GRC Consultant
Location: London/ Hybrid
Salary: Up to 85,000 DOE
We're looking for a GRC Consultant to come aboard. Using your background in Governance, Risk & Compliance, you will help with the following:
Responsibilities
1. Governance: Direct, oversee, design, implement, or operate within the set of multi-disciplinary structures, policies, procedures, processes, and controls implemented to manage cyber and information security at an enterprise level. Support an organisation's immediate and future regulatory, legal, risk, environmental, and operational requirements and ensure compliance with those requirements.
2. Policy and Procedure Management: Direct, develop, or maintain organisational cyber and information security policies, standards, and processes, using recognised standards (e.g., the ISO/IEC 27000 family, NIST CSF) where appropriate.
3. Risk Management: Develop cyber and information security risk management strategies and controls, considering business needs, balancing technical, physical, procedural, and personnel controls.
4. Data Privacy: Direct, oversee, design, implement, contribute to, or operate within the set of multi-disciplinary structures, policies, procedures, processes, and controls to manage the protection of personal data, privacy, and human rights.
5. Internal Controls Oversight: Establish and monitor internal controls to safeguard data and assets, conducting regular reviews and audits.
6. Stakeholder Engagement: Serve as a liaison, offering guidance and support to internal teams, external partners, and regulatory authorities.
7. Continuous Improvement: Identify opportunities for process enhancements, driving initiatives to bolster governance framework and security posture.
Qualifications
* Strong understanding of security governance, risk, and compliance frameworks such as ISO 27001, NIST 800-53/CSF, NIS/NIS2, DORA, UK CNI/OT/IIOT compliance.
* Hands-on experience building credibility with external stakeholders, including enterprise clients, critical system vendors, certification auditors, and regulatory bodies.
* Proven leadership skills with the ability to guide and mentor teams, as well as influence and collaborate with senior stakeholders.
* A hands-on approach with the ability to balance strategic oversight with direct involvement in security tasks.
* Excellent communication skills, with the ability to present complex information clearly and effectively to non-technical stakeholders.
* Strong attention to detail and the ability to deliver high-quality work.
* A valid right to work in the UK.
* Eligibility to obtain UK SC clearance.
* CISA, CRISC, CISM, or CISSP certification is advantageous.
It starts with amazing people, challenging projects, and a work environment that supports the creation of tangible solutions that make an impact.
#J-18808-Ljbffr