GRC& Risk and Assurance

Governance, Risk, and Compliance (GRC) ConsultantWalter Everett is a specialist recruitment company, and our client is currently looking to recruit a talented and technical Governance, Risk, and Compliance (GRC) Consultant to join their dynamic and forward-thinking team.This is an exciting opportunity to work on meaningful projects that impact industries worldwide, driving innovative solutions while working with brilliant colleagues and clients.What You’ll Be Doing:Performing enterprise-level risk assessments for large-scale organizationsDrive pragmatic and creative solutions to GRC challenges, leveraging agile methodologies to adapt to new regulations, compliance requirements, and business changes.Foster continuous improvement in GRC processes, improving management information to prioritize risk-based decisions effectively.Lead initiatives to build a culture of accountability and responsibility across engagements.Enhance governance processes and advise on evidencing alignment with regulatory requirements and industry best practices (e.g., Secure by Design, NCSC CAF).Provide security expertise across standards and accreditations, ensuring the effectiveness of the security controls framework and maintaining the Information Security Management System.Derive and deliver documented Information Security Management Plans aligned with regulatory, legal, and compliance standards.Assist in identifying and analyzing emerging cybersecurity vulnerabilities and threats, leading risk mitigation efforts.Work with Service Management to ensure that partners and suppliers adhere to agreed standards and policies, verifying compliance and security KPIs.Collaborate with 1st, 2nd, and 3rd lines of defense on matters related to cybersecurity, data privacy, and regulatory considerations.Lead the development of governance, risk, and compliance aligned to policy, standards, and industry practices.Perform focused risk assessments of services and technologies, including supplier and third-party assessments during onboarding and throughout the contract lifecycle.Chair and coordinate Security Working Groups (SWG) and actively participate in governance forums.What Experience You’ll Bring:Extensive knowledge of GRC frameworks, regulatory compliance, and proactive risk management.Minimum of 10 years’ experience in a GRC role, with at least 5 years in a leadership or managerial position.Relevant certifications such as CISSP, CISM, CCSP, CISA, CRISC, or equivalent experience.Expertise in industry security frameworks such as NIST 800-53, NIST CSF, DORA, and NCSC guidelines.Strong understanding of cybersecurity domains, including network and cloud security, vulnerability management, and third-party supplier risk management.Knowledge of networking (e.g., switching, routing, firewalls).Familiarity with security testing and vulnerability management (e.g., pen testing/ITHC, CVSS/CVE).Experience working with standards such as ISO 27001, 27002, 27017, and 27108.Desirable Skills and Experience:Thrives as a consultant, enjoying the variety and challenges of engaging with different clients and technologies.Proposes security requirements for new systems or changes to existing systems with minimal supervision.Executes technical management tasks for ongoing client projects.Hands-on technical background with a range of technologies and systems.Diversity Statement:Walter Everett is committed to fostering an inclusive and diverse workplace. We are happy to discuss reasonable adjustments and accommodations throughout the recruitment process to ensure everyone has an equal opportunity to succeed.