Cyber Security Consultant - Governance, Risk Management, and Compliance (GRC)
Posted on Jan 4, 2023 by Methods Business and Digital Technology Limited
Methods are currently looking for an experienced Cyber Security Consultant with extensive Governance, Risk Management, and Compliance experience.
The Cyber Security Consultant will have the following responsibilities:
- Ability to research, articulate, pitch complex and innovative security advice, at both business and technical levels, for new or existing problems, with the objective to justify and communicate decisions directly to key customer stakeholders including senior management.
- Able to understand and comprehend the impact of decisions, balancing requirements and deciding between approaches
- Develop vision, principles and strategy for security for multiple projects or technologies; working in a particular field as subject matter expert, to support a team in delivering engagements at scale, which may require subtle security needs and requirements, contributing to development of information security policy, standards, procedures and guidelines.
- Effective business acumen and an understanding of the cyber security challenges faced by client, with the objective to develop our cyber assurance practice, by supporting business development and practice management.
- Experience of identifying and applying security risk and familiarity with common control frameworks, with the ability investigating major breaches of security and recommending appropriate control improvements.
- Maintaining awareness of key business and industry trends and understanding how they impact responses to cyber risk, with the contribution of the development of our team through training and coaching.
- Managing, delivering, leading cyber security and cyber risk assignments, with the management of portfolio of clients, across a variety of sectors and locations, including producing documentation, presentation, reports, recommendations and quality assuring, for the work produced by team members and being the point of escalation for lower grade roles.
- Providing our clients with trusted advice, rooted in a pragmatic and agnostic understanding of their business situation and objectives, to help them navigate complex, risk-driven cyber decisions.
- Working as a subject matter expert in your particular field, owning and delivering initiatives to embed quality through learning and other activity, working seamlessly and collaboratively with colleagues and clients from other service lines, supporting a team or colleagues to deliver engagements at scale, with the appropriate reach and influence across the teams and communities.
- Managing diverse teams within an inclusive team culture where people are recognised and encouraged for their contribution.
Essential Skills and Experience:
- An experienced consultant with a background in Cyber Security
- Significant experience of leading complex cyber risk assurance engagements.
- Significant experience of working with internal audit teams, and understanding of internal audit practice and controls.
- Significant experience of assessing and reviewing cyber risks and controls.
- Significant experience of testing wider, general technology controls.
- Significant experience of interacting with senior client stakeholders.
- Demonstrable experience of people leadership.
- A technology, security and privacy related background.
- Ability to think creatively, generate innovative ideas, challenge the status quo and deliver effectively with what can often be ambiguous requirements or environments.
- Corporates and financial services industry specialism is desired.
- A proactive mind-set, with the ability to take responsibility and drive key actions forward coupled with excellent oral and written communication skills to aid effective interaction with senior clients and stakeholders.
- Experience of working with a C-suite and IT/Security Managers;
- Broad range of security experience with a distinct specialism in one or several of the following areas:
- Cyber strategy and transformation programmes or security change initiatives;
- Security target operating models;
- Cyber governance, risk management/assessment and compliance;
- Third party cyber risk management and assessment;
- Security architecture and network infrastructure (eg Firewall rule set review, logging and monitoring capability, network segregation etc.);
- Security testing process and control (eg penetration testing, vulnerability management and red teaming etc.); and
- Security standards/frameworks (eg ISO 270001, IEC 62443, NIST 800-82, NCSC/CPNI SICS Framework etc.)
- Delivery of client engagements, typically leading the fieldwork using a team of resources, scoping and financial planning, and reporting;
- Delivery of engagements for clients based on complex deliverables and programmes of work, including effective programme, project, financial and people management;
- Experience of developing proposals and tender documentation;
- Strong commercial awareness and business acumen, including a strong understanding of business processes and/or supporting technology;
- Excellent interpersonal skills and experience of developing strong relationships, either as a consultant or within an organisation;
- Able to solve complex problems objectively individually and as part of a team;
- Excellent verbal and written communication skills and the ability to tailor communications to people from a wide range of backgrounds and seniorities; and
- Relevant qualifications, for example CISSP,CISA, CRISC, NCSC-CCP.
Am I the right fit? We're looking for:
- Strong collaboration and team working
- Good Communication skills
- Genuine passion/commitment to improving public services
- A determined and tenacious approach to work
- A creative approach to problem solving
- Good listening and comprehension
- Great stakeholder management
As well as this, we offer:
- Holiday: 25 days a year, plus bank holidays, with the option to buy 5 extra days each year
- Pension: 4% employer contribution and 5% employee contribution
- Discretionary bonus: based on company and individual performance
- Life assurance: 4 times base salary
- Private medical insurance: non-contributory (spouse and dependants included)
- Worldwide travel insurance: non-contributory (spouse and dependants included)
- Enhanced maternity and paternity leave after 18 months service
- Wellness: 24/7 confidential employee assistance programme, including counselling
- Social: Parties and social events, and commitment to charitable causes
- Professional development: access to LinkedIn Learning, and discretionary training budget
- Travel: season ticket loan, cycle to work scheme
- Development access to LinkedIn Learning, a management development programme and training
- Wellness 24/7 Confidential employee assistance programme
Amplify your job search: