Cyber Security Consultant (GRC)
Role details
Job location
Tech stack
Job description
SEP2 is dedicated to being the trusted partner our customers rely on to enhance and maintain robust cyber security postures. We achieve this through a unique blend of governance, risk, and compliance (GRC) expertise, continuous vulnerability management, and effective human risk services. Our team is a critical component of our customers' security strategies, enabling them to navigate the complex regulatory landscape and defend against evolving threats. We value continuous improvement, technical excellence, and, above all, exceptional customer service.
Primary Function:
Working in the Consultancy arm of the Wingman Security Operations team, this role is primarily responsible for customer engagement, consultancy and report generation of our Wingman GRC (Governance, Risk & Compliance) and Human Risk services. These include vCISO, Vulnerability Management and Security Awareness services. The consultant will be responsible for a set of assigned customers, ensuring that all aspects of their cyber security engagement are maintained. This includes advisory/gap analysis sessions, research on upcoming compliance requirements, working with our wider WSO team on technology enablement and more.
This is a full-time position that can be performed fully remotely from the United Kingdom, or for those local to West Yorkshire the option to go into the Leeds office is available.
Main Tasks:
- Reporting & Documentation: Produce accurate and high-quality customer-facing reports, including assessment, audit, vulnerability, and attack surface analysis reports.
- Security Posture Assessment: Conduct comprehensive gap analysis sessions, utilising various industry frameworks (e.g., ISO 27001, NCSC CAF), to objectively assess customers' current security postures and develop clear, actionable roadmaps for improvement.
- Compliance Guidance: Advise customers on critical aspects of industry and regulatory compliance, such as Cyber Essentials, NCSC CAF, and ISO 27001, operating under the guidance and mentorship of the Principal Consultant.
- Tooling Support: Provide expert support to customers on the effective utilisation of GRC and security tools, including Drata, Knowbe4, Qualys, and other relevant platforms.
- Audit Participation: Support both internal and external compliance and assurance audits.
- Cross-Discipline Collaboration: Work closely with customer IT and Cyber Security teams across a variety of security disciplines, including network security, identity and access management, vulnerability management, and secure development lifecycle (SDLC).
- Internal Program Development: Actively participate in the delivery and continuous improvement of our internal information security program.
- Mentorship & Training: Engage in the active mentoring and training of team members, contributing to the overall knowledge and skill advancement within the WSO team.
- Process Management: Confidently create, implement, and strictly adhere to Standard Operating Procedures (SOPs), maintaining an eye for continuous process improvement and optimisation.
- Service Level Management: Ensure all assigned customer tickets and service requests are actively worked on, kept current, and meet and exceed established Service Level Agreements (SLAs).
- Service Review: Support the Head of Service Delivery by contributing to and participating in service review calls with customers.
Requirements
Do you have experience in Information security?, The successful candidate will demonstrate a blend of technical expertise, professional integrity, and strong interpersonal skills:
- Customer Focus: Possess an unwavering commitment to outstanding customer service.
- Professional Relationships: Capable of establishing and maintaining effective and credible working relationships with colleagues and clients at all levels.
- Communication: Be a highly effective verbal and written communicator, comfortable articulating complex technical concepts to both technical and non-technical audiences.
- Adaptability & Mindset: Capable of quickly adapting to diverse and evolving security situations, applying a pragmatic, solution-oriented mindset to challenges.
- Team Orientation: Be a dedicated, team-orientated individual able to encourage and support colleagues in achieving collective and individual objectives.
- Professional Development: Value and actively engage in continuous professional development (CPD)., Candidates must ideally hold a minimum of one (1) of the following professional certifications:
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CISA (Certified Information Systems Auditor)
- ISO 27001 Internal Auditor
- ISO 27001 Lead Implementer
- ISO 27001 Lead Auditor
Experience:
- Policy Management: Proven experience in previously developing and maintaining information security policies in alignment with recognised standards such as ISO 27001.
- Legislation: A solid contextual understanding of key legislation, such as the UK General Data Protection Regulation (GDPR), the Digital Operations Resilience Act (DORA), and NIS2.
- Risk Management: Practical experience with undertaking basic risk assessments and developing foundational information risk management plans.
- Assurance & Testing: Experience with compliance monitoring and/or controls testing.
- Third-Party Assurance: Prior contribution to developing processes designed to assure the compliance and security posture of third parties/vendors.
- Cloud Security & IT: Demonstrable experience within the wider IT discipline, with particular expertise in the security of major public cloud environments such as AWS, Azure, or GCP.
Benefits & conditions
Pulled from the full job description
- Employee discount
- Gym membership
- Store discount
- Casual dress
- Health & wellbeing programme
- Cycle to work scheme
- Work from home, * Casual dress
- Company events
- Cycle to work scheme
- Employee discount
- Enhanced maternity leave
- Gym membership
- Health & wellbeing programme
- Store discount
- Work from home
