GRC Consultant - Cyber Essentials Plus Assessor
Are you an experienced Cyber Essentials Plus Assessor looking to take on diverse, challenging projects across multiple security frameworks?
Join our growing GRC team and lead high‐impact engagements that help organisations strengthen their cyber resilience and compliance posture.
The Role
As a GRC Consultant specialising in Cyber Essentials Plus, you’ll plan and deliver a broad portfolio of client engagements. You’ll take ownership of both Cyber Essentials and Cyber Essentials Plus assessments end-to-end, while also supporting wider security, governance, and compliance initiatives. You will also mentor the CE assessment team and grow the capability internally to deliver these assessments at scale.
This is a hands‐on consultancy role working directly with clients. You will be leading assessments, producing high‐quality deliverables, and shaping their security maturity journey.
What You’ll Do
Cyber Essentials & CE Plus Delivery
- Lead end‐to‐end Cyber Essentials and Cyber Essentials Plus engagements
- Run complex scoping workshops, readiness assessments, evidence reviews, and vulnerability management activities
- Advise on segmentation, scope reduction, and remediation strategies
Broader Security & Compliance Consulting
- As part of this role, you will also have the opportunity to get involved with the wider spectrum of Cyber Maturity reviews and compliance assessments, becoming a fully rounded consultant in this field.
- Support security maturity & gap assessments across frameworks including: PCI DSS, ISO 27001, NIST CSF, CIS Controls, SCF, NCSC CAF, TISAX, SWIFT CSP, DORA, GDPR
- Contribute to vCISO engagements, including governance, policy development, and exec‐level reporting
- Perform reviews of technical controls, secure development practices, DevOps pipelines, and cloud architectures (AWS/Azure)
Scoping & Pre‐Sales
- Provide expert input during pre‐sales discussions
- Support the creation of high‐quality, bespoke Statements of Work
- Engage with clients to clarify scope, requirements, and expectations
Assessment Delivery & Reporting
- Conduct security assessments across multiple service lines
- Lead multi‐phase and enterprise‐scale projects
- Produce tailored, high-quality reports with actionable, prioritised recommendations
- Deliver findings to both technical and non‐technical audiences
Internal Contribution
- Share knowledge and mentor peers
- Support updates to methodologies, documentation, sample reports, and templates
What You’ll Bring
Experience
- Minimum 2+ years delivering Cyber Essentials Plus engagements
- Strong understanding of security frameworks such as: ISO 27001, NIST CSF, CIS Controls, PCI DSS
Qualifications
- Required: IASME Lead Assessor for Cyber Essentials & Cyber Essentials Plus
- Desirable: One or more of: PCI QSA, CISA, CISM, CISSP, CRISC, ISO 27001 Lead Auditor/Implementer
Technical Competence
Experience across a range of technologies including: firewalls, IDS/IPS, anti‐malware, SIEM/logging, patch/change management, and cloud/on‐prem environments (AWS, Azure).
Why Join Us?
- Work on diverse, meaningful security and compliance engagements
- Collaborate with a highly skilled GRC team
- Opportunity to broaden your expertise across multiple frameworks
- A role where your expertise directly shapes client security outcomes
If you're ready to take the next step in your GRC career and work across varied, impactful engagements, we’d love to hear from you.