GRC Consultant
Role details
Job location
Tech stack
Job description
We are seeking an experienced Senior GRC Consultant to join our consulting practice. The successful candidate will operate as a client-facing consultant across a portfolio of concurrent engagements, delivering governance, risk management, and compliance advisory services to multiple clients with the autonomy and rigour expected of a senior consulting professional. The Senior GRC Consultant will manage a diverse client book, with the firm itself representing a principal, but not exclusive engagement.
Across all assignments, the Senior GRC Consultant will be expected to maintain a consistently high standard of delivery, context-switching effectively between engagements and adapting to the specific regulatory, operational, and strategic requirements of each client environment. Working closely with senior stakeholders across client organisations, the Senior GRC Consultant will drive the maturation of GRC processes, ensure alignment with regulatory requirements and industry best practices, and provide expert advisory guidance on risk-related matters.
A key focus across engagements will be to assess, enhance, and uplift baseline GRC capabilities and processes, embedding sustainable improvements that raise the overall maturity of each client's GRC function. The Senior GRC Consultant will also be expected to define and track meaningful metrics and key performance indicators (KPIs) to measure the effectiveness of GRC activities and demonstrate progress against maturity objectives.
The Senior GRC Consultant will be supported by a Cyber GRC Analyst in the delivery of day-to-day GRC activities. In addition, the Senior GRC Consultant will be responsible for guiding, mentoring, and developing the analyst, fostering their professional growth and ensuring effective knowledge transfer across the GRC function.
Key Responsibilities
Governance: Assess, develop, and uplift governance frameworks, policies, and procedures across the firm and external client environments. Ensure that governance structures are robust, clearly documented, and aligned with strategic objectives. Facilitate governance forums and committees, preparing board-level and executive reporting as required.
Risk Management: Deliver enterprise-wide cyber risk assessments across the firm and client environments, including identification, analysis, evaluation, and treatment of key risks. Maintain and enhance risk registers, ensuring risks are accurately captured, rated, and escalated in accordance with the applicable risk appetite framework. Assess and uplift risk management methodologies, tools, and reporting mechanisms across stakeholder groups. Provide subject-matter expertise and advisory guidance on emerging risks, threat landscapes, and risk mitigation strategies.
Compliance: Monitor and assess compliance posture against applicable laws, regulations, standards, and contractual obligations (e.g. GDPR, ISO 27001, SOC 2, PCI DSS, NIS2) across the firm and external client engagements. Design and execute compliance assessment programmes, internal audits, and gap analyses. Advise on and manage relationships with external auditors, regulators, and certification bodies. Track regulatory developments and deliver clear, actionable guidance on the impact of new or amended requirements.
Stakeholder Engagement & Advisory: Act as a trusted adviser to senior leadership across the firm and client environments on GRC matters, translating complex risk and compliance topics into clear, actionable insights. Collaborate with IT, Information Security, Legal, Data Protection, and operational teams to embed GRC principles into day-to-day operations and client delivery. Deliver GRC awareness training and education programmes to promote a risk-aware culture across the firm and within client organisations.
Reporting & Metrics: Develop and maintain GRC dashboards, key risk indicators (KRIs), and key performance indicators (KPIs) to provide visibility of risk and compliance status across the firm and client engagements. Define and track meaningful metrics to measure the effectiveness of GRC activities and demonstrate progress against maturity objectives. Prepare regular reports for senior management, audit committees, and the board as required.
Requirements
- A minimum of five (5) years' experience in a GRC, risk management, information security, or compliance role, with demonstrable experience operating at a senior or lead level within a consulting or advisory capacity.
- Strong working knowledge of governance and risk management frameworks (e.g. ISO 27001, ISO 31000, NIST CSF, COBIT).
- Proven experience conducting risk assessments, compliance audits, and gap analyses.
- Experience engaging with regulators, external auditors, and certification bodies. Excellent understanding of relevant regulatory landscapes (e.g. GDPR, NIS2, PCI DSS, FCA regulations, or sector-specific requirements).
- Demonstrated ability to deliver GRC advisory services with the autonomy and rigour expected of a senior consulting professional.
- Desirable Qualifications & Certifications: Professional certifications such as CRISC, CISA, CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent.
- Experience with GRC tooling platforms (e.g. ServiceNow GRC, OneTrust, Archer, or similar).
- Prior experience in financial services, legal, defence, or other highly regulated sectors.
- Familiarity with third-party risk management and supply chain assurance programmes.
- Experience delivering GRC services to multiple clients simultaneously, managing competing priorities and maintaining consistent quality of delivery across engagements.
Key skills & competencies
- Exceptional analytical and critical-thinking skills with the ability to assess complex risk scenarios.
- Outstanding written and verbal communication skills, with the ability to present to executive and board-level audiences.
- Strong client relationship management skills, with the ability to build trust and credibility across diverse stakeholder groups.
- Proven ability to context-switch effectively across multiple concurrent engagements without compromising quality of delivery.
- Strong stakeholder management and influencing skills.
- Self-motivated and able to work independently, managing multiple priorities within a fast-paced consulting environment.
- High attention to detail and a commitment to delivering quality outcomes.