-military with a shared focus on teamwork, trust, and calm under pressure. We take pride in precision, reliability, and purpose in everything we do. The culture at GDAK is built on mutual respect, accountability, our humour and our support for one another, especially when challenges arise. You don't need to be a veteran we don't care how you got here. as long as you share these values.

Key Responsibilities

Exercise Development and Delivery

Lead or support the end-to-end delivery of Exercises Apply GDAK's Cyber Incident Exercising Framework to ensure consistent and high-quality outputs. Translate organisational requirements into exercise objectives, scenarios, and evaluation criteria. Design credible, tailored, and realistic injects, timelines, and supporting materials. Facilitate exercises with confidence, managing participants ranging from operational staff to senior leadership. Ensure exercises remain aligned with clients' incident response structures, playbooks, and communication pathways.

Stakeholder Engagement

Engage with clients to define scope, objectives, and success measures. Coordinate with technical teams, senior management, and external stakeholders during planning and delivery. Present findings and recommendations clearly and professionally, both verbally and in writing.

Analysis and Reporting

Lead or contribute to the After Action Review process, analysing performance data and identifying strengths, weaknesses, and opportunities for improvement. Produce structured and evidence-based reports, including prioritised recommendations and maturity observations. Support clients in developing action plans and tracking improvement outcomes.

Continuous Improvement

Contribute to the enhancement of GDAK's exercising methodologies, templates, and supporting materials. Stay informed about emerging threats, industry trends, and lessons from real-world incidents to inform scenario design. Support the quality assurance of exercises delivered by other consultants. Help build a better service and relationship with clients.

Skills and Experience

Essential

Strong understanding of cyber incident response frameworks (e.g., NCSC, ISO 27035, NIST, CAF). Excellent communication and facilitation skills with diverse audiences. Strong analytical and report writing ability. Capability to work independently and manage multiple work strands concurrently. Experience engaging senior stakeholders in high-pressure or strategic discussions.

Desirable

Background in cybersecurity, risk management, or business continuity. Knowledge of regulatory frameworks such as NIS2, DORA, or ISO 22301. Proven experience in designing and facilitating cyber or crisis management exercises. Security clearance (or eligibility for clearance). Not essential to have but be prepared to obtain.

Personal Attributes

Collaborative and supportive team player. Professional, confident, and resilient under pressure. Commitment to quality and consistency. Curious and creative, able to craft engaging and realistic scenarios. Driven by continuous learning and client impact.

Benefits

Competitive salary 50-60k range. Hybrid working model post initial probation Continuous professional development and training. Healthcare Dental plan Bonus plan (performance/recruitment/BD and Sales)
Job Types: Full-time, Permanent

Pay: 50,000.00-60,000.00 per year

Benefits:

Company pension Flexitime Free flu jabs Health & wellbeing programme On-site parking Private dental insurance Private medical insurance Referral programme Work from home
Application question(s):

YOU MUST ANSWER THIS QUESTION PLEASE. Due to the nature of the work and the security clearance requirements set by the UK Government, this role is open only to individuals who are eligible for Vetting (DV/SC/BPSS). This typically requires sole UK nationality. Are you able to apply under these conditions
Work authorisation:

United Kingdom (required)
Work Location: In person