Junior​/Associate GRC Security Consultant

Location:

UK-based with client site travel as required Seniority Level: Entry-Level

Summary:

The Junior/Associate GRC Consultant role represents an exceptional opportunity for entry-level professionals eager to develop foundational skills in Governance, Risk, and Compliance (GRC) while contributing to the cybersecurity posture of Critical National Infrastructure (CNI) clients. Working under direct supervision, the consultant will gain exposure to UK regulatory frameworks such as NCSC Cyber Assessment Framework (CAF), NIS Regulations, and ISO 27001, while building the technical and interpersonal competencies necessary to succeed in GRC consulting.

Conduct compliance assessments aligned with UK regulatory frameworks (NCSC CAF, NIS Regulations, and ISO 27001) under the guidance of senior team members.

• Assist in the development of governance documentation, including policies, procedures, and control frameworks, ensuring alignment with best practices.
• Perform basic gap analysis and control testing activities, documenting findings in accordance with established methodologies.
• Participate in facilitated risk assessment workshops, supporting documentation of risks, controls, and mitigation strategies.
• Contribute to high-quality deliverables, including executive summaries, compliance matrices, remediation plans, and tailored client recommendations.
• Maintain documentation standards, adhering to quality assurance processes.
• Support pre-sales activities through technical input, proposal preparation, and research contributions.
• Participate in internal knowledge-sharing sessions and professional development opportunities to build technical expertise.

0-2 years of experience in cybersecurity, GRC roles, or related consulting positions.

• Fundamental understanding of information security principles, risk management concepts, and basic regulatory requirements.
• Awareness of UK regulatory frameworks such as NCSC CAF, ISO 27001, or equivalent standards.
• Bachelor’s degree in Computer Science, Information Security, Business, or a related field, or equivalent experience.
• Foundation-level certifications (e.g., Security+, CISSP Associate, ISO 27001 Foundation), or strong commitment toward obtaining relevant certifications within 12 months.

• Entry-level hands‑on experience in information security controls, compliance frameworks, or risk methodologies.
• Familiarity with the Critical National Infrastructure sector or comparable regulated environments.
• Exceptional organizational skills and attention to detail, particularly in technical writing and documentation.
• Technical
  
  Skills:
  
  Basic understanding of cybersecurity controls and frameworks, coupled with willingness to deepen expertise with guidance.
• Documentation:
  Competence in drafting professional reports, regulatory documents, and frameworks, showing clarity and professionalism.
• Analytical Thinking:
  Strong problem‑solving abilities and structured thinking, focusing on accuracy and detail.
• Client Interaction:
  Solid interpersonal communication skills with a collaborative and approachable manner.
• Teamwork:
  Collaborative attitude and eagerness to learn and grow within a supportive mentorship structure.
• Time Management:
  Skill in prioritizing tasks and managing deadlines effectively under supervision.

• Timely completion of assigned tasks within designated scope, budget, and quality standards.
• Positive feedback from senior team members and clients on technical execution.
• Achievement or progress toward relevant professional certifications.
• Demonstrated growth in technical knowledge and consulting competencies.
• Ability to work effectively in client‑facing roles with support from senior colleagues.

• Compliance assessment documents detailing findings, evidence, and analysis under senior review.
• Risk assessment documentation, including risk registers, heat maps, and preliminary mitigation plans.
• Draft governance documents such as policy updates and control implementation frameworks.
• Contribution to strategic sections in proposals, statements of work, and technical summaries.
• Meeting minutes, stakeholder…