Vacancy at Reliance Cyber
GRC Consultant
Salary
£ £40,000 - £60,000
Remote working, with travel to London office and client sites
Vacancy listed
14/06/2024
Application deadline
30/09/2024
Details
About the role
At Reliance Cyber, we believe in truly partnering with our customers. Dedicated to safeguarding organisations in today's digital landscape, we protect our clients’ security infrastructure with a 24/7 monitoring service and professional services.
We’re looking for an experienced Governance, Risk and Compliance (GRC) Consultant to join our team. You will provide a range of GRC services to our clients, including ISO27001 internal audits, NIST CSF maturity assessments, incident response planning, crisis simulation workshops with boards, and general consulting.
This opportunity requires someone with strong analytical skills, excellent communication abilities, strong writing skills, and a deep understanding of cybersecurity frameworks and standards. You will work directly with clients to help them manage their information security risks, ensure compliance with various standards and regulatory frameworks, and develop and improve their overall security posture.
The role will be very ‘hands on’ – scoping and delivering consulting projects alongside senior members of the team – and will require someone who is comfortable working independently as well as being able to work directly with clients, adapting to their specific and unique requirements using existing methodologies. A successful candidate will not necessarily have expertise in every aspect of information security, but will be a fast learner, proactive in improving their knowledge base, and be open to taking on unfamiliar tasks.
Reliance Cyber currently works with a number of household names and you will be making a decisive contribution to developing the information security posture of these clients, often with direct access to very senior leaders in these organisations. We have large ambitions to grow the team, take on more large customers with complex requirements and needs. This role is an excellent opportunity for someone who is ready to take on more responsibility and work more autonomously with clients and is eager to grow both personally and professionally in a small and dynamic team.
What you’ll be doing
This role is based in the Professional Services team and reports directly to the Head of Professional Services. You will provide expert guidance and support to clients on GRC-related matters.
Duties and responsibilities:
At Reliance Cyber, we believe in truly partnering with our customers. Dedicated to safeguarding organisations in today's digital landscape, we protect our clients’ security infrastructure with a 24/7 monitoring service and professional services.
We’re looking for an experienced Governance, Risk and Compliance (GRC) Consultant to join our team. You will provide a range of GRC services to our clients, including ISO27001 internal audits, NIST CSF maturity assessments, incident response planning, crisis simulation workshops with boards, and general consulting.
This opportunity requires someone with strong analytical skills, excellent communication abilities, strong writing skills, and a deep understanding of cybersecurity frameworks and standards. You will work directly with clients to help them manage their information security risks, ensure compliance with various standards and regulatory frameworks, and develop and improve their overall security posture.
The role will be very ‘hands on’ – scoping and delivering consulting projects alongside senior members of the team – and will require someone who is comfortable working independently as well as being able to work directly with clients, adapting to their specific and unique requirements using existing methodologies. A successful candidate will not necessarily have expertise in every aspect of information security, but will be a fast learner, proactive in improving their knowledge base, and be open to taking on unfamiliar tasks.
Reliance Cyber currently works with a number of household names and you will be making a decisive contribution to developing the information security posture of these clients, often with direct access to very senior leaders in these organisations. We have large ambitions to grow the team, take on more large customers with complex requirements and needs. This role is an excellent opportunity for someone who is ready to take on more responsibility and work more autonomously with clients and is eager to grow both personally and professionally in a small and dynamic team.
What you’ll be doing
This role is based in the Professional Services team and reports directly to the Head of Professional Services. You will provide expert guidance and support to clients on GRC-related matters.
Duties and responsibilities:
- Conduct and support assessments and audits to ensure compliance with ISO27001, NIST CSF, and other relevant frameworks, identifying opportunities for improvement and providing analysis to the client regarding their compliance status.
- Develop and implement incident response plans tailored to client needs.
- Facilitate crisis simulation workshops with boards and senior management teams to prepare for potential cybersecurity incidents.
- Provide general consulting services, offering expert advice on governance, risk and compliance issues.
- Prepare detailed written reports and recommendations to help clients improve their security posture.
- Maintain up-to-date knowledge of industry standards, regulatory requirements, and best practices.
- Collaborate with sales and technical teams to support client engagements and deliver high-quality services.
- Help support the building of enduring client relationships.
- Suggest pertinent improvements to methodologies, collateral and ways of working as appropriate.
- Create thought leadership that can be used for marketing activities.
- Assist clients in understanding and complying with NCSC CAF, NIS2, and DORA regulations where applicable.
Skills and experience
You will need to demonstrate hands-on experience in a GRC consulting role within the cybersecurity sector. The following list is indicative of skills which would be considered relevant and transferable but not exhaustive.
Essential:
You will need to demonstrate hands-on experience in a GRC consulting role within the cybersecurity sector. The following list is indicative of skills which would be considered relevant and transferable but not exhaustive.
Essential:
- 2-4 years of experience in a GRC consulting role, ideally within a Big 4 firm or equivalent services company.
- Strong working knowledge of ISO27001 and NIST CSF with awareness of other related standards (e.g. ISO suite) and applicable regulations and directives, such as the GDPR.
- Incident response planning experience, ideally with regards to advising clients on IR processes, developing IR plans and conducting readiness assessments
- Proven ability to conduct assessments, audits, and develop compliance strategies.
- Experience of Information and Cyber Security policy development.
- Excellent communication and presentation skills, with experience facilitating workshops and training sessions.
- Proven interpersonal skills and the ability to manage stakeholder, both internal and external.
- Relevant qualifications such as CISSP, CISM, CRISC, or ISO27001 Lead Auditor.
- Strong analytical skills and attention to detail, with a demonstrable ability to visualise, conceptualise, articulate problems and construct solutions
- Ability to work independently and as part of a team, managing multiple client engagements simultaneously.
- Excellent written communication skills: the ability to structure and articulate written communications in a persuasive and succinct form
- Openness to feedback and a ‘self-starter’ mentality.
Hold the Right to Work in the UK and live withing commutable distance to our London HQ.
Desirable:
Desirable:
- Experience with NCSC CAF, NIS2, and DORA regulations.
- Additional certifications or training in related areas.
Experience working with a variety of clients across different industries.
About you
About you
- Passionate about cyber security
- Proactive, “can do” attitude – excited by ‘hands on’ delivery to clients
- Highly professional and respected for integrity Open, honest and a team player
- High work rate, lots of energy and enthusiasm Likes the challenge and change within a smaller, fast-growing business.
- Thrives in a team but with the self-motivation to work autonomously when needed
- Problem solving skills
- Collaborative and inclusive style
We hope that like us, you will be excited about the varied range and fast pace of this key role. We’re looking for candidates with the right behaviours and mindset, as well as hands-on competency. We look forward to meeting you.
Benefits
26 Days' Holidays plus Bank Holidays
5% Employer Pension Contribution
Life Assurance and Private Medical Insurance
Training and Professional Development