At Walter Everett, we specialize in sourcing niche technical talent for top-tier roles. We are currently working with a global consultancy to find a skilled Cyber Security Consultant to join their team. This role focuses on Security, Governance, Risk, and Compliance (GRC), where you’ll collaborate with leading organizations to strengthen their security frameworks and enhance compliance.
What You'll Be Doing
Using your expertise in GRC, you will support clients by:
- Governance: Designing, implementing, and overseeing multi-disciplinary structures, policies, and processes that manage cyber and information security at an enterprise level. Ensuring compliance with regulatory, legal, and operational requirements, and aligning with immediate and long-term business goals.
- Policy and Procedure Management: Developing and maintaining cyber and information security policies, standards, and processes based on recognized standards such as ISO/IEC 27000 and NIST CSF. Ensuring security classifications are applied appropriately.
- Risk Management: Creating and implementing cyber risk management strategies and controls tailored to business needs. Conducting assessments to identify vulnerabilities, threats, and impacts, balancing technical, procedural, and physical controls.
- Data Privacy: Establishing and managing frameworks to protect personal data and privacy, ensuring compliance with GDPR, Data Protection Act, and other relevant regulations.
- Internal Controls Oversight: Establishing and monitoring internal controls to safeguard data and assets through regular reviews and audits.
- Stakeholder Engagement: Acting as a liaison for internal teams, external partners, and regulatory authorities. Providing remediation guidance and preparing management reports to track progress.
- Continuous Improvement: Driving process improvements to enhance governance frameworks and security postures. Assessing the effectiveness of security controls and documenting compliance to address gaps and risks.
What Experience You'll Bring
Our client is seeking a seasoned professional with a broad background in security risk management and expertise across the following areas:
- Relevant Experience: Varied background in information security, data protection, risk management, enterprise IT, legal, or compliance roles.
- Framework Knowledge: Strong understanding of frameworks such as ISO 27001, NIST 800-53/CSF, NIS/NIS2, DORA, and UK CNI/OT/IIOT compliance.
- Stakeholder Management: Demonstrated ability to build credibility with enterprise clients, critical system vendors, certification auditors, and regulatory bodies.
- Leadership: Proven leadership and mentoring skills, with the ability to influence and collaborate with senior stakeholders in similar GRC, security, or risk management roles.
- Hands-On Approach: A balance of strategic oversight and direct involvement in security initiatives.
- Communication Skills: Ability to articulate complex information clearly to non-technical stakeholders and adapt messaging to diverse audiences.
- Attention to Detail: Strong focus on delivering high-quality, accurate work.
- Right to Work: Valid right to work in the UK and eligibility to obtain UK SC clearance, lived in the UK for 5 years
- Certifications: CISA, CRISC, CISM, or CISSP certifications are advantageous but not essential.
This is a unique opportunity to work on challenging projects that have a real-world impact. If you have the skills and experience to excel in this role, we'd love to hear from you.
Contact Walter Everett today to learn more about this opportunity and take the next step in your career.