GRC Cyber Security Consultant

Empty Box Recruitment Ltd
Fareham, United Kingdom
2 days ago
£45,000 – £55,000 pa

Salary

£45,000 – £55,000 pa

Job Type
Permanent
Work Pattern
Full-time
Work Location
Remote
Seniority
Mid
Education
Degree
Security Clearance
Required
Posted
14 Jul 2026 (2 days ago)

Benefits

25 days holiday + bank holidays 3% employer pension contribution Mileage reimbursement Expenses for food and drinks on client visits Perkbox Scheme Private healthcare Life insurance Critical illness cover Electric car scheme Flexible working

(Cyber) Information Security Consultant

GRC (Governance, Risk and Compliance)

£45,000 - £55,000 depending on experience

REMOTE WORKING

Own transport is essential to fulfil on-site consultancy visits

M-F 8:30 am to 5:30 pm with an hour for lunch

We are seeking a full-time GRC / Information Security Consultant to join our client’s small, rapidly expanding and fast-paced business. The role will focus on helping clients strengthen their information security governance, manage cyber and information risks, and achieve or maintain compliance with recognised standards and frameworks including ISO/IEC 27001, Cyber Assessment Framework (CAF), Cyber Essentials, SOC-2, PCI, DSS, GDPR, and other relevant regulatory or contractual requirements.

This is a customer-facing consultancy role, requiring confident engagement with senior stakeholders, clear communication of risk and control findings, and the ability to translate technical and regulatory requirements into practical business actions.

The ideal candidate will have the following qualifications and/or experience;

Essential:

  • At least three years’ experience in an information security, GRC, IT risk, audit, compliance or cyber

security role.

  • Strong working knowledge of ISO/IEC 27001, information security governance, risk management and control assurance.
  • Experience supporting or delivering ISO/IEC 27001 gap analyses, internal audits, readiness reviews, implementation support or certification support.
  • Proven ability to identify,assess and communicate information security risks,control weaknesses and practical remediation actions.
  • Excellent written and verbal communication skills, including the ability to produce clear consultancy reports, risk summaries and management recommendations.
  • Strong stakeholder management skills with the ability to engage appropriately at operational and management levels.
  • Excellent organisation skills, including the ability to manage multiple client tasks or engagements, work under pressure and meet deadlines.
  • Relevant professional certification such as ISO/IEC 27001 Lead Auditor, ISO/IEC 27001 Lead Implementer, CISM, CISSP, CRISC or equivalent experience.
  • Full UK driving licence.

Desirable:

  • Four to five years’ experience in information security consultancy, GRC, IT risk, audit or compliance.
  • Experience designing, implementing or maintaining an Information Security Management System.
  • Experience of supplier assurance, third-party risk management, data protection impact assessments, business continuity or incident management processes.
  • Working knowledge of Cyber Essentials, Cyber Essentials Plus, IASME Governance, GDPR and relevant information security standards or best practice frameworks
  • Knowledge of additional frameworks such as CAF, NIS-2, NIST Cyber security Framework, CIS Controls, SOC 2, ISO 22301, ISO 27701 or PCI DSS.
  • Experience using GRC, audit management, risk register or reporting tools.
  • Hold SC/DV clearance or willingness to undertake security vetting.
  • Member of CiSP or another relevant professional community.
  • Willingness to study for and attain further related qualifications.
  • Experience of implementing and managing ISO 9001.

Key Responsibilities:

  • Deliver GRC and information security consultancy services to external clients, including risk assessments, maturity assessments, gap analyses, audit readiness reviews and remediation planning.
  • Support clients with ISO/IEC 27001 implementation, internal audit, certification readiness and ongoing ISMS improvement.
  • Undertake Cyber Essentials assessments where required.
  • Assess customers’cyber security maturity across governance, people,process, technology, data and supplier arrangements.
  • Develop, review and improve information security policies, procedures, standards, risk registers, control frameworks and supporting documentation.
  • Facilitate client workshops, interviews and evidence reviews to understand business context, risks, obligations and control effectiveness.
  • Produce high-quality reports, dashboards and management summaries that clearly communicate findings, risk ratings, priorities and recommended actions.
  • Provide pragmatic, risk-based advice to clients, helping them balance compliance requirements, business objectives and operational constraints.
  • Support supplier assurance, third-party risk management, data protection, business continuity and incident management activities where required.
  • Work closely with internal teams to scope, plan, schedule and deliver client engagements efficiently and to a consistently high standard.
  • Support colleagues by sharing knowledge, templates, best practice and subject matter expertise across GRC and information security disciplines.
  • Contribute to service improvement, methodology development and the creation of reusable consultancy collateral.
  • Attend industry seminars and events to promote the capabilities of the business and maintain relationships with relevant assessment, certification and cyber security bodies.
  • Promote continual improvement within norm’s internal Information Security Management System

and support the maintenance of existing information security and quality certifications.

  • Maintain currency in relation to personal accreditation, assessment standards, regulatory developments and relevant industry good practice.
  • Complete ad hoc tasks and assignments as requested by management from time to time.

Benefits:

  • Opportunity to work with a wide range of clients and industries
  • 25 holidays + Statutory bank holidays
  • 3% employer pension contribution
  • Supportive, collaborative team environment
  • Flexible working arrangements
  • Mileage paid
  • Food/drinks expenses paid when on client visits
  • Perkbox Scheme, Health Insurance, Life Insurance, Critical Illness Cover, Electric Car Scheme

Related Jobs

View all jobs
Spotlight

Senior Data Engineer

Lab 1 London, Greater London, United Kingdom
£85,000 – £125,000 pa Hybrid

Cyber Security Consultant

Circle Recruitment Reading, United Kingdom
£55,000 – £65,000 pa Remote

Cyber Security Governance Consultant

83zero London, City And County Of the City Of London, United Kingdom
£80,000 – £100,000 pa Hybrid Clearance Required

Business Development Manager

Lynx Recruitment St. Albans, United Kingdom
£35,000 – £50,000 pa Hybrid Clearance Required

Security Testing Analyst

Oscar Technology London, United Kingdom
£30,000 – £35,000 pa

Senior Product Manager - CISO Advantage

Sophos United Kingdom
Remote

Cyber Security Analyst - Fridays Off

eTech Partners London, United Kingdom
£65,000 – £70,000 pa Hybrid

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.