At a Glance
- Tasks: Lead cyber governance and compliance projects, ensuring ISO27001 certification and risk assessments.
- Company: Join a dynamic team in a leading cybersecurity consultancy focused on innovation.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Mentorship opportunities and a commitment to continuous learning in a supportive environment.
- Why this job: Make a real impact in cybersecurity while working with top-tier clients and frameworks.
- Qualifications: Extensive GRC experience and knowledge of cybersecurity standards like ISO27001 required.
The predicted salary is between 60000 - 80000 Β£ per year.
Role Overview
We have an exciting opportunity for a Senior Cyber Risk & Compliance Consultant to join our growing Governance, Risk and Assurance (GR&A) team.
In this role, you will utilise your GRC and cybersecurity expertise to advise clients on ISO27001 and other information security consulting engagements and support the delivery of complex security programmes.
Responsibilities
- Lead cyber governance, risk and compliance engagements with a primary focus on achieving certification or standards alignment to ISO27001.
This includes gap assessments, strategy and planning, implementation support, audit preparation and pre- and post-certification support.
- Engage with clients to understand their wider threat landscape and business context, conducting risk and compliance assessments against other recognised frameworks and standards (e. g., NIST, SOC 2, Def Stan).
- Design, review and advise on the implementation and adoption of information security policies, standards, procedures and frameworks.
- Lead cyber and third-party risk assessments, evaluate supplier security posture, and provide risk-based recommendations for supplier selection and oversight.
- Identify control gaps, document findings, and track remediation activities to support assurance and audit outcomes.
- Produce clear, concise risk and compliance reports for executive and C-suite stakeholders, including prioritised mitigation strategies and improvement roadmaps.
- Contribute to thought leadership and continuous improvement by staying current with industry developments and sharing knowledge across the cyber security community.
- Demonstrate strong communication, stakeholder management and mentoring skills, upholding the highest standards of integrity and professionalism.
About you
- Extensive experience designing, leading and delivering cyber governance, risk and assurance outcomes, with a proven track record of successfully leading GRC and security assurance initiatives.
- Possess strong knowledge of recognised cyber security frameworks and standards, including ISO/IEC 27001, NIS Directives, NIST, and UK Government Functional Standards, with demonstrable experience aligning security controls to MOD requirements such as DEFSTAN 05-138, JSP 440, JSP 604 and Defence Cyber Resilience policies.
- Experienced in applying UK Government security and assurance frameworks, including Gov Assure, the Cyber Assessment Framework (CAF), Defence Cyber Certification (DCC) and Government Standard (Gov S) 007.
- Confident communicator, able to clearly articulate cyber risk and the value of security investment to senior leaders, while mentoring and guiding teams to deliver high-quality outcomes.
- Hold a recognised ISO/IEC 27001 Lead Implementer or Lead Auditor certification, alongside other relevant academic or professional qualifications (e. g.
MSc in Cyber Security or related specialism, CISM, CISSP, PCIRM).
- Hold, or be working towards, Principal or Chartered Cyber Security Professional (Ch CSP) status.
- Eligible to work in the UK and able to obtain and maintain UK security clearances.
- EEO and Employment Information
FSP is an equal opportunity employer.
We consider all applicants for employment regardless of age, disability, sexual orientation, gender identity, family or parental status, race, colour, nationality, ethnic or national origin, religion or belief.
Please note that visa sponsorship is available for some roles, subject to eligibility and business requirements.
#J-18808-Ljbffr