Security GRC Consultant

Job Title: GRC Security Consultant

Contract Duration: 6 Months

Location: Remote with occasional site visit

Day Rate: Inside IR35 - £550-£700 per day

We are seeking an experienced Security Consultant to join our team on a contract basis. In this role, you will focus on providing expert guidance in information security management, risk assessments, governance, and compliance aligned with industry standards such as ISO27001 and NIST frameworks. Your primary responsibility will be to assess, design, and implement security strategies that mitigate risks and ensure compliance with relevant regulations.

• Design and implement governance frameworks that ensure alignment with ISO27001, NIST, and other relevant standards.
• Develop and maintain risk management strategies, identifying, assessing, and mitigating security risks across the organization.
• Conduct regular compliance assessments and audits to ensure adherence to regulatory requirements (e.g., GDPR, PCI-DSS).

• Implement and manage cybersecurity controls in alignment with the NIST Cybersecurity Framework (CSF).
• Perform gap analyses between current practices and NIST CSF to identify areas for improvement.
• Recommend and implement cybersecurity measures based on NIST standards to enhance the organization's security posture.

• Conduct risk assessments to identify vulnerabilities and threats, proposing solutions for risk mitigation.
• Develop risk treatment plans that prioritize business-critical risks and ensure continuous monitoring and reporting.
• Work closely with cross-functional teams to integrate risk management into day-to-day operations.

• Perform internal security audits to ensure compliance with ISO27001, NIST, and other regulatory frameworks.
• Review and maintain documentation related to compliance audits and risk assessments.
• Collaborate with external auditors during formal audits, providing required evidence and remediation plans.

• Prepare detailed reports on risk assessments, compliance findings, and security governance initiatives for management.
• Document security incidents, non-compliance issues, and corrective actions taken to ensure continual compliance.

• Proven experience as a Security Consultant with a focus on ISO27001, NIST, and risk management frameworks.
• In-depth knowledge of ISO27001 implementation, audits, and continual improvement processes.
• Hands-on experience with NIST CSF, including assessment and control implementation.
• Strong understanding of governance, risk, and compliance (GRC) frameworks, along with regulatory requirements such as GDPR, HIPAA, and PCI-DSS.
• Excellent analytical and problem-solving skills to assess security risks and recommend mitigation strategies.
• Strong communication skills, with the ability to articulate complex security issues clearly to both technical and non-technical stakeholders.
• Experience in preparing detailed audit reports and risk treatment plans.
• Relevant certifications such as ISO27001 Lead Auditor, CISSP, CISM, or CRISC are highly desirable.