Managing Information Security Consultant (GRC)
About LRQA
At LRQA Cybersecurity, our focus is on excellence in cyber security. We have teams that offer world-class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance. Our business is global and so are our clients. We work closely with central banks, local government, critical national infrastructure, large retailers, and more!
We’re an award-winning provider of cyber security services and at a very exciting stage of development. We are looking for the right people to join us as we embrace the challenges posed by advancements within the IT industry and the threats faced. LRQA will be at the forefront of this arena, and we want to seek the right people to join the team and make it happen.
The purpose of this role is to deliver information security consultancy to LRQA clients, specializing in governance, risk, and compliance (GRC). As a Managing Information Security Consultant, you will also assume leadership or management responsibilities, such as people management or service development and ownership.
This role is hybrid, with sporadic travel to client sites and LRQA offices as required.
What You’ll be Doing in Your Role
Key Responsibilities
Delivery
A core competency for this role is the ability to effectively deliver engagements to clients to a consistently high standard. As a Managing Information Security Consultant, you would be expected to drive engagements while supporting other members of the team with the ultimate aim of achieving excellent client satisfaction results.
Examples of delivery activities may include:
1. Provision of client support to achieve compliance/certification against recognized standards such as ISO 27001, GDPR, NIST CSF, and PCI DSS.
2. Long-term strategic consultancy to aid top-level management and key decision-makers in achieving strategic information security objectives.
3. Independently conducted ISO/IEC 27001:2022 audit activities.
4. Provision of expert advice on governance structures, including policies, procedures, and controls to achieve compliance and reduce risk exposure.
5. Cybersecurity Maturity Assessment engagements.
6. Facilitation of information asset discovery workshops and engagements.
7. Facilitation of risk assessment workshops and engagements.
8. Delivery of business continuity scenario tabletop exercises.
9. Delivery of external stakeholder training and awareness presentations.
Leadership
* Mentor, coach, and guide team members to enhance their technical and consulting capabilities.
* Develop and deliver training programs on GRC, risk management, and information assurance best practices.
* Establish thought leadership by contributing to white papers, webinars, and conferences in the GRC space.
* Collaborate with cross-functional teams to drive continuous improvement in service delivery and client satisfaction.
Liaising with the Pre-Sales team and account managers, attend client meetings and scoping calls to aid in the effective scoping of engagements and delivery of customized consultancy services. This will involve:
* Identification of client requirements.
* Consultative sales where a need is identified (Light).
Service Development
Effective service development is key to the success of GRC, and you would contribute by providing guidance and using your subject matter expertise and experience to identify, design, and deliver collateral. Key activities include:
1. Standardization of all customer-facing collateral used throughout every region that we operate in.
2. Implementation and development activities around new and emerging frameworks.
3. Improvement/enhancement suggestions for existing collateral.
4. Development of new collateral where required.
5. Collaboration with the developers of LRQA’s portal to aid with integration of Information Security and GDPR requirements.
Business Experience Credentials
Degree-level qualification in Computer Science, Computer Engineering, IT, Cyber Security (or a related field) or 5 years of experience working within an information security role.
Minimum 5 years of experience in delivering consultative engagements using well-known risk management and data security frameworks, standards, and methodologies.
CISSP/ISSEP (or equivalent) technical information security certification.
CISM/CRISC/CCISO/ISSMP (or equivalent) strategic information security certification.
Experience in ISO 27001/NIST CSF implementation and use of relevant standards to build control frameworks.
Demonstrable experience communicating complex information security concepts to top-level (C-suite) management.
Experience in cyber resilience planning, security operations, and supporting less experienced security professionals.
Effective communication skills and the ability to build rapport with key stakeholders.
Experience in a minimum of seven of the following areas of information security:
1. GDPR regulation
2. PCI DSS
3. CMMC
4. SOC 2
5. DORA
6. NIS 2 Directive
7. Business Continuity
8. Physical Security
What we offer
We are a people-focused, high-performing, high-trust professional services team. You’ll be part of a diverse and growing international group of consultants, and we go out of our way to make sure our consultants feel part of our team. We use technology to ensure we’re always communicating with each other and schedule time every week to talk as a team.
The successful candidate will have opportunities to:
Make a difference: We encourage all employees to challenge norms and empower them to get involved, whether by collaborating with other teams or developing a new service offering.
Get involved: Enjoy blogging or public speaking? Our team is committed to getting involved in industry discussions, attending conferences, and engaging in the infosec community.
Develop their skills: We love learning and ensure we find time for professional development, encouraging knowledge development in new and exciting domains.
Apply
Are you interested in this job? Apply now via the ‘apply’ button and upload your C.V. and cover letter.
#J-18808-Ljbffr