Tech & Digital

GRC professional for Cyber Security Consultancy - remote (UK)

GRC professional required to join expanding boutique Cyber Security Consultancy based on the south coast of England - remote for the most part.

To help support my clients' sustained growth, my client is currently on the lookout for an experienced Governance, Risk & Compliance consultant to join their expanding consultancy team.

They are a relatively small cybersecurity practice (based on the south coast of England), that genuinely strives to put staff before profits. They pride ourselves in cultivating a friendly work environment, where knowledge is shared and invest in training and development is paramount.

They deliver a wide range of cybersecurity consultancy services for both public and private sectors - a lot of work with the NHS so if you have experience working with the National Health Service this will put you in good stead. As a consultant, you'll be delivering various consultancy services to customers, including ISO 27001 gap analysis & consultancy, cyber risk assessments, security posture reviews, vCISO services and Cyber Essentials assessments.

This is an exciting opportunity to be truly valued as a consultant, as you help shape the way they do things and provide excellent consultancy services to customers and partners. If you're tired of working for one of the bigger consultancy practices, where you're treated like just another worker bee on the consultancy production line - this is the role for you!

The role will be predominantly home-based but there may customer and office visits every once in a while.

More specifically, the role will include delivering the following services to our customers and wider partner network:

  • ISO 27001 Implementation and Auditing
  • Security Posture Reviews
  • Policy Authoring & Review
  • Threat Analysis Risk Assessments
  • CIS hardening review of cloud services, such as Microsoft Azure, Amazon AWS & Microsoft 365
  • vCISO & DPO services
  • GDPR Gap Analysis & Consultancy
  • Security Awareness Training
  • Cyber Essentials Assessments
  • Adhoc Cybersecurity Consultancy

You will also be responsible for working with the internal team to ensure that the company remains compliant with their own ISO 27001 certification. This will involve carrying out internal audits and ensuring that ISO management systems are running smoothly.

Successful candidates for this role will have the following :

  • Relevant and current industry-recognised certification (such as CISSP, CISM or ISO27001 Lead Auditor / Implementer)
  • At least 5 years experience in a customer-facing GRC consultancy role
  • Excellent written English skills
  • Able to communicate with customers and stakeholders on all levels - from developers and systems administrators through to less-technical senior board members
  • Able to work well on your own but also as part of the wider consultancy team on larger engagements
  • Must currently hold or be able to obtain UK Government SC clearance
  • Ability to manage multiple jobs for multiple customers concurrently
  • Highly motivated team player with a "can do" attitude
  • Good understanding of Amazon AWS, Microsoft Azure and Microsoft 365
  • An understanding of common security threats, vulnerabilities and common technical security controls and concepts

Experience in any of the following areas is also highly beneficial to be selected for this role:

  • Operational Technology (OT) / SCADA environments
  • NHS Data Security and Protection Toolkit (DSPT)
  • GDPR
  • NIST 800-53 controls
  • CIS hardening guides and controls
  • NIS directive
  • PCI-DSS
  • IEC 62443 standard
  • HSE OG-86 controls

Successful candidates for this role will attract the following benefits:

  • Competitive salary which is based on qualifications & experience.
  • Full-time or Part-time role available