Security Consultant GRC

NTT DATA is one of the world's largest global security service providers. We are looking for passionate, curious, and motivated individuals to join our team. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services enables you to achieve great things by working with brilliant colleagues and clients on exciting projects. Our inclusive work environment prioritises mutual respect, accountability, and continuous learning. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation.

Upon joining the NTT DATA UK family, you will experience a culturally diverse organisation living our values of Clients First, Teamwork and Foresight. At NTT DATA UK, we are proud to support and invest in our people. We offer a variety of rewarding career paths and opportunities to develop professionally with access to cutting edge innovation.

Responsibilities

• Governance: direct, oversee, design, implement or operate within enterprise-level cyber and information security structures, policies, procedures, processes and controls to support regulatory, legal, risk, environmental and operational requirements and ensure compliance.
• Policy and Procedure Management: direct, develop or maintain organisational cyber and information security policies, standards and processes, using recognised standards (e.g. ISO/IEC 27000 family, NIST CSF) where appropriate; apply security classifications.
• Risk Management: develop cyber and information security risk management strategies and controls, balancing technical, physical, procedural and personnel controls; identify assets, threats, impacts, and costs to assess vulnerabilities and risks.
• Data Privacy: direct, oversee, design, implement, contribute to, or operate within structures and controls to manage protection of personal data, privacy and human rights, ensuring regulatory compliance (e.g. GDPR, Data Protection).
• Internal Controls Oversight: establish and monitor internal controls to safeguard data and assets, conducting regular reviews and audits.
• Stakeholder Engagement: act as a liaison, guiding internal teams, external partners, and regulatory authorities; provide remediation guidance and prepare management reports to track remediation activities.
• Continuous Improvement: identify opportunities for process enhancements, drive initiatives to bolster governance framework and security posture; assess and test control effectiveness and document compliance levels to identify risks and gaps.

Qualifications

• 5+ years' varied experience in information security, data protection, risk management, enterprise IT, legal or relevant compliance roles.
• Strong understanding of security governance, risk, and compliance frameworks such as ISO 27001, NIST 800-53 / CSF, NIS/NIS2, DORA, UK CNI / OT / IIOT compliance.
• Hands-on experience building credibility with external stakeholders, including enterprise clients, critical system vendors, certification auditors and regulatory bodies.
• Proven leadership skills with the ability to guide and mentor teams and influence senior stakeholders in a GRC, security, or risk management role.
• A hands-on approach balancing strategic oversight with direct involvement in security tasks.
• Excellent communication skills to present complex information clearly to non-technical stakeholders.
• Ability to explain complex topics to a diverse range of audiences.
• Strong attention to detail and the ability to deliver high-quality work.
• A valid right to work in the UK and eligibility to obtain UK SC clearance.
• CISA, CRISC, CISM or CISSP certification are advantageous.

We are an equal opportunities employer and are committed to promoting equity and diversity in our employment practices. We are a Disability Confident Committed Employer and guarantee an interview to applicants who declare a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know.