GRC Cybersecurity Consultant

We are seeking an experienced GRC Cyber Security Consultant to play a pivotal role in assessing cyber security capabilities, shaping strategic roadmaps, and driving meaningful improvements across complex organisations.

About the Role

You will work closely with CISOs and senior technology leaders to elevate cyber security from a technical function to a strategic business enabler. This role combines hands-on delivery, stakeholder engagement, and business development within a dynamic consulting environment.

Key Responsibilities

• Perform information security maturity assessments and develop actionable security and resilience roadmaps.
• Conduct information security risk assessments and Business Impact Assessments (BIA).
• Design and implement Information Security Management Systems (ISMS).
• Identify, analyse, and embed security and resilience controls (e.g., access management, incident response, continuity planning).
• Measure, monitor, and report on organisational security posture aligned to risk appetite and evolving threats.
• Support CISOs and technology leaders across operational and transformation initiatives.
• Ensure quality and timely delivery of client projects and deliverables.
• Lead post-engagement reviews to drive continuous improvement.
• Build and maintain strategic client relationships and external networks.
• Lead development of innovative client proposals, presentations, and pitches.
• Identify and pursue new business opportunities with minimal oversight.

Required Skills & Experience

• Minimum 5 years’ consulting experience (applications not meeting this criterion will not be considered).
• Strong understanding of the challenges faced by CISOs.
• Solid grasp of risk-based decision-making and information security risk management.
• Experience implementing Cyber, Privacy, and Third-Party standards and frameworks including those from National Institute of Standards and Technology (NIST), MITRE Corporation (MITRE), Information Security Forum (ISF), and International Organization for Standardization (ISO).
• Experience implementing against the UK CAF in telecommunications or other Operators of Essential Services (OES) is advantageous.
• Proven stakeholder management and communication skills.
• Certifications such as CISSP or CISM are advantageous for more experienced candidates.