Grc consultant
Role details
Job location
Tech stack
Job description
ups, and they come to us for advisory work, DPO support delivered as a service, AI governance, and privacy technology programmes including One Trust, where we are a certified implementation partner. The GRC Consultant role is how we extend that work into governance, risk and compliance more broadly. You will help clients design, run and improve the frameworks that hold their compliance programmes together, and bring an integrated view to organisations that are increasingly asked to manage privacy, security, AI and operational risk as one. The Role In this role, you will: Advise clients across governance, risk and compliance, including framework design, controls, and assurance Support implementation of GRC technology platforms, with a focus on One Trust and adjacent tools Bring a broad GRC lens to engagements that touch privacy, security, AI and operational risk Contribute to the growth of our GRC service line as the practice expands In practice, that means working alongside our consultants and senior leadership to deliver GRC programmes from scoping through go live and into operations. You will advise clients on the frameworks that hold their compliance programmes together. Risk taxonomies, control libraries, policy structures, assurance approaches, and the operating models that bring them to life. You will help clients move from fragmented, function specific compliance toward something integrated. You will support the implementation and configuration of GRC technology. One Trust is a focus for us, alongside the wider landscape of GRC platforms our clients use. You do not need to be a One Trust expert today. You do need to be ready to build that expertise quickly with our support and certification. You will bring an integrated view across risk domains. Privacy, information security, AI governance, operational resilience, third party risk, and the regulatory landscape that connects them. Our clients increasingly want one partner who can see across
Requirements
all of it. You will help us be that partner. You will contribute to how we work. Our GRC service line is growing, and the people who join now will help shape the methodologies, templates, and ways of working that we take to every future client. Who We're Looking For Must haves A solid grounding in governance, risk and compliance, with practical experience designing or operating GRC frameworks, controls, or assurance programmes in a client or in house setting. A genuine interest in privacy, AI governance, and the wider compliance technology space. You enjoy the intersection of regulation, risk and technology and want to build a career there. Willingness to learn One Trust and broader GRC platforms quickly, supported by our internal training and certification. Strong analytical and problem solving instincts. GRC work is detail heavy, and small framework choices have real downstream consequences. Strong written and verbal communication in English. You can explain a complex risk concept to a non technical client without losing them or oversimplifying. A right to work in the EU. Nice to haves Hands on experience with one or more GRC technology platforms (One Trust, Service Now GRC, Archer, Metric Stream, or similar). Familiarity with widely used GRC frameworks and standards (ISO 27001, ISO 27701, SOC 2, NIST CSF, COSO, or similar). Working knowledge of GDPR, AI regulation including the EU AI Act, and the wider EU regulatory landscape. Exposure to specific regimes such as DORA, NIS2, or sectoral compliance requirements. Consulting experience, whether at a professional services firm, a Big Four, or a privacy or risk specialist firm. A recognised credential such as CIPP/E, CIPM, CRISC, CISA, ISO 27001 Lead Auditor or Implementer, or equivalent. Additional language capability beyond English. A relevant degree in a field such as Business, Law, Economics, Computer Science, Information Security, or similar. About