Cyber GRC Consultant

gb Halo Personnel
Fareham, United Kingdom
4 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
£ 55K

Job location

Remote
Fareham, United Kingdom

Tech stack

Computer Security
PCI Data Security Standards
Information Security Management System
CIS Benchmarks

Job description

·DeliverGRC andinformation securityconsultancyservices to externalclients,including risk assessments,maturityassessments,gapanalyses,auditreadinessreviewsandremediation planning.

·Support clients with ISO/IEC 27001 implementation,internal audit,certification readiness and ongoing ISMS improvement.

·UndertakeCyberEssentialsassessmentswhererequired.

·Assesscustomers'cybersecuritymaturityacrossgovernance,people,process,technology,data

andsupplier arrangements.

·Develop, review and improve information security policies,procedures,standards, risk registers, control frameworks and supporting documentation.

·Facilitateclientworkshops,interviewsandevidencereviewstounderstandbusinesscontext,risks, obligations and control effectiveness.

·Produce high-quality reports, dashboards and management summaries that clearly communicate findings, risk ratings, priorities and recommended actions.

·Provide pragmatic, risk-based advice to clients, helping them balance compliance requirements, business objectives and operational constraints.

·Support supplier assurance, third-party risk management, data protection, business continuity and incident management activities where required.

·Work closely withinternal teams toscope,plan, schedule anddeliver client engagements efficiently and to a consistently high standard.

·Supportcolleaguesbysharingknowledge,templates,bestpracticeandsubjectmatterexpertise across GRC and information security disciplines.

·Contributetoserviceimprovement,methodologydevelopmentandthecreationofreusable consultancycollateral.

·Attendindustryseminarsandevents topromote thecapabilities of thebusinessandmaintain relationships with relevant assessment, certification and cyber security bodies.

·Promotecontinual improvementwithin norm'sinternalInformationSecurityManagementSystem

andsupportthemaintenanceofexistinginformationsecurityandqualitycertifications.

·Maintaincurrencyinrelationtopersonalaccreditations,assessmentstandards,regulatory developmentsandrelevantindustrygoodpractice.

Requirements

Own transport is essential to fulfil on-site consultancy visits

M-F 8:30 am to 5:30 pm with an hour for lunch

We are seeking a full-time GRC / Information Security Consultant to join our client's small, rapidly expanding and fast-paced business. The role will focus on helping clients strengthen their information security governance, manage cyber and information risks, and achieve or maintain compliance with recognised standards and frameworks including ISO/IEC 27001, Cyber Assessment Framework (CAF), Cyber Essentials, SOC-2, PCI, DSS, GDPR, and other relevant regulatory or contractual requirements.

This is a customer-facing consultancy role, requiring confident engagement with senior stakeholders, clear communication of risk and control findings, and the ability to translate technical and regulatory requirements into practical business actions.

The role will include delivering gap analyses, risk assessments, control reviews, audit readiness support, policy and process development, remediation planning and certification support. In addition, the role holder will support the management and continual improvement of norm's internal ISMS and help ensure the business retains its information security and quality certifications.

Theidealcandidate willhavethefollowingqualificationsand/orexperience;

Essential:

·At least threeyears'experienceinaninformationsecurity,GRC, ITrisk,audit,complianceor cyber

securityrole.

·Strong workingknowledgeofISO/IEC27001,informationsecuritygovernance, risk management and controlassurance.

·Experience supporting or delivering ISO/IEC27001 gap analyses, internal audits, readiness reviews, implementation support or certification support.

·Provenabilitytoidentify,assessandcommunicateinformationsecurityrisks,controlweaknesses and practical remediation actions.

·Excellentwrittenandverbalcommunicationskills,includingtheabilitytoproduceclearconsultancy reports,risksummariesandmanagementrecommendations.

·Strong stakeholdermanagementskillswiththeabilitytoengageappropriatelyatoperationaland managementlevels.

·Excellent organisationskills, including the ability to manage multiple client tasks or engagements, work under pressure and meet deadlines.

·RelevantprofessionalcertificationsuchasISO/IEC27001Lead Auditor, ISO/IEC27001 Lead Implementer, CISM, CISSP, CRISC orequivalent experience.

·FullUKdrivinglicence.

Desirable:

·Fourtofiveyears'experienceininformationsecurityconsultancy,GRC,ITrisk,auditor compliance.

·Experiencedesigning, implementingormaintaininganInformationSecurityManagementSystem.

·Experience ofsupplierassurance, third-party risk management,data protection impact assessments, business continuity or incident management processes.

·WorkingknowledgeofCyberEssentials,CyberEssentials Plus,IASMEGovernance,GDPRand relevant informationsecuritystandardsor best practice frameworks

·KnowledgeofadditionalframeworkssuchasCAF,NIS-2,NISTCybersecurityFramework,CIS Controls, SOC 2, ISO 22301, ISO 27701 or PCI DSS.

·ExperienceusingGRC,auditmanagement,riskregisterorreporting tools.

·HoldSC/DVclearanceorwillingnesstoundertakesecurityvetting.

·MemberofCiSPoranotherrelevantprofessionalcommunity.

·Willingnesstostudyforandattainfurtherrelatedqualifications.

·Experienceofimplementingandmanaging ISO9001.

As a GRC / Information Security Consultant, you will receive excellent support and guidance, while being expected to operate confidently as a capable mid-level consultant. The successful candidate will be a self-starter who is comfortable working directly with customers and supporting consultancy engagements from scoping through to delivery.

You will be highly motivated, commercially aware and able to build trusted relationships with clients by delivering pragmatic, risk-based advice. You will have excellent verbal and written communication skills, with the ability to discuss information security, risk, governance and compliance matters with authority and clarity. You will be able to simplify the complexities of cyber security, data protection legislation and assurance frameworks into straightforward business language and actionable recommendations.

You will have demonstrable experience of delivering information security, GRC, audit, compliance or risk management services, ideally in a consultancy or customer-facing environment. This may include ISO/IEC 27001 implementation or audit support, Cyber Essentials assessments, security maturity assessments, risk workshops, control gap analyses, supplier assurance reviews, policy development, data protection support and theproduction of clear, prioritised remediation plans. You willbe well versedin assessing organisations, their information assets,technology risks,governance arrangements and control environments, and capable of producing high-quality reports and recommendations for both technical and non-technical audiences.

This is an all-encompassing role in our client's company. You will be a consummate professional and work with a high degree of autonomy. The successful candidate will be highly motivated and will enjoy delivering a world-class experience to our client's customers.

You willbeadaptableandflexibleinyourwork andhaveapositiveattitude,constantlystriving todothebest for their customers.

Apply for this position