GRC Cyber Security Consultant
other jobs Empty Box Recruitment Ltd
Added before 6 hours
- England,South East,Hampshire,Fareham
- Full Time, Permanent
- £45,000 - £55,000 per annum
Job Description:
Full job description(Cyber) Information Security Consultant
GRC (Governance, Risk and Compliance)
£45,000 - £55,000 depending on experience
REMOTE WORKING
Own transport is essential to fulfil on-site consultancy visits
M-F 8:30 am to 5:30 pm with an hour for lunch
We are seeking a full-time GRC / Information Security Consultant to join our client’s small, rapidly expanding and fast-paced business. The role will focus on helping clients strengthen their information security governance, manage cyber and information risks, and achieve or maintain compliance with recognised standards and frameworks including ISO/IEC 27001, Cyber Assessment Framework (CAF), Cyber Essentials, SOC-2, PCI, DSS, GDPR, and other relevant regulatory or contractual requirements.
This is a customer-facing consultancy role, requiring confident engagement with senior stakeholders, clear communication of risk and control findings, and the ability to translate technical and regulatory requirements into practical business actions.
The ideal candidate will have the following qualifications and/or experience;
Essential:
*At least three years’ experience in an information security, GRC, IT risk, audit, compliance or cyber
security role.
*Strong working knowledge of ISO/IEC 27001, information security governance, risk management and control assurance.
*Experience supporting or delivering ISO/IEC 27001 gap analyses, internal audits, readiness reviews, implementation support or certification support.
*Proven ability to identify,assess and communicate information security risks,control weaknesses and practical remediation actions.
*Excellent written and verbal communication skills, including the ability to produce clear consultancy reports, risk summaries and management recommendations.
*Strong stakeholder management skills with the ability to engage appropriately at operational and management levels.
*Excellent organisation skills, including the ability to manage multiple client tasks or engagements, work under pressure and meet deadlines.
*Relevant professional certification such as ISO/IEC 27001 Lead Auditor, ISO/IEC 27001 Lead Implementer, CISM, CISSP, CRISC or equivalent experience.
*Full UK driving licence.
Desirable:
*Four to five years’ experience in information security consultancy, GRC, IT risk, audit or compliance.
*Experience designing, implementing or maintaining an Information Security Management System.
*Experience of supplier assurance, third-party risk management, data protection impact assessments, business continuity or incident management processes.
*Working knowledge of Cyber Essentials, Cyber Essentials Plus, IASME Governance, GDPR and relevant information security standards or best practice frameworks
*Knowledge of additional frameworks such as CAF, NIS-2, NIST Cyber security Framework, CIS Controls, SOC 2, ISO 22301, ISO 27701 or PCI DSS.
*Experience using GRC, audit management, risk register or reporting tools.
*Hold SC/DV clearance or willingness to undertake security vetting.
*Member of CiSP or another relevant professional community.
*Willingness to study for and attain further related qualifications.
*Experience of implementing and managing ISO 9001.
Key Responsibilities:
*Deliver GRC and information security consultancy services to external clients, including risk assessments, maturity assessments, gap analyses, audit readiness reviews and remediation planning.
*Support clients with ISO/IEC 27001 implementation, internal audit, certification readiness and ongoing ISMS improvement.
*Undertake Cyber Essentials assessments where required.
*Assess customers’cyber security maturity across governance, people,process, technology, data and supplier arrangements.
*Develop, review and improve information security policies, procedures, standards, risk registers, control frameworks and supporting documentation.
*Facilitate client workshops, interviews and evidence reviews to understand business context, risks, obligations and control effectiveness.
*Produce high-quality reports, dashboards and management summaries that clearly communicate findings, risk ratings, priorities and recommended actions.
*Provide pragmatic, risk-based advice to clients, helping them balance compliance requirements, business objectives and operational constraints.
*Support supplier assurance, third-party risk management, data protection, business continuity and incident management activities where required.
*Work closely with internal teams to scope, plan, schedule and deliver client engagements efficiently and to a consistently high standard.
*Support colleagues by sharing knowledge, templates, best practice and subject matter expertise across GRC and information security disciplines.
*Contribute to service improvement, methodology development and the creation of reusable consultancy collateral.
*Attend industry seminars and events to promote the capabilities of the business and maintain relationships with relevant assessment, certification and cyber security bodies.
*Promote continual improvement within norm’s internal Information Security Management System
and support the maintenance of existing information security and quality certifications.
*Maintain currency in relation to personal accreditation, assessment standards, regulatory developments and relevant industry good practice.
*Complete ad hoc tasks and assignments as requested by management from time to time.
Benefits:
*Opportunity to work with a wide range of clients and industries
*25 holidays + Statutory bank holidays
*3% employer pension contribution
*Supportive, collaborative team environment
*Flexible working arrangements
*Mileage paid
*Food/drinks expenses paid when on client visits
*Perkbox Scheme, Health Insurance, Life Insurance, Critical Illness Cover, Electric Car Scheme
GRC (Governance, Risk and Compliance)
£45,000 - £55,000 depending on experience
REMOTE WORKING
Own transport is essential to fulfil on-site consultancy visits
M-F 8:30 am to 5:30 pm with an hour for lunch
We are seeking a full-time GRC / Information Security Consultant to join our client’s small, rapidly expanding and fast-paced business. The role will focus on helping clients strengthen their information security governance, manage cyber and information risks, and achieve or maintain compliance with recognised standards and frameworks including ISO/IEC 27001, Cyber Assessment Framework (CAF), Cyber Essentials, SOC-2, PCI, DSS, GDPR, and other relevant regulatory or contractual requirements.
This is a customer-facing consultancy role, requiring confident engagement with senior stakeholders, clear communication of risk and control findings, and the ability to translate technical and regulatory requirements into practical business actions.
The ideal candidate will have the following qualifications and/or experience;
Essential:
*At least three years’ experience in an information security, GRC, IT risk, audit, compliance or cyber
security role.
*Strong working knowledge of ISO/IEC 27001, information security governance, risk management and control assurance.
*Experience supporting or delivering ISO/IEC 27001 gap analyses, internal audits, readiness reviews, implementation support or certification support.
*Proven ability to identify,assess and communicate information security risks,control weaknesses and practical remediation actions.
*Excellent written and verbal communication skills, including the ability to produce clear consultancy reports, risk summaries and management recommendations.
*Strong stakeholder management skills with the ability to engage appropriately at operational and management levels.
*Excellent organisation skills, including the ability to manage multiple client tasks or engagements, work under pressure and meet deadlines.
*Relevant professional certification such as ISO/IEC 27001 Lead Auditor, ISO/IEC 27001 Lead Implementer, CISM, CISSP, CRISC or equivalent experience.
*Full UK driving licence.
Desirable:
*Four to five years’ experience in information security consultancy, GRC, IT risk, audit or compliance.
*Experience designing, implementing or maintaining an Information Security Management System.
*Experience of supplier assurance, third-party risk management, data protection impact assessments, business continuity or incident management processes.
*Working knowledge of Cyber Essentials, Cyber Essentials Plus, IASME Governance, GDPR and relevant information security standards or best practice frameworks
*Knowledge of additional frameworks such as CAF, NIS-2, NIST Cyber security Framework, CIS Controls, SOC 2, ISO 22301, ISO 27701 or PCI DSS.
*Experience using GRC, audit management, risk register or reporting tools.
*Hold SC/DV clearance or willingness to undertake security vetting.
*Member of CiSP or another relevant professional community.
*Willingness to study for and attain further related qualifications.
*Experience of implementing and managing ISO 9001.
Key Responsibilities:
*Deliver GRC and information security consultancy services to external clients, including risk assessments, maturity assessments, gap analyses, audit readiness reviews and remediation planning.
*Support clients with ISO/IEC 27001 implementation, internal audit, certification readiness and ongoing ISMS improvement.
*Undertake Cyber Essentials assessments where required.
*Assess customers’cyber security maturity across governance, people,process, technology, data and supplier arrangements.
*Develop, review and improve information security policies, procedures, standards, risk registers, control frameworks and supporting documentation.
*Facilitate client workshops, interviews and evidence reviews to understand business context, risks, obligations and control effectiveness.
*Produce high-quality reports, dashboards and management summaries that clearly communicate findings, risk ratings, priorities and recommended actions.
*Provide pragmatic, risk-based advice to clients, helping them balance compliance requirements, business objectives and operational constraints.
*Support supplier assurance, third-party risk management, data protection, business continuity and incident management activities where required.
*Work closely with internal teams to scope, plan, schedule and deliver client engagements efficiently and to a consistently high standard.
*Support colleagues by sharing knowledge, templates, best practice and subject matter expertise across GRC and information security disciplines.
*Contribute to service improvement, methodology development and the creation of reusable consultancy collateral.
*Attend industry seminars and events to promote the capabilities of the business and maintain relationships with relevant assessment, certification and cyber security bodies.
*Promote continual improvement within norm’s internal Information Security Management System
and support the maintenance of existing information security and quality certifications.
*Maintain currency in relation to personal accreditation, assessment standards, regulatory developments and relevant industry good practice.
*Complete ad hoc tasks and assignments as requested by management from time to time.
Benefits:
*Opportunity to work with a wide range of clients and industries
*25 holidays + Statutory bank holidays
*3% employer pension contribution
*Supportive, collaborative team environment
*Flexible working arrangements
*Mileage paid
*Food/drinks expenses paid when on client visits
*Perkbox Scheme, Health Insurance, Life Insurance, Critical Illness Cover, Electric Car Scheme
Job number 3942787
Increase your exposure to recruiters with ProJobs
Thousands of recruiters are looking for you in the Job Master profile database, increase your exposure 4 times with a ProJob subscription
You can cancel your subscription at any time.