At a Glance
- Tasks: Lead Cyber Essentials assessments and support diverse security projects.
- Company: Join a dynamic GRC team focused on cyber resilience.
- Benefits: Competitive salary, professional development, and impactful work.
- Other info: Mentorship opportunities and a collaborative environment.
- Why this job: Shape client security outcomes and broaden your expertise.
- Qualifications: Experience with security frameworks and Cyber Essentials assessments.
The predicted salary is between 36000 - 60000 € per year.
Are you an experienced Cyber Essentials Plus Assessor looking to take on diverse, challenging projects across multiple security frameworks? Join our growing GRC team and lead high-impact engagements that help organisations strengthen their cyber resilience and compliance posture.
The Role
As a GRC Consultant specialising in Cyber Essentials Plus, you'll plan and deliver a broad portfolio of client engagements. You'll take ownership of both Cyber Essentials and Cyber Essentials Plus assessments end-to-end, while also supporting wider security, governance, and compliance initiatives. You will also mentor the CE assessment team and grow the capability internally to deliver these assessments at scale. This is a hands-on consultancy role working directly with clients. You will be leading assessments, producing high-quality deliverables, and shaping their security maturity journey.
What You'll Do
- Lead end-to-end Cyber Essentials and Cyber Essentials Plus engagements
- Run complex scoping workshops, readiness assessments, evidence reviews, and vulnerability management activities
- Advise on segmentation, scope reduction, and remediation strategies
- Support security maturity & gap assessments across frameworks including: PCI DSS, ISO 27001, NIST CSF, CIS Controls, SCF, NCSC CAF, TISAX, SWIFT CSP, DORA, GDPR
- Contribute to vCISO engagements, including governance, policy development, and exec-level reporting
- Perform reviews of technical controls, secure development practices, DevOps pipelines, and cloud architectures (AWS/Azure)
- Support the creation of high-quality, bespoke Statements of Work
- Engage with clients to clarify scope, requirements, and expectations
Assessment Delivery & Reporting
- Conduct security assessments across multiple service lines
- Lead multi-phase and enterprise-scale projects
- Produce tailored, high-quality reports with actionable, prioritised recommendations
- Deliver findings to both technical and non-technical audiences
Internal Contribution
- Share knowledge and mentor peers
- Support updates to methodologies, documentation, sample reports, and templates
What You'll Bring
Experience
- Strong understanding of security frameworks such as: ISO 27001, NIST CSF, CIS Controls, PCI DSS
Qualifications
- Required: IASME Lead Assessor for Cyber Essentials & Cyber Essentials Plus
- Desirable: One or more of: PCI QSA, CISA, CISM, CISSP, CRISC, ISO 27001 Lead Auditor/Implementer
Technical Competence
- Experience across a range of technologies including: firewalls, IDS/IPS, anti-malware, SIEM/logging, patch/change management, and cloud/on-prem environments (AWS, Azure).
Why Join Us?
- Work on diverse, meaningful security and compliance engagements
- Collaborate with a highly skilled GRC team
- Opportunity to broaden your expertise across multiple frameworks
- A role where your expertise directly shapes client security outcomes
If you're ready to take the next step in your GRC career and work across varied, impactful engagements, we'd love to hear from you.
GRC Consultant - Cyber Essentials Plus Assessor in London employer: Pen Test Partners
Join a dynamic and innovative GRC team where your expertise as a Cyber Essentials Plus Assessor will directly influence client security outcomes. We offer a collaborative work culture that values professional growth, providing opportunities to mentor peers and broaden your skills across multiple security frameworks. Located in a vibrant area, our company prioritises meaningful engagements and supports a healthy work-life balance, making it an excellent employer for those looking to make a significant impact in the cybersecurity field.
StudySmarter Expert Advice🤫
We think this is how you could land GRC Consultant - Cyber Essentials Plus Assessor in London
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the industry. Attend events, webinars, or even local meetups. The more people you know, the better your chances of landing that GRC Consultant gig.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your past projects and assessments. This will give potential employers a taste of what you can bring to the table, especially in Cyber Essentials Plus assessments.
✨Tip Number 3
Prepare for interviews by brushing up on common questions related to security frameworks. Be ready to discuss your experience with ISO 27001, NIST CSF, and others. We want to see your expertise shine!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are genuinely interested in joining our team.
We think you need these skills to ace GRC Consultant - Cyber Essentials Plus Assessor in London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV reflects the specific skills and experiences that match the GRC Consultant role. Highlight your experience with Cyber Essentials and any relevant security frameworks to show us you’re the right fit.
Craft a Compelling Cover Letter:Use your cover letter to tell us why you’re passionate about cyber resilience and compliance. Share specific examples of past projects or challenges you've tackled, especially those related to Cyber Essentials Plus.
Showcase Your Technical Skills:Don’t forget to mention your technical competencies! We want to see your experience with firewalls, SIEM, and cloud environments like AWS or Azure. This will help us understand how you can contribute to our team.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates during the process.
How to prepare for a job interview at Pen Test Partners
✨Know Your Frameworks
Make sure you brush up on your knowledge of security frameworks like ISO 27001, NIST CSF, and PCI DSS. Be ready to discuss how you've applied these in past roles, as this will show your depth of understanding and practical experience.
✨Prepare for Scenario Questions
Expect scenario-based questions where you'll need to demonstrate your problem-solving skills. Think about specific challenges you've faced in Cyber Essentials assessments and how you overcame them. Use the STAR method (Situation, Task, Action, Result) to structure your answers.
✨Showcase Your Mentoring Skills
Since mentoring is a part of the role, be prepared to talk about your experience in guiding others. Share examples of how you've helped colleagues grow their skills or contributed to team development, as this will highlight your leadership potential.
✨Engage with the Interviewers
Don’t just answer questions; engage with your interviewers. Ask insightful questions about their current projects or challenges they face in the GRC space. This shows your genuine interest in the role and helps you assess if the company is the right fit for you.
