GRC Consultant
Job Description
The GRC Consultant (Cyber Assurance / Security Operations Manager) is primarily responsible for ensuring that security controls (people, process, technology) are in place and functioning as intended. The main focus is the design, development, testing, and evaluation of information security throughout its lifecycle to ensure that the business purpose of systems is achieved safely and securely, aligning risks with the business's acceptable risk posture.
What you'll be doing:
- Providing security expertise across standards and accreditations, measuring and controlling the effectiveness of the security controls framework, and maintaining the Information Security Management System.
- Developing and implementing documented Information Security Management Plans that incorporate regulatory, legal, and compliance requirements related to security policies, standards, and guidelines.
- Identifying risks and emerging cyber threats, analyzing them to prioritize and lead risk mitigation efforts.
- Collaborating with Service Management to ensure compliance with standards, policies, and security KPIs among partners and suppliers.
- Working closely with all lines of defense on cyber security, information assurance, cyber risk, and data privacy, including regulatory considerations.
- Leading the development and enhancement of governance, risk, and compliance processes aligned with policies and industry best practices.
- Ensuring continuous assessment, reporting, and analysis of security metrics to support risk-based decision-making.
- Challenging established processes to identify improvements, ensuring all personnel understand their security responsibilities.
- Maintaining documentation related to security controls and processes.
- Developing and maintaining practices to achieve industry standards (e.g., ISO 27001) within relevant regions.
- Proposing and facilitating policy, procedure, and control updates to ensure the integrity of IT services and information assets.
- Conducting risk assessments of services and technologies, including third-party supplier assessments during onboarding and contract management.
- Coordinating audit, ITHC, and risk assurance activities to demonstrate compliance and manage remediation plans.
- Building strong relationships with teams involved in managing information risk.
- Leading and participating in security forums and working groups.
- Supporting data protection risk analysis and mitigation.
- Monitoring security incidents, contributing to response efforts, and implementing necessary policy or control changes.
What experience you'll bring:
- Proven experience delivering security solutions for large-scale infrastructure or transformation projects.
- Knowledge of industry security frameworks such as NIST CSF, NIST 800-53, NCSC CAF.
- Understanding of networking concepts (switching, routing, firewalls).
- Deep knowledge of security concepts, attack vectors, malware, analytics, and threat intelligence.
- Experience with security testing and vulnerability management, including pen testing and CVSS/CVE.
- Familiarity with standards like ISO 27001, 27002, 27017, 27108.
Desirable Skills and Experience:
- Experience with cloud platforms (AWS, Microsoft Azure), including native security features.
- Certifications such as CISSP, CISM, CCSP, CRISC.
- Knowledge of AD, Cryptography, IAM, PKI, server hardening, SIEM, SOAR, VMware.
- Familiarity with MITRE ATT&CK and ITIL frameworks.
Who we are:
We’re a global business empowering local teams, engaged in impactful work that is changing the world. Our portfolio spans consulting, applications, cloud, and infrastructure services, offering opportunities to work on exciting projects with talented colleagues and clients.
Our inclusive environment values mutual respect, accountability, and continuous learning, fostering collaboration, well-being, growth, and innovation. We support various Inclusion Networks, including Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network, and Parent Network.
What we'll offer you:
We provide benefits supporting your physical, emotional, and financial well-being, along with ongoing learning and development opportunities and flexible work options.
We are committed to diversity and inclusion, promoting equity in employment practices and supporting candidates requiring reasonable adjustments during recruitment.
Additional Information:
Back to search | Email to a friend | Apply now
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
