GRC Lead

GRC Lead

Freelance 60000 - 80000 £ / year (est.) Home office (partial)
Sword

At a Glance

  • Tasks: Design and maintain security governance structures and risk management frameworks for clients.
  • Company: Sword, a leader in business technology solutions across various sectors.
  • Benefits: Competitive salary, flexible working, personalised career development, and comprehensive benefits package.
  • Other info: Join a diverse and inclusive team that values your unique perspective.
  • Why this job: Make a real impact on cybersecurity governance while working with innovative technology.
  • Qualifications: Experience in information security policy, risk reporting, and familiarity with IT security frameworks.

The predicted salary is between 60000 - 80000 £ per year.

Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving real transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals.

This contract engagement represents an opportunity to design and maintain our clients' security governance structures, risk management frameworks, policy ecosystem, and security awareness strategy. This role ensures cybersecurity is effectively governed, risk-managed, and communicated across all levels of the organisation through structured frameworks, stakeholder engagement, and compliance oversight.

Requirements

  • Experience with setting Information Security Policy and Frameworks
  • Experience with Technology Risk Reporting and engagement with Enterprise Risk and Audit Committees
  • Excellent understanding of regulatory frameworks e.g. UK CAF, Cyber Security and Resilience Bill, NIS2
  • Confident engaging senior leadership and explaining the current risk position and options for risk reduction
  • Familiar with IT security frameworks such as the NIST CSF
  • Bachelor’s in CS, InfoSec, or equivalent experience
  • Certifications: GICSP, CISSP, or equivalent qualification

Benefits

This opportunity is offered on a contract basis and can operate Outside IR35 or on a PAYE basis. At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here’s what you can expect as part of our benefits package:

  • Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth.
  • Flexible working: Flexible work arrangements to support your work-life balance. We can’t promise to always be able to meet every request, however, we are keen to discuss your individual preferences to make it work where we can.
  • A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes.

At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don’t tick all the boxes but feel you have some of the relevant skills and experience we’re looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.

GRC Lead employer: Sword

Sword is an exceptional employer that prioritises the growth and well-being of its employees, offering personalised career development plans and a fantastic benefits package that includes flexible working arrangements and comprehensive health support. Our inclusive work culture fosters collaboration and values diverse perspectives, ensuring that every team member can contribute meaningfully to our mission of driving transformational change in the Energy, Public, and Finance sectors.

Sword

Contact Details:

Sword Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land GRC Lead

Get Active on Cybersecurity Forums

Join platforms like Stack Exchange and Reddit’s r/cybersecurity to hang out with industry pros, learn the latest, and share your insights. This will not only boost your visibility but also help you connect with potential clients who might need your freelance services.

Show Off Your Skills with Public Projects

Create a few open-source projects or contribute to existing ones that showcase your cybersecurity skills. Use GitHub to display your work, as this is an excellent way to attract clients looking for freelancers with a proven track record.

Attend Local Conferences and Meetups

Make sure to hit up cybersecurity meetups, workshops, and conferences in your area. These events are goldmines for networking, and you’ll often find people looking for freelancers after a chat over a coffee – so come prepared with your business cards and a killer elevator pitch!

Market Yourself Smartly

Set up a professional website that showcases your portfolio, expertise, and client testimonials. Optimise it for SEO with relevant keywords so potential clients searching for cybersecurity freelancers can easily find you. Don’t forget to link to your site on all your social media and profiles!

We think you need these skills to ace GRC Lead

Information Security Policy Development
Risk Management Frameworks
Regulatory Frameworks Understanding
Technology Risk Reporting
Stakeholder Engagement
Cybersecurity Governance
NIST CSF Familiarity

Some tips for your application 🫡

Show Your Skills Through a Strong Portfolio:Since you're applying for a freelance role in cybersecurity, it's crucial to showcase your technical skills through a detailed portfolio. Include case studies of projects you've worked on, any security tools you've developed or assessed, and specifics on the methodologies you’ve used. This will help Sword understand what you're capable of.

Certifications Matter!:Make sure to list any relevant certifications you hold, such as CISSP, CEH, or CompTIA Security+. Freelance clients often value these credentials as they reflect your expertise and commitment to the field. If you’re actively pursuing more certifications, don’t hesitate to mention that too!

Rates, Availability, and Your Work Style:In your application, it’s essential to be clear about your freelance rates and availability. Clients appreciate transparency. Mention how many hours a week you can dedicate and your preferred working hours, as this sets expectations from the start and shows you're organised and professional.

Tailor Your CV to Highlight Cybersecurity Experience:When crafting your CV, make sure to tailor it specifically to cybersecurity. Highlight projects, tasks, and achievements related to security assessments, vulnerabilities you've mitigated, or compliance work you've undertaken. Keywords relevant to the job can grab attention and increase your chances of landing a spot at Sword.

How to prepare for a job interview at Sword

Showcase Your Cybersecurity Skills

As a freelancer in cybersecurity, it’s crucial we demonstrate not just our knowledge but our practical skills too. Be ready to discuss specific tools you’ve used, like Wireshark or Metasploit, and share relevant experiences where you identified vulnerabilities or mitigated risks in past projects.

Prepare Your Portfolio

Unlike traditional roles, freelancing relies heavily on your portfolio. Let’s curate a selection of past work that showcases our best projects. If we’ve handled penetration tests, audits, or incident responses, be sure to highlight these in your portfolio, and share any client testimonials if we have them.

Stay Updated on Trends and Tools

Cybersecurity is an ever-evolving field, so we should be prepared to chat about recent developments and how they impact our work. Familiarise ourselves with the latest threats, tools, and frameworks, like MITRE ATT&CK, that are pertinent to the projects we’re pitching.

Pitching Your Value as a Freelancer

When freelancing, we often need to negotiate our rates and value propositions. Be ready to explain how our skills can help Sword protect their assets and manage risks. It can help to outline some potential strategies or improvements we could implement for them based on their current setup.