Cyber Security GRC Consultant

About the job you're considering

Job Location:

Salisbury. Onsite 5 days per week.

We are seeking a DV Cleared skilled Security Governance, Risk and Compliance Consultant to support an internal consultancy initiative aimed at aligning contractual security requirements with recognised industry frameworks such as NIST, ISO 27001, and Secure by Design principles. This role plays a key part in ensuring that both client-facing engagements and internal services meet contractual obligations, regulatory standards, and industry best practices.

The successful candidate will be responsible for reviewing existing security controls, identifying gaps and weaknesses, assessing the risks associated with non-compliance, and recommending appropriate mitigation strategies.

Responsibilities include:

• Security Requirements Alignment: Translate contractual and regulatory security requirements into actionable controls aligned with industry frameworks (e.g., ISO 27001, NIST, CIS).
• Risk Assessment & Gap Analysis: Evaluate existing security controls, identify gaps or weaknesses, and assess risks associated with non-compliance or control failure.
• Mitigation Strategy Development: Recommend and support implementation of appropriate mitigation measures to address identified risks and improve security posture.
• Stakeholder Engagement: Collaborate with internal teams, clients, and third-party vendors to ensure security expectations are clearly understood and met.
• Security Assurance Reviews: Conduct assurance activities such as control testing, documentation reviews, and evidence validation to confirm compliance with agreed standards.
• Policy & Process Improvement: Contribute to development and refinement of security policies, procedures, and governance models to enhance operational resilience.
• Audit & Compliance Support: Assist with internal audits, providing evidence and insights to demonstrate compliance with contractual and regulatory obligations.
• Reporting & Documentation: Produce clear, concise reports and dashboards that communicate findings, risks, and recommendations to technical and non-technical audiences.

• Proven experience in security governance, risk and compliance within consultancy or project environments, including client-facing consultancy or internal compliance initiatives.
• Strong understanding of NIST CSF, NIST SP 800-53, NCSC CAF, ISO/IEC 27001.
• Ability to interpret contractual language and translate it into actionable control requirements.
• Experience conducting risk assessments and articulating business and customer impacts.
• Excellent communication skills, with the ability to translate technical findings into business-relevant insights.
• Ability to work independently and meet tight deadlines.

• Certifications such as CISSP, CISA, CRISC, or equivalent.
• Familiarity with additional frameworks (e.g., ISO 22301, ISO 31000, ISO 28000, ITIL, PASTA, OWASP Top 10, PCI-DSS, GDPR).

To be successfully appointed to this role, a Developed Vetting (DV) clearance is required. To obtain DV clearance, the successful applicant must have resided continuously within the United Kingdom for the last ten years, along with other detailed criteria and requirements.

Applicants will undergo pre‑employment checks including identity, nationality, employment history for the past three continuous years, and a criminal record check (Disclosure and Barring Service).

All UK employees are eligible to request flexible working arrangements. The role supports hybrid working days.

We are a Disability Confident Employer.