We are seeking an NPPV Cleared Cyber Security GRC (Governance, Risk, and Compliance) Consultant to join our team on an initial 3 months contract assignment based in Leicester/Remote. (Duration is very likely to extend) Inside IR35 This role involves a blend of strategic advisory services, cyber security assessments and active participation in governance meetings with clients. This is a new role at Telefonica Tech, so the successful candidate will also be involved in helping to develop and refine the Cyber Governance & Advisory service. Key Responsibilities: Conduct bespoke advisory engagements with clients to help them gain answers to cyber security challenges and make key strategic decisions. Perform cyber security assessments against established frameworks to identify weaknesses and recommend mitigations including roadmaps to maturity. Provide expert opinion and insights during governance meetings with clients' senior stakeholders. Facilitate interactive workshops, including tabletop incident response scenarios, to enhance clients' preparedness for cyber threats and help them agree security roles and responsibilities. Work closely with clients to customise security policies to their business requirements. Conduct cyber security risk assessments to support clients' senior decision-making. Operate cyber governance processes for clients, such as maintaining KPIs, running governance forums and performing policy reviews. Contribute to the design and enhancement of our GRC service processes and technologies. Identify opportunities for sales of our broader portfolio of services, in particular the NextDefense suite. Stay abreast of the latest cyber security trends and regulations to advise clients effectively. A recognized cybersecurity qualification (eg, CISSP, CISM, CRISC) is desirable. Minimum of 3 years of experience in a consultancy or security risk management role involving senior stakeholder engagement. Proven track record of delivering GRC or similar services in complex business environments. Strong understanding of cyber security frameworks (eg, NIST, ISO 27001, CIS-18) and typical cyber security controls. Excellent communication and facilitation skills, including written communication skills. Qualifications: Ability to translate technical risks into business language for diverse audiences ADZN1_UKTJ