Security Consultant (GRC)

The team you'll be working with:

NTT DATA is one of the world’s largest global security service providers, partnering with some of the most recognized security technology brands. We’re looking for passionate, curious, and motivated individuals to join our team.

• Governance: Directs, oversees, designs, implements, or operates within multi-disciplinary structures, policies, procedures, processes, and controls to manage cyber and information security at an enterprise level. Supports organizational regulatory, legal, risk, environmental, and operational requirements, ensuring compliance.
• Policy and Procedure Management: Develops or maintains organizational cyber and information security policies, standards, and processes, using recognized standards (e.g., ISO/IEC 27000, NIST CSF). Applies relevant security classifications.
• Risk Management: Develops cyber and information security risk management strategies, considering business needs and balancing various controls. Identifies and assesses vulnerabilities and risks.
• Data Privacy: Oversees policies and controls to protect personal data, privacy, and human rights, ensuring compliance with regulations such as GDPR.
• Internal Controls Oversight: Establishes and monitors internal controls to safeguard data and assets, conducting reviews and audits.
• Stakeholder Engagement: Acts as a liaison, providing guidance and support to internal teams, external partners, and authorities. Tracks remediation activities and reports.
• Continuous Improvement: Identifies process enhancement opportunities, tests security controls, and documents compliance levels to identify risks and gaps.

We value amazing people, challenging projects, and a supportive work environment. You should have broad experience in security risk management and expertise in areas such as:

• 3+ years in information security, data protection, risk management, enterprise IT, legal, or compliance roles.
• Strong understanding of frameworks like ISO 27001, NIST 800-53/CSF, NIS/NIS2, DORA, UK CNI/OT/IIOT compliance.
• Experience working with external stakeholders, including clients, vendors, auditors, and regulators.
• Proven leadership and mentoring skills, with the ability to influence senior stakeholders.
• Hands-on approach, balancing strategic and operational tasks.
• Excellent communication skills for diverse audiences.
• Strong attention to detail and high-quality work delivery.
• Valid right to work in the UK and eligibility for UK SC clearance.
• Certifications such as CISA, CRISC, CISM, or CISSP are advantageous.