Security Risk Consultant

Cyber Security Risk & Compliance Framework Consultant (Contract)

Duration: 12 months

IR35: In scope

Rate: £600 per day

Location: 60% on site per month in either Bristol or London

We're looking for an experienced Cyber Security Risk & GRC Consultant to help transform how a large, complex organisation measures, manages, and communicates cyber risk.

This is a high-impact, business-critical role focused on building a clear, practical, and transparent approach to security risk - with a strong emphasis on compliance frameworks, measurable controls, and decision-ready reporting for governance boards.

• Define and implement meaningful cyber security risk metrics aligned to compliance frameworks (e.g. national and international standards)
• Establish a robust, repeatable method to measure performance against these frameworks - turning compliance into something measurable, not theoretical
• Create clear, transparent data that shows:
• Current risk exposure
• Performance against controls
• Trends and direction of travel over time
• Design concise, plain-English reporting for senior stakeholders and governance boards
• No jargon - just clear insight, impact, and action
• Map compliance frameworks to real business risks, bridging the gap between:
• Technical controls
• Governance requirements
• Operational reality
• Build practical reporting artefacts, dashboards, and templates to improve visibility and consistency
• Work closely with stakeholders to ensure outputs are:
• Credible
• Usable
• Aligned to executive decision-making needs

Sought:

• Drive a step-change in how cyber risk is measured, understood, and communicated - using compliance frameworks as the backbone, and clear data as the enabler.
• Strong experience in Cyber Security GRC (Governance, Risk & Compliance)
• Proven ability to work with and measure performance against compliance frameworks
• Deep understanding of:
• Security risk metrics & KPIs
• Risk appetite & governance reporting
• Ability to translate technical security data into plain English insights for senior audiences
• Strong analytical and data skills - able to turn complex datasets into clear narratives
• Solid technical awareness of cyber security principles, controls, and risks (without needing to be hands-on engineering)
• Confident engaging with senior stakeholders and governance boards

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)