Senior Security Consultant (GRA)

We have an exciting opportunity for a Senior Security Consultant to join our growing Governance, Risk and Assurance (GRA) team. Within this role, you will utilise your GRA and cybersecurity expertise to advise clients on information security, lead technical consulting engagements and support in the delivery of complex security programmes.

Responsibilities

• Lead cyber governance, risk and compliance engagements, applying strong knowledge of cyber threats, risks, controls and mitigations to deliver effective security outcomes.
• Engage with clients to understand their threat landscape and business context, conducting risk and compliance assessments against recognised frameworks (e.g. ISO 27001, NIST, SOC 2).
• Design, review and advise on the implementation and adoption of information security policies, standards, procedures and frameworks.
• Lead cyber and third-party risk assessments, evaluate supplier security posture, and provide risk-based recommendations for supplier selection and oversight.
• Identify control gaps, document findings, and track remediation activities to support assurance and audit outcomes.
• Produce clear, concise risk and compliance reports for executive and C-suite stakeholders, including prioritised mitigation strategies and improvement roadmaps.
• Contribute to thought leadership and continuous improvement by staying current with industry developments and sharing knowledge across the cyber security community.
• Demonstrate strong communication, stakeholder management and mentoring skills, upholding the highest standards of integrity and professionalism.

About you

• You have extensive experience of designing, leading and delivering cyber governance, risk and assurance outcomes, with a proven track record of successfully leading GRC and security assurance initiatives.
• You possess strong knowledge of recognised cyber security frameworks and standards, including ISO/IEC 27001, NIS Directives, NIST, and UK Government Functional Standards, with demonstrable experience aligning security controls to MOD requirements such as DEFSTAN 05-138, JSP 440, JSP 604 and Defence Cyber Resilience policies.
• You are experienced in applying UK Government security and assurance frameworks, including GovAssure, the Cyber Assessment Framework (CAF), Defence Cyber Certification (DCC) and Government Standard (GovS) 007.
• You are a confident stakeholder manager, able to clearly articulate cyber risk and the value of security investment to senior leaders, while mentoring and guiding teams to deliver high-quality outcomes.
• You hold relevant academic or professional qualifications, such as an MSc in cyber security or related specialism, CISM, CISSP, PCIRM or ISO/IEC 27001 Lead Implementer or Lead Auditor certification.
• You are eligible to work in the UK and able to obtain and maintain UK security clearances.
• You hold, or are actively working towards, Principal or Chartered Cyber Security Professional (ChCSP) status.

What we look for in our people

• Strong alignment with FSP values and ethos.
• Commitment to teamwork, quality and mutual success.
• Proactivity with an ability to operate with pace and energy.
• Strong communication and interpersonal skills.
• Dedication to excellence and quality.

Who are FSP?

FSP is a leading consultancy specialising in Digital, Security and AI solutions. Our success is enabled by our unwavering commitment to excellence, our people centric culture alongside best-in-class operations, ensuring impactful and sustainable outcomes for our clients. As a long standing and highly accredited Microsoft Partner, with extensive solution designations, we partner with clients across a range of commercial sectors, enabling digital transformation, innovation and robust cyber security. We navigate the complexities of data sensitivity, confidentiality, governance and compliance. We blend strategic insight, depth of technical expertise, delivery and operational excellence to meet the specific requirements outlined. We take a collaborative, one team approach with our clients to drive sustainable change, providing outstanding client experience and delivering exceptional results that are aligned with business priorities. Our commitment to security and quality is reinforced by our ISO27001 and ISO9001 certifications (UKAS), as well as our CREST approved penetration testing and SOC capabilities. Additionally, we are an IASME Cyber Essentials Certification Body and Cyber Essentials Plus certified.

Why work for FSP?

• A collaborative and supportive environment in which you can grow and develop your career.
• The tools and opportunity to do work you can be proud of.
• A chance to work alongside some of the best people in the industry, who always seek to share their knowledge and experience.
• Hybrid working - we empower you to make smart choices about when and where to work to achieve great results.
• Industry leading coaching and mentoring.
• Competitive salary and an excellent benefits package.

Equal and Fair Opportunity

FSP is an equal opportunity employer and we welcome applications from all suitable candidates. We consider all applicants for employment regardless of age, disability, sexual orientation, gender identity, family or parental status, race, colour, nationality, ethnic or national origin, religion or belief. Research suggests that applicants from underrepresented groups are less likely to apply for roles if they do not precisely meet requirements, or if they felt there were clear barriers as to who should apply. If you are excited about a potential role with us but are concerned that you may not be a perfect fit, please do apply, as you may be the ideal candidate for this role or for a different vacancy within FSP. We endeavour to always provide fair opportunity for applicants to showcase themselves in the best way possible during any interviews or meetings. If you require any adjustments for a call or in-person meeting, please let us know.