GRC Security Consultant

The team you will be working with: GRC Security Consultant Location: UK-based with client site travel as required Seniority Level: Mid-Level

Summary: The GRC Security Consultant role is central to delivering complex Governance, Risk, and Compliance (GRC) engagements independently for Critical National Infrastructure (CNI) clients. As part of NTT DATA UK's Cyber Security Consulting team, this mid-level position empowers individuals to make a tangible impact by leveraging their expertise in UK regulatory frameworks such as the NCSC Cyber Assessment Framework (CAF), ISO 27001, and NIS Regulations. Ideal candidates will excel in client-facing leadership, technical execution, and mentorship roles, advancing both organizational objectives and their personal professional growth.

What you will be doing:

• Lead end-to-end execution of GRC consulting engagements, including compliance assessments, risk reviews, and policy framework development.
• Provide strategic advisory services and manage day-to-day client relationships, acting as a trusted partner in matters of GRC.
• Conduct independent evaluations of compliance aligned with NCSC CAF, ISO 27001, NIS Regulations, and other sector-specific security frameworks.
• Design and implement robust governance frameworks, risk management programs, and compliance tracking systems tailored to client needs.
• Facilitate workshops with client teams (5-20 stakeholders) to address risk assessments, control frameworks, and strategic planning.
• Develop high-quality deliverables such as risk registers, compliance roadmaps, remediation plans, and board presentations.
• Serve as mentor to junior consultants (P1 level), supporting skill development and conducting technical reviews of their work.
• Contribute to business development initiatives, including crafting client proposals, leading pitches, and promoting thought leadership.
• Maintain professional certifications and stay abreast of regulatory changes impacting CNI industries.

What experience you will bring:

• 3-5 years of proven experience in GRC consulting, information security, or cyber risk-related roles.
• Substantial expertise in UK regulatory standards including NCSC CAF, NIS Regulations, ISO 27001, with tangible examples of their application.
• Bachelor's degree in cybersecurity, information assurance, computer science, or related fields. A Master's degree is advantageous.
• Certifications such as CISSP, CRISC, CISM, ISO 27001 Lead Auditor/Implementer, or equivalent professional credentials.
• Demonstrated ability to manage client relationships, deliver advisory services, and oversee workstreams independently.

Preferred Qualifications:

• Experience working within the Critical National Infrastructure sectors (energy, telecommunications, public utilities).
• Background in independently designing and implementing governance programs for enterprise organizations.
• An advanced skill set in risk management methodologies, such as NIST RMF or ISO 31000, used to support client scenarios.

Success Metrics (6-12 Months):

• Delivery of multiple GRC engagements that achieve defined project quality, scope, and timelines.
• Positive satisfaction scores from clients, with repeat engagements from managed accounts.
• Measurable contributions to business development including proposal wins and pipeline generation.
• Effective mentoring and skill upliftment of junior consultants.
• Continued professional qualifications maintained and contributions to compliance framework evolution noted.

Working Arrangements and Compensation:

• Hybrid working model balancing remote work with client site attendance (typically 3-4 days per week at client sites).
• Frequent travel across the UK (up to 60% of time), reimbursed by NTT DATA UK.
• Competitive salary package supplemented with professional certification reimbursements, health coverage, and industry-leading benefits programs.

We are a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation.

We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network. For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA.

What we will offer you:

• We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing.
• Our Learning and Development team ensure that there are continuous growth and development opportunities for our people.
• We also offer the opportunity to have flexible work options.
• We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices.
• We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce.
• We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities.
• In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role.
• If you require any reasonable adjustments during the recruitment process, please let us know.
• Join us in building a truly diverse and empowered team.