GRC Consultant

Mishcon de Reya
Charing Cross, United Kingdom
3 days ago

Role details

Contract type
Temporary contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Charing Cross, United Kingdom

Tech stack

Control Objectives for Information and Related Technology (COBIT)
Computer Security
PCI Data Security Standards
Cyber Threat Analysis
ServiceNow

Job description

We are seeking an experienced Senior GRC Consultant to join our consulting practice. The successful candidate will operate as a client-facing consultant across a portfolio of concurrent engagements, delivering governance, risk management, and compliance advisory services to multiple clients with the autonomy and rigour expected of a senior consulting professional. The Senior GRC Consultant will manage a diverse client book, with the firm itself representing a principal, but not exclusive engagement.

Across all assignments, the Senior GRC Consultant will be expected to maintain a consistently high standard of delivery, context-switching effectively between engagements and adapting to the specific regulatory, operational, and strategic requirements of each client environment. Working closely with senior stakeholders across client organisations, the Senior GRC Consultant will drive the maturation of GRC processes, ensure alignment with regulatory requirements and industry best practices, and provide expert advisory guidance on risk-related matters.

A key focus across engagements will be to assess, enhance, and uplift baseline GRC capabilities and processes, embedding sustainable improvements that raise the overall maturity of each client's GRC function. The Senior GRC Consultant will also be expected to define and track meaningful metrics and key performance indicators (KPIs) to measure the effectiveness of GRC activities and demonstrate progress against maturity objectives.

The Senior GRC Consultant will be supported by a Cyber GRC Analyst in the delivery of day-to-day GRC activities. In addition, the Senior GRC Consultant will be responsible for guiding, mentoring, and developing the analyst, fostering their professional growth and ensuring effective knowledge transfer across the GRC function.

Key Responsibilities

Governance: Assess, develop, and uplift governance frameworks, policies, and procedures across the firm and external client environments. Ensure that governance structures are robust, clearly documented, and aligned with strategic objectives. Facilitate governance forums and committees, preparing board-level and executive reporting as required.

Risk Management: Deliver enterprise-wide cyber risk assessments across the firm and client environments, including identification, analysis, evaluation, and treatment of key risks. Maintain and enhance risk registers, ensuring risks are accurately captured, rated, and escalated in accordance with the applicable risk appetite framework. Assess and uplift risk management methodologies, tools, and reporting mechanisms across stakeholder groups. Provide subject-matter expertise and advisory guidance on emerging risks, threat landscapes, and risk mitigation strategies.

Compliance: Monitor and assess compliance posture against applicable laws, regulations, standards, and contractual obligations (e.g. GDPR, ISO 27001, SOC 2, PCI DSS, NIS2) across the firm and external client engagements. Design and execute compliance assessment programmes, internal audits, and gap analyses. Advise on and manage relationships with external auditors, regulators, and certification bodies. Track regulatory developments and deliver clear, actionable guidance on the impact of new or amended requirements.

Stakeholder Engagement & Advisory: Act as a trusted adviser to senior leadership across the firm and client environments on GRC matters, translating complex risk and compliance topics into clear, actionable insights. Collaborate with IT, Information Security, Legal, Data Protection, and operational teams to embed GRC principles into day-to-day operations and client delivery. Deliver GRC awareness training and education programmes to promote a risk-aware culture across the firm and within client organisations.

Reporting & Metrics: Develop and maintain GRC dashboards, key risk indicators (KRIs), and key performance indicators (KPIs) to provide visibility of risk and compliance status across the firm and client engagements. Define and track meaningful metrics to measure the effectiveness of GRC activities and demonstrate progress against maturity objectives. Prepare regular reports for senior management, audit committees, and the board as required.

Requirements

  • A minimum of five (5) years' experience in a GRC, risk management, information security, or compliance role, with demonstrable experience operating at a senior or lead level within a consulting or advisory capacity.
  • Strong working knowledge of governance and risk management frameworks (e.g. ISO 27001, ISO 31000, NIST CSF, COBIT).
  • Proven experience conducting risk assessments, compliance audits, and gap analyses.
  • Experience engaging with regulators, external auditors, and certification bodies. Excellent understanding of relevant regulatory landscapes (e.g. GDPR, NIS2, PCI DSS, FCA regulations, or sector-specific requirements).
  • Demonstrated ability to deliver GRC advisory services with the autonomy and rigour expected of a senior consulting professional.
  • Desirable Qualifications & Certifications: Professional certifications such as CRISC, CISA, CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent.
  • Experience with GRC tooling platforms (e.g. ServiceNow GRC, OneTrust, Archer, or similar).
  • Prior experience in financial services, legal, defence, or other highly regulated sectors.
  • Familiarity with third-party risk management and supply chain assurance programmes.
  • Experience delivering GRC services to multiple clients simultaneously, managing competing priorities and maintaining consistent quality of delivery across engagements.

Key skills & competencies

  • Exceptional analytical and critical-thinking skills with the ability to assess complex risk scenarios.
  • Outstanding written and verbal communication skills, with the ability to present to executive and board-level audiences.
  • Strong client relationship management skills, with the ability to build trust and credibility across diverse stakeholder groups.
  • Proven ability to context-switch effectively across multiple concurrent engagements without compromising quality of delivery.
  • Strong stakeholder management and influencing skills.
  • Self-motivated and able to work independently, managing multiple priorities within a fast-paced consulting environment.
  • High attention to detail and a commitment to delivering quality outcomes.

About the company

Mishcon de Reya is an independent law firm, which now employs over 1400 people with more than 650 lawyers offering a wide range of legal services to companies and individuals. The firm has grown rapidly in recent years, showing more than 40% revenue growth in the past five years alone. With presence in London, Oxford, Cambridge, Singapore, Hong Kong and UAE, the firm services an international community of clients and provides advice in situations where the constraints of geography often do not apply. The work the firm undertakes is cross-border, multi-jurisdictional and complex, centred around three increasingly entwined and connected sectors: the Innovation Economy, Private Wealth and Capital, and Real Estate. The firm is known as a disputes powerhouse with a formidable capacity firmwide for dispute resolution. We strive to create a fully diverse and inclusive workplace where all our people are empowered to fulfil their potential. We are proud of our agile working culture and are always happy to talk flexible working.

Apply for this position