Associate Consultant GRC in London

The Junior/Associate GRC Consultant role represents an exceptional opportunity for entry-level professionals eager to develop foundational skills in Governance, Risk, and Compliance (GRC) while contributing to the cybersecurity posture of Critical National Infrastructure (CNI) clients. Working under direct supervision, the consultant will gain exposure to UK regulatory frameworks such as NCSC Cyber Assessment Framework (CAF), NIS Regulations, and ISO 27001, while building the technical and interpersonal competencies necessary to succeed in GRC consulting.

Responsibilities

• Conduct compliance assessments aligned with UK regulatory frameworks (NCSC CAF, NIS Regulations, ISO 27001) under the guidance of senior team members.
• Assist in the development of governance documentation, including policies, procedures, and control frameworks, ensuring alignment with best practices.
• Perform basic gap analysis and control testing activities, documenting findings in accordance with established methodologies.
• Participate in facilitated risk assessment workshops, supporting documentation of risks, controls, and mitigation strategies.
• Contribute to high-quality deliverables, including executive summaries, compliance matrices, remediation plans, and tailored client recommendations.
• Maintain documentation standards, adhering to quality assurance processes.
• Support pre-sales activities through technical input, proposal preparation, and research contributions.
• Participate in internal knowledge-sharing sessions and professional development opportunities to build technical expertise.

Success Metrics (6-12 Months)

• Timely completion of assigned tasks within designated scope, budget, and quality standards.
• Positive feedback from senior team members and clients on technical execution.
• Achievement or progress toward relevant professional certifications.
• Demonstrated growth in technical knowledge and consulting competencies.
• Ability to work effectively in client-facing roles with support from senior colleagues.

Typical Deliverables

• Compliance assessment documents detailing findings, evidence, and analysis under senior review.
• Risk assessment documentation, including risk registers, heat maps, and preliminary mitigation plans.
• Draft governance documents such as policy updates and control implementation frameworks.
• Contribution to strategic sections in proposals, statements of work, and technical summaries.
• Meeting minutes, stakeholder workshop documentation, and initial drafts of executive presentations.
• Research notes and analysis on regulatory trends relevant to CNI practice areas.

Benefits & Culture

We offer a range of tailored benefits that support physical, emotional, and financial wellbeing. Our Learning and Development team ensures continuous growth and development opportunities for our people. We offer flexible work options. We are an equal opportunities employer committed to promoting equity and diversity in our employment practices. We are a proud Disability Confident Committed Employer, dedicated to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions to remove barriers to employment opportunities. We guarantee an interview to applicants who declare a disability and meet the minimum requirements for the role. If you require reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.

Qualifications

• 0-2 years of experience in cybersecurity, GRC roles, or related consulting positions.
• Fundamental understanding of information security principles, risk management concepts, and basic regulatory requirements.
• Awareness of UK regulatory frameworks such as NCSC CAF, ISO 27001, or equivalent standards.
• Bachelor's degree in Computer Science, Information Security, Business, or a related field, or equivalent experience.
• Foundation-level certifications (e.g., Security+, CISSP Associate, ISO 27001 Foundation), or strong commitment toward obtaining relevant certifications within 12 months.
• Entry-level hands-on experience in information security controls, compliance frameworks, or risk methodologies.
• Familiarity with the Critical National Infrastructure sector or comparable regulated environments.
• Exceptional organizational skills and attention to detail, particularly in technical writing and documentation.

Key Competencies

• Technical Skills: Basic understanding of cybersecurity controls and frameworks, with willingness to deepen expertise under guidance.
• Documentation: Competence in drafting professional reports, regulatory documents, and frameworks with clarity and professionalism.
• Analytical Thinking: Strong problem-solving abilities and structured thinking, focusing on accuracy and detail.
• Client Interaction: Solid interpersonal communication skills with a collaborative and approachable manner.
• Teamwork: Collaborative attitude and eagerness to learn and grow within a supportive mentorship structure.
• Time Management: Ability to prioritize tasks and manage deadlines effectively under supervision.

We're a business with a global reach that empowers local teams, undertaking exciting work that changes the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues and clients on exciting projects. Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.

Upon joining the NTT DATA UK family, you will experience a culturally diverse organisation living our values of Clients First, Teamwork and Foresight as we partner with our customers every day. At NTT DATA UK, we are proud to support and invest in our people. We offer a variety of rewarding career paths and opportunities to develop professionally—with access to cutting edge innovation.

Onboarding & Work Model

• Structured onboarding with direct access to mentorship from P2 consultants and practice leadership.
• Allocation of training time (approximately 30-40% in initial year) to build fundamental knowledge and certifications.
• Hybrid working model: Combination of remote support and travel to client sites 2-3 days per week.
• Exposure to diverse sectors within Critical National Infrastructure (water, energy, telecommunications).
• Competitive entry-level salary package, inclusive of certification reimbursement, health benefits, and access to industry events.