Security Consultant - Governance Risk and Compliance

  • Job Reference: ST/7334
  • Date Posted: 6 November 2019
  • Recruiter: 2 Source Talent
  • Location: UK Wide
  • Salary: £60,000 to £65,000
  • Sector: IT & Informaton Security
  • Job Type: Permanent
  • Work Hours: Full Time
  • Contact: Admin admin
  • Email:

Job Description

Our client a Managed Security Service Provider is looking for a IT Security Consultant due to rapid growth within the cyber team. Our client have a strong technical testing and consultancy core which enables them to offer advice, operations and remediation in tandem with the wider technology services operations. 

As an IT Security Consultant you should be an ambitious individual with the ability to help secure customers and keep malicious acts at bay. 

•Candidates in this role will engage with clients on point-in-time and on-going cyber security projects defining and delivering solutions to meet the client’s needs.
•You will establish and maintain processes, tooling and metrics that help provide a high level of productivity, supportability, and operational readiness while also participating in project planning activities such as service enhancements.
•Candidates will also coach and mentor co-workers on governance, risk and compliance issues and verify that they follow process to ensure all projects are delivered with the highest quality. 
•Gap Analysis, Risk Assessments, Auditing and  ISMS Implementation etc. 
•Develop and maintain delivery processes for the GRC services to ensure they are operating effectively and keeping up with latest developments in security strategy and security standards. 
•Deliver security engagements on and off client sites around the UK and occasionally internationally. 
•Develop, maintain, and continually improve tooling that supports the delivery process for GRC services.
Skills and Experience: 

Candidates must have deep understanding of ISO27001. 

This is a Consulting Role so candidates will also have had experience with some of the following:
Gap Analysis
•Risk Assessments
•ISMS Implementation
•Policies and Procedures
•Cyber Strategy Consulting
•ISMS Implementation
Industry recognized qualifications would also be beneficial but not necessary, including by not limited to:
•ISC2 certifications (CISSP, SSCP, CCSP, or CAP)
•ISACA certifications (CISM, CISA, or CRISC)
•SANS certifications (GSEC, GCED, or GCFA)
•CompTIA certifications (Security+, Network+, A+ or Cloud+)
•ISO 27001 certifications (Internal Auditor, Lead Auditor or Lead Implementer)
•Demonstrable experience in a related security or management consultancy role 
•Awareness of cyber-attack techniques and how protective monitoring systems can be used for detection, mitigation, remediation and protection 
•Experience in risk assessment/analysis methodologies 
•Good understanding of data privacy laws such as GDPR and ability carry out compliance audits