Senior Cyber Risk & Compliance Consultant (GRA)

We have an exciting opportunity for a Senior Cyber Risk & Compliance Consultant to join our growing Governance, Risk and Assurance (GRA) team. Within this role, you will utilise your GRA and cyber security expertise to advise clients on ISO27001 and other information security consulting engagements and support in the delivery of complex security programmes.

Responsibilities

• Lead cyber governance, risk and compliance engagements, with primary focus on achieving certification or standards alignment to ISO27001. This will include gap assessments, strategy and planning, implementation support, audit preparation and pre and post certification support.
• Engage with clients to understand their wider threat landscape and business context, conducting risk and compliance assessments against other recognised frameworks and standards (e.g. NIST, SOC 2, DefStan).
• Design, review and advise on the implementation and adoption of information security policies, standards, procedures and frameworks.
• Lead cyber and third-party risk assessments, evaluate supplier security posture, and provide risk-based recommendations for supplier selection and oversight.
• Identify control gaps, document findings, and track remediation activities to support assurance and audit outcomes.
• Produce clear, concise risk and compliance reports for executive and C-suite stakeholders, including prioritised mitigation strategies and improvement roadmaps.
• Contribute to thought leadership and continuous improvement by staying current with industry developments and sharing knowledge across the cyber security community.
• Demonstrate strong communication, stakeholder management and mentoring skills, upholding the highest standards of integrity and professionalism.

About you

• Extensive experience of designing, leading and delivering cyber governance, risk and assurance outcomes, with a proven track record of successfully leading GRC and security assurance initiatives.
• Possess strong knowledge of recognised cyber security frameworks and standards, including ISO/IEC 27001, NIS Directives, NIST, and UK Government Functional Standards, with demonstrable experience aligning security controls to MOD requirements such as DEFSTAN 05-138, JSP 440, JSP 604 and Defence Cyber Resilience policies.
• Experienced in applying UK Government security and assurance frameworks, including GovAssure, the Cyber Assessment Framework (CAF), Defence Cyber Certification (DCC) and Government Standard (GovS) 007.
• Confident communicator, able to clearly articulate cyber risk and the value of security investment to senior leaders, while mentoring and guiding teams to deliver high-quality outcomes.
• Hold a recognised ISO/IEC 27001 Lead Implementer or Lead Auditor certification, alongside other relevant academic or professional qualifications (e.g. MSc in Cyber Security or related specialism, CISM, CISSP, PCIRM).
• Hold, or be working towards, Principal or Chartered Cyber Security Professional (ChCSP) status.
• Eligible to work in the UK and able to obtain and maintain UK security clearances.

What we look for in our people

• Strong alignment with FSP values and ethos.
• Commitment to teamwork, quality and mutual success.
• Proactivity with an ability to operate with pace and energy.
• Strong communication and interpersonal skills.
• Excellent planning and organisational skills.
• Dedication to excellence and quality.

Why work for FSP?

• A collaborative and supportive environment in which you can grow and develop your career.
• The tools and opportunity to do work you can be proud of.
• A chance to work alongside some of the best people in the industry, who always seek to share their knowledge and experience.
• Hybrid working – we empower you to make smart choices about when and where to work to achieve great results.
• Industry leading coaching and mentoring.
• Plus the excellent benefits package we offer at FSP.

About FSP

Founded in 2012, FSP Consulting Services (FSP) are a leading digital transformation specialist, combining real world experience in business strategy, change and adoption and digital solution delivery. As a long-standing Microsoft Solutions Partner, our portfolio of modern workplace, cloud, data, and cyber security offerings, alongside trusted managed services delivery, is driving change for high-profile clients in both the public and private sector. Our work is founded on the commitment to deliver positive impact for both organisations and their people. Behind this commitment is a dedicated employee-first strategy, built around our organisation’s core values: human, inclusive, performance driven, and ambitious.

We are proud to have been recognised by Best Companies™ as a 3-star ‘World Class’ workplace (their highest level of accreditation) in 2024, 2023 and 2022. We have also been awarded a No.1 Best Company to Work For in the UK, in the Technology sector and in the South-East (Regional League Table) in 2023. We have also been recognised three times as No.1 Best Workplace™ in the UK by Great Place to Work®.

FSP is an equal opportunity employer. We consider all applicants for employment regardless of age, disability, sexual orientation, gender identity, family or parental status, race, colour, nationality, ethnic or national origin, religion or belief.

Please note that visa sponsorship is available for some roles, subject to eligibility and business requirements. Research indicates that individuals from underrepresented groups may be less likely to apply where they feel they do not meet every requirement, or where there is uncertainty about who a role is intended for. If you are interested in a role with us but are concerned that you may not meet all the criteria, we encourage you to apply. You may be a strong candidate for this role or for other opportunities within FSP.

We are committed to providing a fair and inclusive recruitment process. If you require any reasonable adjustments to participate fully in an interview or meeting (whether virtual or in person), please let us know.