GRC Consultant
City
Consulting & Corporate Strategy
75000 Annual
Permanent
About the job
What you'll be doing:
Using your background in Risk & Compliance, you will help our clients:
- Assess and test the effectiveness of security controls, and document the compliance levels to identify risks and control gaps.
- Understanding the Security regulatory landscape that affecting UK & EU business and IT areas.
- Evaluate security risks against either client risk models or well-known risk &/or control frameworks such as; the ISO3100 series, NIST, ISO270xx series, ISF, CIS, UK CAF, etc,
- Develop and review security risk models, standards, procedures, and controls to manage client risks.
- Improve security risk posture through defining a process of improvements, leveraging Risk & Compliance platforms, policy, automation, and the continuous evolution of capabilities.
- Ensure & evaluate that required and expected security controls are in place and working as they should.
- Recommend tooling and process improvements and develops reporting metrics, dashboards, and evidence artefacts.
- Document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
What experience you'll need:
It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security risk management and have evidence of experience in a number of the following fields of expertise:
- Demonstrate in-depth knowledge of Risk assessment and risk management methodologies &/or frameworks.
- Experience in applying & using qualitive / qualitive Risk and/or Threat based risk models
- Knowledge of UK / EU information security management, governance, and compliance principles, practices, laws, rules and regulations.
- Experience in implementing and/or operating one or more Security Risk Management, Compliance or Data Protection technology platforms.
- Experience in implementing and operating one or more of the following:
- ISO 27001 compliant ISMS
- PCI DSS / SOX compliance
- UK NCSC CAF compliance
- UK or EU GDPR / UK Data Protection compliance
- NIS/NIS2, DORA compliance
- UK Operational Resilience / TSA(R) compliance
- UK CNI / OT / IIOT compliance
- Cyber and Cloud Security standards & frameworks, supporting architecture, design, operations, controls, technology, solutions, and service orchestration.
- Core knowledge of Information Technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
- Information systems auditing, monitoring, controlling, and assessment processes.
- Knowledge of Incident response management.
- Outstanding English verbal communication skills with the ability to explain things in a clear and non-technical way.
- Excellent English writing skills for technical documents and improving processes (such as policies and reports).
- The ability to explain complex topics to a diverse range of audiences.
- Strong attention to detail and the ability to deliver high quality work.
- A valid right to work in the UK.
- Have held UK SC clearance or be eligible for obtaining UK SC clearance.
- A relevant and recognised professional Security / Risk / Compliance certification supporting the role, such as; CISSP, PCI ISA, ISO 27001 ISMS Lead Implementer, CRISC, etc.
GCS is acting as an Employment Agency in relation to this vacancy.
Share: