Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Advise clients on cybersecurity governance and manage compliance frameworks across various sectors.
- Company: Join a leading firm focused on enhancing cyber risk management and information security.
- Benefits: Enjoy competitive salary, private healthcare, hybrid work options, and 25+ days annual leave.
- Why this job: Make a real impact in cybersecurity while developing your skills in a dynamic environment.
- Qualifications: Deep knowledge of ISO 27001, NIST, GDPR, and experience in risk assessments required.
- Other info: Access to industry events and ongoing professional development opportunities.
The predicted salary is between 36000 - 60000 £ per year.
We are seeking an experienced GRC Consultant to support and advise clients in managing cyber risks, ensuring compliance with industry standards, and implementing robust information security governance frameworks. You will work across multiple sectors, helping clients improve their risk posture through audit readiness, control assessments, policy development, and regulatory compliance. The ideal candidate will have deep knowledge of security frameworks (ISO 27001, NIST, CIS), regulatory mandates (GDPR, DORA, PCI DSS), and a strategic approach to enterprise-level governance and risk programs.
Job Responsibilities
- Advise clients on cybersecurity governance, risk management, and compliance frameworks
- Perform risk assessments, control gap analyses, and audits (ISO 27001, SOC 2, etc.)
- Develop and implement information security policies, procedures, and risk registers
- Lead client engagements related to GDPR, DORA, and other regulatory requirements
- Support third-party vendor risk assessments and due diligence activities
- Prepare reports and recommendations for CISO, board, and audit committee presentations
- Contribute to certification readiness and internal audit programs
- Collaborate with technical teams to align risk controls with business strategy
Requirements
- In-depth knowledge of ISO 27001, NIST CSF, GDPR, and risk management frameworks
- Experience performing security risk assessments, internal audits, and compliance reviews
- Strong understanding of cybersecurity controls, regulatory mandates, and business risk alignment
- Excellent client communication, stakeholder management, and reporting skills
- Familiarity with GRC platforms (e.g., RSA Archer, ServiceNow GRC, LogicGate)
Desired Skills
- Certifications such as CISM, CRISC, ISO 27001 Lead Auditor, or similar
- Experience working with financial services, healthcare, or SaaS industries
- Understanding of emerging regulations (e.g., DORA, NIS2, AI Act)
- Cloud compliance knowledge (e.g., CSA CCM, AWS/Azure/GCP compliance)
- Familiarity with SOC 2, PCI DSS, HIPAA frameworks
Benefits
- Competitive salary with performance-based bonus
- Private healthcare pension scheme
- Hybrid or remote work options
- Ongoing professional development and certification support (CISM, CRISC, ISO Lead Auditor)
- 25+ days annual leave
- Access to cybersecurity conferences and industry events
GRC Consultant in London employer: MastarRec
Contact Detail:
MastarRec Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land GRC Consultant in London
✨Network Like a Pro
Get out there and connect with folks in the industry! Attend events, webinars, or even local meetups. The more people you know, the better your chances of landing that GRC Consultant gig.
✨Show Off Your Skills
When you get the chance to chat with potential employers, don’t hold back! Share your experiences with ISO 27001, GDPR, and other frameworks. Let them see how your expertise can help them tackle their cyber risks.
✨Tailor Your Approach
Every client is different, so make sure you adapt your pitch to their specific needs. Highlight your experience with risk assessments and compliance reviews that are relevant to their sector. This shows you’re not just another candidate!
✨Apply Through Us!
Don’t forget to check out our website for the latest GRC Consultant openings. Applying through us gives you a better shot at getting noticed, plus we’re here to support you every step of the way!
We think you need these skills to ace GRC Consultant in London
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the GRC Consultant role. Highlight your experience with ISO 27001, GDPR, and any relevant frameworks. We want to see how your skills align with what we’re looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you’re passionate about cybersecurity governance and how your background makes you a perfect fit for our team. Let us know what excites you about this role!
Showcase Your Achievements: Don’t just list your responsibilities; showcase your achievements! Whether it’s leading a successful audit or developing a robust policy, we want to see how you’ve made an impact in your previous roles.
Apply Through Our Website: We encourage you to apply through our website for a smoother process. It helps us keep track of your application and ensures you don’t miss out on any important updates from us!
How to prepare for a job interview at MastarRec
✨Know Your Frameworks
Make sure you brush up on your knowledge of ISO 27001, NIST, and GDPR. Be ready to discuss how you've applied these frameworks in past roles, as this will show your depth of understanding and practical experience.
✨Prepare for Scenario Questions
Expect questions that ask you to solve hypothetical problems related to risk assessments or compliance reviews. Practise articulating your thought process clearly, as this will demonstrate your strategic approach to governance and risk management.
✨Showcase Your Communication Skills
Since client communication is key, prepare examples of how you've effectively communicated complex information to stakeholders. Highlight any presentations you've made to boards or audit committees, as this will showcase your ability to convey important information succinctly.
✨Familiarise Yourself with GRC Tools
If you have experience with GRC platforms like RSA Archer or ServiceNow, be ready to discuss how you've used them. If not, do a bit of research on these tools and be prepared to talk about how they can enhance risk management processes.
