Junior/Associate GRC Security Consultant

Location: UK-based with client site travel as required

Seniority Level: Entry-Level

Summary: The Junior/Associate GRC Consultant role represents an exceptional opportunity for entry-level professionals eager to develop foundational skills in Governance, Risk, and Compliance (GRC) while contributing to the cybersecurity posture of Critical National Infrastructure (CNI) clients. Working under direct supervision, the consultant will gain exposure to UK regulatory frameworks such as NCSC Cyber Assessment Framework (CAF), NIS Regulations, and ISO 27001, while building the technical and interpersonal competencies necessary to succeed in GRC consulting.

What you’ll bring:

• Conduct compliance assessments aligned with UK regulatory frameworks (NCSC CAF, NIS Regulations, and ISO 27001) under the guidance of senior team members.
• Assist in the development of governance documentation, including policies, procedures, and control frameworks, ensuring alignment with best practices.
• Perform basic gap analysis and control testing activities, documenting findings in accordance with established methodologies.
• Participate in facilitated risk assessment workshops, supporting documentation of risks, controls, and mitigation strategies.
• Contribute to high-quality deliverables, including executive summaries, compliance matrices, remediation plans, and tailored client recommendations.
• Maintain documentation standards, adhering to quality assurance processes.
• Support pre-sales activities through technical input, proposal preparation, and research contributions.
• Participate in internal knowledge-sharing sessions and professional development opportunities to build technical expertise.

What you’ll be doing:

• 0-2 years of experience in cybersecurity, GRC roles, or related consulting positions.
• Fundamental understanding of information security principles, risk management concepts, and basic regulatory requirements.
• Awareness of UK regulatory frameworks such as NCSC CAF, ISO 27001, or equivalent standards.
• Bachelor’s degree in Computer Science, Information Security, Business, or a related field, or equivalent experience.
• Foundation-level certifications (e.g., Security+, CISSP Associate, ISO 27001 Foundation), or strong commitment toward obtaining relevant certifications within 12 months.

Preferred Qualifications:

• Entry-level hands-on experience in information security controls, compliance frameworks, or risk methodologies.
• Familiarity with the Critical National Infrastructure sector or comparable regulated environments.
• Exceptional organizational skills and attention to detail, particularly in technical writing and documentation.

Technical Skills:

• Basic understanding of cybersecurity controls and frameworks, coupled with willingness to deepen expertise with guidance.

Documentation:

• Competence in drafting professional reports, regulatory documents, and frameworks, showing clarity and professionalism.

Analytical Thinking:

• Strong problem-solving abilities and structured thinking, focusing on accuracy and detail.

Client Interaction:

• Solid interpersonal communication skills with a collaborative and approachable manner.

Teamwork:

• Collaborative attitude and eagerness to learn and grow within a supportive mentorship structure.

Time Management:

• Skill in prioritising tasks and managing deadlines effectively under supervision.

Success Metrics (6-12 Months):

• Timely completion of assigned tasks within designated scope, budget, and quality standards.
• Positive feedback from senior team members and clients on technical execution.
• Achievement or progress toward relevant professional certifications.
• Demonstrated growth in technical knowledge and consulting competencies.
• Ability to work effectively in client-facing roles with support from senior colleagues.

Typical Deliverables:

• Compliance assessment documents detailing findings, evidence, and analysis under senior review.
• Risk assessment documentation, including risk registers, heat maps, and preliminary mitigation plans.
• Draft governance documents such as policy updates and control implementation frameworks.
• Contribution to strategic sections in proposals, statements of work, and technical summaries.
• Meeting minutes, stakeholder workshops documentation, and initial drafts of executive presentations.
• Research notes and analysis on regulatory trends relevant to CNI practice areas.

Working Arrangements and Compensation:

• Structured onboarding with direct access to mentorship from P2 consultants and practice leadership.
• Allocation of training time (approximately 30-40% in initial year) to build fundamental knowledge and certifications.
• Hybrid working model: Combination of remote support and travel to client sites 2-3 days per week.
• Exposure to diverse sectors within Critical National Infrastructure (water, energy, telecommunications).
• Competitive entry-level salary package, inclusive of certification reimbursement, health benefits, and access to industry events.

We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation.

We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network. For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA.

We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options. You can find more information about NTT DATA UK & Ireland here: https://uk.nttdata.com/.

We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.