Advance Search

Browse CVs

GRC Consultant

Posted 3 days ago

  • Blackfriars, Greater London
  • Permanent
  • doe
  • £70,000 to £75,000 /Yr
  • Sponsored
  • Expires In 25 days

About the job

What you'll be doing:


Using your background in Risk & Compliance, you will help our clients:

  • Assess and test the effectiveness of security controls, and document the compliance levels to identify risks and control gaps.
  • Understanding the Security regulatory landscape that affecting UK & EU business and IT areas.
  • Evaluate security risks against either client risk models or well-known risk &/or control frameworks such as; the ISO3100 series, NIST, ISO270xx series, ISF, CIS, UK CAF, etc,
  • Develop and review security risk models, standards, procedures, and controls to manage client risks.
  • Improve security risk posture through defining a process of improvements, leveraging Risk & Compliance platforms, policy, automation, and the continuous evolution of capabilities.
  • Ensure & evaluate that required and expected security controls are in place and working as they should.
  • Recommend tooling and process improvements and develops reporting metrics, dashboards, and evidence artefacts.
  • Document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.


What experience you'll need:


It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security risk management and have evidence of experience in a number of the following fields of expertise:

  • Demonstrate in-depth knowledge of Risk assessment and risk management methodologies &/or frameworks.
  • Experience in applying & using qualitive / qualitive Risk and/or Threat based risk models
  • Knowledge of UK / EU information security management, governance, and compliance principles, practices, laws, rules and regulations.
  • Experience in implementing and/or operating one or more Security Risk Management, Compliance or Data Protection technology platforms.
  • Experience in implementing and operating one or more of the following:
  • ISO 27001 compliant ISMS
  • PCI DSS / SOX compliance
  • UK NCSC CAF compliance
  • UK or EU GDPR / UK Data Protection compliance
  • NIS/NIS2, DORA compliance
  • UK Operational Resilience / TSA(R) compliance
  • UK CNI / OT / IIOT compliance
  • Cyber and Cloud Security standards & frameworks, supporting architecture, design, operations, controls, technology, solutions, and service orchestration.
  • Core knowledge of Information Technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
  • Information systems auditing, monitoring, controlling, and assessment processes.
  • Knowledge of Incident response management.
  • Outstanding English verbal communication skills with the ability to explain things in a clear and non-technical way.
  • Excellent English writing skills for technical documents and improving processes (such as policies and reports).
  • The ability to explain complex topics to a diverse range of audiences.
  • Strong attention to detail and the ability to deliver high quality work.
  • A valid right to work in the UK.
  • Have held UK SC clearance or be eligible for obtaining UK SC clearance.
  • A relevant and recognised professional Security / Risk / Compliance certification supporting the role, such as; CISSP, PCI ISA, ISO 27001 ISMS Lead Implementer, CRISC, etc.

GCS is acting as an Employment Agency in relation to this vacancy.