Information Security Consultant - GRC - Evolution Recruitment Solutions

About this role

Information Security Consultant – GRC (Permanent)

£50,000 - £75,000 + excellent benefits

Information Security – GRC Consultant

My client is looking to add various Information Security/GRC Principal/Managing consultants to their growing team. The successful candidate will be an engaging, self-starter who is able to operate with high levels of autonomy and strives for continuous improvement. The candidate should have a track record of leading in the Security GRC domain within highly technology driven environments. They will feel comfortable holding others accountable to compliance and risk management responsibilities and be confident in challenging when needed. The ability to influence cross-functionally and at a senior level and galvanise others behind the importance of risk and compliance will be critical in this role.

Skills

Able to hold others accountable to their responsibilities and influence through encouragement and conveying the value of risk and compliance.

Technology minded without needing to be a deep expert.

An understanding of software development practices and cloud environments, able to understand and build credibility with highly technical teams (e.g. IT, Engineers, Product).

Able to develop and deliver reporting at an Exec level with the confidence to call out deficiencies in a constructive manner.

Develop, implement, and maintain comprehensive security risk management processes to ensure security risks are effectively identified, assessed, and managed.

Identify, evaluate, monitor, and drive accountability for security risk mitigation and control compliance across all the business.

Monitor and analyse emerging threats and trends to proactively identify and adjust security risks and appropriate controls.

Requirements

Experience overseeing risk and compliance activities, including leading the maintenance and improvement of ISO 27001 certified ISMS.

Deep understanding of risk management practices and experience driving risk culture.

Ensure compliance with the Security aspects of applicable laws, regulations, and industry standards including ISO 27001, SOX, PCI DSS, Data Protection.

Relevant certifications in cybersecurity, GRC, or related areas is desirable (e.g., CISM, CISSP, Lead Auditor).

Experience in a technology and software engineering led organisation working with Agile methodologies is desirable.