Lead Information Security Consultant (GRC)
Job ID: 41707
Location: Birmingham : 1 Trinity Park : Bi
Position Category: Consulting
Position Type: Employee Regular
About LRQA
At LRQA Cybersecurity, our focus is on excellence in cyber security. We have teams that offer world-class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance, and plenty more. Our business is global and so are our clients.
The purpose of this role is to deliver information security consultancy to LRQA clients, specialising in governance, risk and compliance (GRC). As a Lead Consultant, you will work autonomously, supporting colleagues and leading engagements to ensure that delivery of GRC services is effective and within scope and budget.
This role is hybrid, with sporadic travel to client sites and LRQA offices as required.
What You’ll be Doing in Your Role
Key Responsibilities
Delivery
A core competency for this role is the ability to effectively deliver engagements to clients to a consistently high standard. Examples of delivery activities include:
1. Provision of client support to achieve compliance/certification against recognised standards such as ISO 27001, GDPR, NIST CSF, and PCI DSS.
2. Independently conducted ISO/IEC 27001:2022 audit activities.
3. Provision of expert advice to clients on governance structures, including policies, procedures, and controls to achieve compliance and reduce risk exposure.
4. Cybersecurity Maturity Assessment engagements.
5. Facilitation of information asset discovery workshops and engagements.
6. Facilitation of risk assessment workshops and engagements.
7. Delivery of business continuity scenario tabletop exercises.
8. Delivery of external stakeholder training and awareness presentations.
Service Development
Effective service development is key to the success of GRC, and you would contribute by providing guidance and using your subject matter expertise to identify, design, and deliver collateral. Key activities include:
1. Standardisation of all customer-facing collateral used throughout every region.
2. Implementation and development activities around new and emerging frameworks.
3. Improvement/enhancement suggestions for existing collateral.
4. Development of new collateral where required.
5. Collaboration with the developers of LRQA’s portal to aid with integration of Information Security and GDPR requirements.
Business Experience Credentials
1. Degree-level qualification in Computer Science, Computer Engineering, IT, Cyber Security (or a related field) or 5 years of experience in an information security role.
2. Minimum 2 years of experience in delivering consultative engagements using well-known risk management and data security frameworks, standards, and methodologies.
3. Experience in ISO 27001/NIST CSF implementation and use of relevant standards to build control frameworks.
4. Demonstrable experience communicating complex information security concepts to top-level (C suite) management.
5. Experience in cyber resilience planning, security operations, and supporting less experienced security professionals.
6. Effective communication skills and the ability to build rapport with key stakeholders.
7. Experience in some or all of the following areas of information security: GDPR regulation, PCI DSS, CMMC, SOC 2, DORA, NIS 2 Directive, Business Continuity, Physical Security.
What we offer
We are a people-focused, high-performing, high-trust professional services team. You’ll be part of a diverse and growing international group of consultants.
Apply
Are you interested in this job? Apply now via the ‘apply’ button and upload your C.V. and cover letter.
Diversity and Inclusion at LRQA
We are on a mission to be the place where we all want to work and we are passionate about embracing different perspectives because we understand the value this brings to our business, our clients, and each other.
#J-18808-Ljbffr