Cyber Security Consultant - GRC

Join to apply for the Cyber Security Consultant – GRC role at Sword Group .

Sword is a leading provider of business technology solutions within the Energy, Public, and Finance Sectors, driving transformational change for our clients. We leverage proven technology, specialist teams, and domain expertise to build solid foundations across platforms, data, and business applications. We are passionate about using technology to solve business challenges and work collaboratively with our clients to help them achieve their goals.

About the role:

1. Risk Assessment: Assist in identifying, assessing, and prioritising risks across the organisation. Conduct risk assessments to evaluate the likelihood and potential impact of risks on business operations and objectives.
2. Compliance Monitoring: Monitor regulatory developments and changes in laws, regulations, and industry standards. Assess the organisation\’s compliance with applicable regulations, standards, and internal policies.
3. Resilience Planning: Support the development and maintenance of IT resilience and business continuity plans to ensure the organisation\’s ability to respond to and recover from IT disruptions.
4. Incident Response and Management: Support incident response activities related to disaster recovery, including investigating IT security incidents, breaches, and disruptions.
5. Issue Identification: Identify and document control deficiencies, compliance gaps, and areas for improvement. Collaborate with stakeholders to develop actionable recommendations and corrective plans.
6. Documentation and Reporting: Maintain accurate documentation of risk assessments, compliance reviews, control testing, and remediation efforts. Prepare regular reports for management and stakeholders.
7. Policy and Procedure Development: Assist in creating and maintaining risk management, compliance, and control policies, ensuring alignment with regulatory requirements and industry best practices.
8. Vendor Risk Management Support: Assist in assessing risks associated with third-party vendors and service providers, evaluating controls and contractual adherence.
9. Continuous Improvement: Identify opportunities to enhance risk management and compliance processes; recommend and implement improvements.
10. Project Work: Contribute to projects to ensure GRC requirements are understood and addressed.

Responsibilities & Accountability:

• Support the Global Risk & Compliance Senior Manager in governance, compliance, and risk activities.
• Assist in security, audit, and compliance activities.
• Ensure successful delivery of initiatives within the risk and compliance environment.
• Support improvements in assurance, compliance, and audit activities.
• Address findings from risks or audits.
• Maintain accurate records of risks, events, and issues in the ISMS.
• Support audit investigations and ensure audit activities meet professional standards.
• Work independently using defined processes and procedures.
• Use performance metrics to improve outputs.

May be required to provide out-of-hours support via an on-call rota.

Minimum Requirements:

• Excellent communication skills, both written and verbal, with the ability to convey compliance and risk concepts to technical and non-technical audiences.
• Experience in control management, governance, compliance, IT audits, IS assurance, and risk management programs.
• CISA, CISM, or equivalent certifications preferred.
• BSc or equivalent in an IT-related field preferred.
• Ability to communicate effectively with technical teams to gather information and requirements.
• Understanding of regulatory requirements such as GDPR, Data Protection Act, and industry-specific regulations.
• Experience in implementing compliance and control frameworks.
• Proficiency in IT governance and quality standards.
• Knowledge of security management frameworks like ISO/IEC 27001, ITIL, COBIT, NIST 800-53, and Cybersecurity Framework.
• Strong stakeholder management skills.
• High integrity and professionalism in handling confidential matters.
• Knowledge of risk management tools like OneTrust or similar is preferred.

We value diversity and are committed to creating an inclusive environment. If you feel you have relevant skills and experience, even if not all requirements are met, we encourage you to apply and highlight your transferable skills.

#J-18808-Ljbffr