GRC Consultant

The Role

As part of the Consulting team, you will support both new and existing clients to design, assess, and implement effective cyber security risk management solutions tailored to their needs. Working closely with client stakeholders, you will complement in-house Information and Cyber Security teams by providing expert guidance across information security, solution architecture, and business risk.

You will operate within a Secure by Design framework, taking responsibility for activities such as:

  • Leading and advising on risk management frameworks and Information Security Management Systems (ISMS)
  • Supporting Enterprise Security Risk Management
  • Identifying architectural and security risks
  • Monitoring emerging vulnerabilities and best practice, particularly in cloud environments
  • Delivering security assurance coordination activities
  • Providing pragmatic security and information risk advice

You will play a key role in helping clients make proportionate, risk-based decisions, protect critical assets, and evolve their security architecture across complex technology environments.

The Impact You'll Make

In this role, you will:

  • Provide Secure by Design risk and security assurance services
  • Apply strong knowledge of risk management frameworks
  • Collaborate with multi-disciplinary teams to ensure solutions align with business risk appetite
  • Produce clear, concise reports detailing vulnerabilities, risks, controls, and treatment plans
  • Facilitate security and risk workshops with Authority stakeholders
  • Deliver practical, business-aligned remediation and risk management advice
  • Support security risk assessment within agile delivery environments
  • Demonstrate strong teamwork, communication, and stakeholder engagement skills
  • Apply broad knowledge of cyber security across public and private sectors
  • Understand modern IT and security technologies

Core Expertise

  • Security Assurance Coordinator or Delivery Team Security Lead experience
  • MOD and government standards
  • Secure system design
  • MOD/GDS Secure by Design principles
  • Supplier assurance and supply-chain risk
  • Security legislation
  • Security frameworks: ISO 27001, NIST CSF, CIS Controls v8
  • HMG, NPSA, and NCSC policies and guidance
  • Secure by Design within the SDLC
  • Threat modelling techniques
  • HLD/LLD review and assurance

Technical Knowledge

  • Cloud security
  • Network and infrastructure security
  • AI security and governance
  • ITHC scoping and remediation
  • Cryptography, PKI, Zero Trust, PAM, RBAC, Cross Domain Solutions
  • Cloud security posture management and endpoint security tooling

Qualifications & Certifications

  • Achieved or working toward Full Membership of CIISEC
  • UK Cyber Security Council registration

This role will require you to be willing and eligible to undergo a high level of UK security clearance

If you're interested in the above, apply or reach out to

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason , please let us know when you apply or talk to the recruiters directly so we can support you.

Apply Now
Apply Now

Job Details

Company
Sanderson
Location
London, South East, England, United Kingdom
Employment Type
Full-Time
Salary
Salary negotiable
Posted