GRC Cyber Security Consultant

Halo Personnel Ltd

(Cyber) Information Security Consultant

GRC (Governance, Risk and Compliance)

£45,000 - £55,000 depending on experience

REMOTE WORKING - M-F 8:30 am to 5:30 pm with an hour for lunch

Own transport is essential to fulfil on-site consultancy visits

We are seeking a full-time GRC / Information Security Consultant to join our client’s small, rapidly expanding and fast-paced business. The role will focus on helping clients strengthen their information security governance, manage cyber and information risks, and achieve or maintain compliance with recognised standards and frameworks including ISO/IEC 27001, Cyber Assessment Framework (CAF), Cyber Essentials, SOC-2, PCI, DSS, GDPR, and other relevant regulatory or contractual requirements.

This is a customer-facing consultancy role, requiring confident engagement with senior stakeholders, clear communication of risk and control findings, and the ability to translate technical and regulatory requirements into practical business actions.

The role will include delivering gap analyses, risk assessments, control reviews, audit readiness support, policy and process development, remediation planning and certification support. In addition, the role holder will support the management and continual improvement of norm’s internal ISMS and help ensure the business retains its information security and quality certifications.

The ideal candidate will have the following qualifications and/or experience;

Essential:

At least three years’ experience in an information security, GRC, IT risk, audit, compliance or cyber security role.

Strong working knowledge of ISO/IEC 27001, information security governance, risk management and control assurance.

Experience supporting or delivering ISO/IEC 27001 gap analyses, internal audits, readiness reviews, implementation support or certification support.

Proven ability to identify, assess and communicate information security risks, control weaknesses and practical remediation actions.

Excellent written and verbal communication skills, including the ability to produce clear consultancy reports, risk summaries and management recommendations.

Strong stakeholder management skills with the ability to engage appropriately at operational and management levels.

Excellent organisation skills, including the ability to manage multiple client tasks or engagements, work under pressure and meet deadlines.

Relevant professional certification such as ISO/IEC 27001 Lead Auditor, ISO/IEC 27001 Lead Implementer, CISM, CISSP, CRISC or equivalent experience.

Desirable:

Four to five years’ experience in information security consultancy, GRC, IT risk, audit or compliance.

Experience designing, implementing or maintaining an Information Security Management System.

Experience of supplier assurance, third-party risk management, data protection impact assessments, business continuity or incident management processes.

Working knowledge of Cyber Essentials, Cyber Essentials Plus, IASME Governance, GDPR and relevant information security standards or best practice frameworks

Knowledge of additional frameworks such as CAF, NIS-2, NIST Cybersecurity Framework, CIS Controls, SOC 2, ISO 22301, ISO 27701 or PCI DSS.

Experience using GRC, audit management, risk register or reporting tools.

  • Hold SC/DV clearance or willingness to undertake security vetting.
  • Member of CiSP or another relevant professional community.
  • Willingness to study for and attain further related qualifications.
  • Experience of implementing and managing ISO 9001.

As a GRC / Information Security Consultant, you will receive excellent support and guidance, while being expected to operate confidently as a capable mid-level consultant. The successful candidate will be a self-starter who is comfortable working directly with customers and supporting consultancy engagements from scoping through to delivery.

You will be highly motivated, commercially aware and able to build trusted relationships with clients by delivering pragmatic, risk-based advice. You will have excellent verbal and written communication skills, with the ability to discuss information security, risk, governance and compliance matters with authority and clarity. You will be able to simplify the complexities of cyber security, data protection legislation and assurance frameworks into straightforward business language and actionable recommendations.

You will have demonstrable experience of delivering information security, GRC, audit, compliance or risk management services, ideally in a consultancy or customer-facing environment. This may include ISO/IEC 27001 implementation or audit support, Cyber Essentials assessments, security maturity assessments, risk workshops, control gap analyses, supplier assurance reviews, policy development, data protection support and the production of clear, prioritised remediation plans. You will be well versed in assessing organisations, their information assets, technology risks, governance arrangements and control environments, and capable of producing high-quality reports and recommendations for both technical and non-technical audiences.

This is an all-encompassing role in our client’s company. You will be a consummate professional and work with a high degree of autonomy. The successful candidate will be highly motivated and will enjoy delivering a world-class experience to our client’s customers.

You will be adaptable and flexible in your work and have a positive attitude, constantly striving to do the best for their customers.

Key Responsibilities:

Deliver GRC and information security consultancy services to external clients, including risk assessments, maturity assessments, gap analyses, audit readiness reviews and remediation planning.

Support clients with ISO/IEC 27001 implementation, internal audit, certification readiness and ongoing ISMS improvement.

Undertake Cyber Essentials assessments where required.

Assess customers’ cyber security maturity across governance, people, process, technology, data and supplier arrangements.

Develop, review and improve information security policies, procedures, standards, risk registers, control frameworks and supporting documentation.

Facilitate client workshops, interviews and evidence reviews to understand business context, risks, obligations and control effectiveness.

Produce high-quality reports, dashboards and management summaries that clearly communicate findings, risk ratings, priorities and recommended actions.

Provide pragmatic, risk-based advice to clients, helping them balance compliance requirements, business objectives and operational constraints.

Support supplier assurance, third-party risk management, data protection, business continuity and incident management activities where required.

Work closely with internal teams to scope, plan, schedule and deliver client engagements efficiently and to a consistently high standard.

Support colleagues by sharing knowledge, templates, best practice and subject matter expertise across GRC and information security disciplines.

Contribute to service improvement, methodology development and the creation of reusable consultancy collateral.

Attend industry seminars and events to promote the capabilities of the business and maintain relationships with relevant assessment, certification and cyber security bodies.

Promote continual improvement within norm’s internal Information Security Management System and support the maintenance of existing information security and quality certifications.

Maintain currency in relation to personal accreditations, assessment standards, regulatory developments and relevant industry good practice.

Complete ad hoc tasks and assignments as requested by management from time to time.

Benefits:

  • Opportunity to work with a wide range of clients and industries
  • 25 holidays + Statutory bank holidays
  • 3% employer pension contribution
  • Supportive, collaborative team environment
  • Flexible working arrangements
  • Mileage paid
  • Food/drinks expenses paid when on client visits
  • Perkbox Scheme, Health Insurance, Life Insurance, Critical Illness Cover, Electric Car Scheme
Apply Now →

Application opens at the source listing. Free for jobseekers.