Cyber Security Consultant - GRC

Sword is a leading provider of business technology solutions within the Energy, Public, and Finance Sectors, driving transformational change for our clients. We leverage proven technology, specialist teams, and domain expertise to build solid technical foundations across platforms, data, and business applications. Our passion lies in using technology to solve business problems, working closely with clients to help achieve their goals.

About the role:

1. Risk Assessment: Assist in identifying, assessing, and prioritising risks across the organisation. Conduct risk assessments to evaluate the likelihood and potential impact of risks on business operations and objectives.
2. Compliance Monitoring: Monitor regulatory developments and changes in laws, regulations, and industry standards. Assess the organisation\’s compliance with applicable regulations, standards, and internal policies.
3. Resilience Planning: Support the Senior Resilience BCP/DR Advisor in developing and maintaining IT resilience and business continuity plans to ensure the organisation\’s ability to respond to and recover from IT disruptions.
4. Incident Response and Management: Support DR-related incident response activities, including investigating IT security incidents, breaches, and disruptions.
5. Issue Identification: Identify and document control deficiencies, compliance gaps, and areas for improvement. Collaborate with stakeholders to develop actionable recommendations and corrective action plans.
6. Documentation and Reporting: Maintain accurate documentation of risk assessments, compliance reviews, control testing activities, and remediation efforts. Prepare regular reports for management and stakeholders.
7. Policy and Procedure Development: Assist in developing and maintaining risk management, compliance, and control-related policies, procedures, and guidelines, ensuring alignment with regulatory requirements and industry best practices.
8. Vendor Risk Management Support: Assist in assessing and managing risks associated with third-party vendors and service providers, evaluating controls and contractual adherence.
9. Continuous Improvement: Identify opportunities to enhance risk management, compliance, and control processes. Recommend and implement improvements to strengthen the organisation\’s environment.
10. Project Work: Contribute to project activities to ensure GRC requirements are understood and addressed.

Roles and Responsibilities:

Support the Global Risk & Compliance Senior Manager in delivering governance, compliance, and risk activities, including:

• Supporting security, audit, and compliance activities
• Ensuring the successful delivery of initiatives and projects within the Risk and Compliance environment
• Addressing findings from risks or audits
• Maintaining an accurate record of risks, events, and issues in the ISMS
• Supporting internal and external audit investigations
• Ensuring audit activities are conducted according to standards
• Working independently with clearly defined processes
• Using performance metrics to improve output
• Providing out-of-hours support via an on-call rota if required

Requirements:

Key skills and experience include:

• Excellent communication skills, capable of conveying compliance and risk concepts to both technical and non-technical audiences
• Significant experience in control management for governance, compliance, IT audits, IS assurance, and risk management
• CISA, CISM, or equivalent certification preferred
• BSc or equivalent in an IT-related field preferred
• Ability to communicate effectively with technical teams to gather information and requirements
• Understanding of regulatory requirements (e.g., GDPR, Data Protection Act) and industry-specific regulations
• Experience implementing compliance and control frameworks
• Proficiency in IT governance and quality standards
• Knowledge of security management frameworks like ISO/IEC 27001, ITIL, COBIT, NIST standards
• Strong stakeholder management skills
• High integrity and professionalism in handling confidential matters
• Familiarity with risk management tools like OneTrust or similar is preferred

Benefits:

At Sword, we value our people, invest in their development, and foster inclusive teams. Our benefits include:

• Competitive salary
• Personalised career development plans with learning opportunities
• Flexible working arrangements
• Generous annual leave, family-friendly benefits, pension scheme, private health, and well-being schemes

We are committed to diversity and inclusion and are proud to be an equal opportunities employer. If you have relevant skills and experience, please apply, highlighting your transferable skills. Let us know if you require any adjustments during the hiring process.

#J-18808-Ljbffr