Senior Cyber Risk & Compliance Consultant; GRA

Role Overview

We have an exciting opportunity for a Senior Cyber Risk & Compliance Consultant to join our growing Governance, Risk and Assurance (GR

A) team. Within this role, you will utilize your GR A and cybersecurity expertise to advise clients on ISO
27001 and other information security consulting engagements and support in the delivery of complex security programmes.

• Lead cyber governance, risk and compliance engagements, with primary focus on achieving certification or standards alignment to ISO
  27001. This will include gap assessments, strategy and planning, implementation support, audit preparation and pre and post certification support.
• Engage with clients to understand their wider threat landscape and business context, conducting risk and compliance assessments against other recognised frameworks and standards (e.g. NIST, SOC 2, Def Stan).
• Design, review and advise on the implementation and adoption of information security policies, standards, procedures and frameworks.
• Lead cyber and third-party risk assessments, evaluate supplier security posture, and provide risk-based recommendations for supplier selection and oversight.
• Identify control gaps, document findings, and track remediation activities to support assurance and audit outcomes.
• Produce clear, concise risk and compliance reports for executive and C-suite stakeholders, including prioritised mitigation strategies and improvement roadmaps.
• Contribute to thought leadership and continuous improvement by staying current with industry developments and sharing knowledge across the cyber security community.
• Demonstrate strong communication, stakeholder management and mentoring skills, upholding the highest standards of integrity and professionalism.

• Extensive experience of designing, leading and delivering cyber governance, risk and assurance outcomes, with a proven track record of successfully leading GRC and security assurance initiatives.
• Possess strong knowledge of recognised cyber security frameworks and standards, including ISO/IEC 27001, NIS Directives, NIST, and UK Government Functional Standards, with demonstrable experience aligning security controls to MOD requirements such as DEFSTAN 05-138, JSP 440, JSP 604 and Defence Cyber Resilience policies.
• Experienced in applying UK Government security and assurance frameworks, including Gov Assure, the Cyber Assessment Framework (CAF), Defence Cyber Certification (DCC) and Government Standard (GovS) 007.
• Confident communicator, able to clearly articulate cyber risk and the value of security investment to senior leaders, while mentoring and guiding teams to deliver high-quality outcomes.
• Hold a recognised ISO/IEC 27001 Lead Implementer or Lead Auditor certification, alongside other relevant academic or professional qualifications (e.g. MSc in Cyber Security or related specialism, CISM, CISSP, PCIRM).
• Hold, or be working towards, Principal or Chartered Cyber Security Professional (ChCSP) status.
• Eligible to work in the UK and able to obtain and maintain UK security clearance.

• Strong alignment with FSP values and ethos
• Commitment to teamwork, quality and mutual success
• Proactivity with an ability to operate with pace and energy
• Strong communication and interpersonal skills
• Excellent planning and organisational skills
• Dedication to excellence and quality

• A collaborative and supportive environment in which you can grow and develop your career
• The tools and opportunity to do work you can be proud of
• A chance to work alongside some of the best people in the industry, who always seek to share their knowledge and experience
• Hybrid working – we empower you to make smart choices about when and where to work to achieve great results
• Industry leading coaching and mentoring
• Plus the excellent benefits package we offer at FSP

FSP is an equal opportunity employer and welcomes applications from all suitably qualified candidates. We assess applicants based on their skills, experience, and potential, without regard to age, disability, sexual orientation, gender identity, family or parental status, race, colour, nationality, ethnic or national origin, religion or belief, or any other protected characteristic.

Please note that visa sponsorship is available for some roles, subject to eligibility and business requirements.

Research indicates that individuals from underrepresented groups may be less likely to apply where they feel they do not meet every requirement, or where there is uncertainty about who a role is intended for. If you are interested in a role with us but are concerned that you may not meet all the criteria, we encourage you to apply. You may be a strong candidate for this role or for other opportunities within FSP.

We are committed to providing a fair and inclusive recruitment process. If you require any reasonable adjustments to participate fully in an interview or meeting (whether virtual or in person), please let us know.