GRC Consultant (Outside IR35)

Information Security GRC SME – London/Hybrid – (Outside IR35)

La Fosse is partnered with a leading organisation to hire an Information Security GRC Subject Matter Expert. This is a key role within the information security function, focused on enhancing governance, risk, and compliance capabilities across cloud and on-prem environments.

Key Responsibilities:

• Lead the uplift of GRC security policies, standards, and procedures across the organisation.
• Conduct gap analyses on current GRC documentation and implement effective control measures.
• Support risk and control assessments alongside the GRC Manager, documenting and reporting findings.
• Maintain and enhance a security control library, aligned with regulatory and internal standards.
• Perform assurance reviews to ensure compliance with frameworks like NIST, ISO 27001, and PCI-DSS.
• Develop third-party cybersecurity governance to manage vendor and contractor risk.
• Deliver regular reports to senior leadership on KRIs, KPIs, and metrics using live dashboards.
• Act as a knowledge-transfer lead, embedding modern GRC practices into the wider security team.

Requirements:

• Proven experience leading GRC enhancements in both cloud and on-prem environments.
• Strong understanding of frameworks and regulations such as ISO 27001, GDPR, NIST CSF, CIS, and Cyber Essentials Plus.
• Hands-on experience developing security documentation and transitioning it to BAU.
• Background in cloud governance, IAM, Zero Trust, and SASE principles.
• Certifications such as CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Implementer are desirable.
• Strong communication and stakeholder engagement skills with the ability to present GRC work to senior leadership.

Please apply for more information or get in touch for a confidential conversation.

#J-18808-Ljbffr