Cyber Security Consultant (GRC) in Leeds

SEP2 is dedicated to being the trusted partner our customers rely on to enhance and maintain robust cyber security postures. We achieve this through a unique blend of governance, risk, and compliance (GRC) expertise, continuous vulnerability management, and effective human risk services. Our team is a critical component of our customers’ security strategies, enabling them to navigate the complex regulatory landscape and defend against evolving threats. We value continuous improvement, technical excellence, and, above all, exceptional customer service.

Primary Function

Working in the Consultancy arm of the Wingman Security Operations team, this role is primarily responsible for customer engagement, consultancy and report generation of our Wingman GRC (Governance, Risk & Compliance) and Human Risk services. These include vCISO, Vulnerability Management and Security Awareness services. The consultant will be responsible for a set of assigned customers, ensuring that all aspects of their cyber security engagement are maintained. This includes advisory/gap analysis sessions, research on upcoming compliance requirements, working with our wider WSO team on technology enablement and more. This is a full-time position that can be performed fully remotely from the United Kingdom, or for those local to West Yorkshire the option to go into the Leeds office is available.

Main Tasks

• Reporting & Documentation: Produce accurate and high-quality customer-facing reports, including assessment, audit, vulnerability, and attack surface analysis reports.
• Security Posture Assessment: Conduct comprehensive gap analysis sessions, utilising various industry frameworks (e.g., ISO 27001, NCSC CAF), to objectively assess customers’ current security postures and develop clear, actionable roadmaps for improvement.
• Compliance Guidance: Advise customers in critical aspects of industry and regulatory compliance, such as Cyber Essentials, NCSC CAF, and ISO 27001, operating under the guidance and mentorship of the Principal Consultant.
• Tooling Support: Provide expert support to customers on the effective utilisation of GRC and security tools, including Drata, Knowbe4, Qualys, and other relevant platforms.
• Audit Participation: Support both internal and external compliance and assurance audits.
• Cross-Discipline Collaboration: Work closely with customer IT and Cyber Security teams across a variety of security disciplines, including network security, identity and access management, vulnerability management, and secure development lifecycle (SDLC).
• Internal Program Development: Actively participate in the delivery and continuous improvement of our internal information security program.
• Mentorship & Training: Engage in the active mentoring and training of team members, contributing to the overall knowledge and skill advancement within the WSO team.
• Process Management: Confidently create, implement, and strictly adhere to Standard Operating Procedures (SOPs), maintaining an eye for continuous process improvement and optimisation.
• Service Level Management: Ensure all assigned customer tickets and service requests are actively worked on, kept current, and meet and exceed established Service Level Agreements (SLAs).
• Service Review: Support the Head of Service Delivery by contributing to and participating in service review calls with customers.

Person Specific

The successful candidate will demonstrate a blend of technical expertise, professional integrity, and strong interpersonal skills:

• Customer Focus: Possess an unwavering commitment to outstanding customer service.
• Professional Relationships: Capable of establishing and maintaining effective and credible working relationships with colleagues and clients at all levels.
• Communication: Be a highly effective verbal and written communicator, comfortable articulating complex technical concepts to both technical and non-technical audiences.
• Adaptability & Mindset: Capable of quickly adapting to diverse and evolving security situations, applying a pragmatic, solution-oriented mindset to challenges.
• Team Orientation: Be a dedicated, team-orientated individual able to encourage and support colleagues in achieving collective and individual objectives.
• Professional Development: Value and actively engage in continuous professional development (CPD).

Qualifications

Candidates must ideally hold a minimum of one (1) of the following professional certifications:

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• ISO 27001 Internal Auditor

Experience

• Policy Management: Proven experience in previously developing and maintaining information security policies in alignment with recognised standards such as ISO 27001.
• Legislation: A solid contextual understanding of key legislation, such as the UK General Data Protection Regulation (GDPR), the Digital Operations Resilience Act (DORA), and NIS2.
• Risk Management: Practical experience with undertaking basic risk assessments and developing foundational information risk management plans.
• Assurance & Testing: Experience with compliance monitoring and/or controls testing.
• Third-Party Assurance: Prior contribution to developing processes designed to assure the compliance and security posture of third parties/vendors.
• Cloud Security & IT: Demonstrable experience within the wider IT discipline, with particular expertise in the security of major public cloud environments such as AWS, Azure, or GCP.

History

Cyber Security Specialists, SEP2 is an organisation providing advanced cyber security services solutions and tech-driven services powered by passionate and honest people. SEP2 started out in Leeds as an organisation built to add value and do business the right way. We’ve grown, we’ve developed, and we’ve evolved, we’ve taken on experts to expand our knowledge base and technical skills, building a portfolio of accreditations and we’ve developed important relationships with our vendors. SEP2 are an award-winning cyber-security specialist, whose success is built on five values: Passion, People Powered, Committed to Doing Good. Every SEP2 colleague lives these values every day. We have a culture of passionate people who work as a team that will never leave a job incomplete. We believe in giving every member of our team responsibility. We nurture the desire to solve problems at the root cause. We encourage continuous improvement. We’re here to beat the bad guys and we’re here for the long-term.