GRC / GDPR Consultant | Contract or Permanent | Upto £90K / £525/day

GRC / GDPR Consultant | London / South East Based
London EC3A / South East Based
Up to £90,000 + Benefits / contract rate up to £525/day

We have an exciting opportunity for experienced GRC Consultants and GDPR Consultants to deliver information governance, risk, security, audit and compliance consultancy to our varied client base across the retail, insurance, financial services and telecommunication sectors. The role will be based from home or from our Central London offices near Liverpool Street Station with travel to client sites as required. 

Who we are: 

We are an information audit, risk, security and compliance consultancy supplying professional services across a broad range of sectors. The Company was initially formed in 2008 to specialise in payment security and has since grown organically into a highly respected thought-leading information risk, cyber security and compliance consultancy. 

By combining creative thinking, selective hiring, passionate vision and exceptional service, our small and highly experienced team provides a commercially balanced blend of strategic and tactical advice, technical assessments and assurance & audit services. We supply to companies across many sectors including retail, insurance, financial services and telecommunication.

Given our ability to generate recurring revenue over multi-year client contracts and the success of our compliance management platform, we have set ambitious annual growth targets of 30% each year for the foreseeable future.

The GRC / GDPR Consultant Opportunity:

We are looking to add to our team of respected IT Controls and Information Security Professionals during this exciting time of growth. Ideal candidates will be experienced at leading, implementing or auditing IT Controls, Data Privacy / GDPR compliance or Information Security Standards such as ISO 27001. The role will involve undertaking risk, compliance, privacy and third-party supplier assessments, leading improvement projects and conducting controls and security audits. Utilising your thorough commercial and technical understanding of IT controls, information security frameworks, eco-systems and security standards and the GDPR, you will offer value-add advice and solutions to our clients to support our continued growth. 

Consultancy activities will include a range of:

+ Working with the client’s management and technical teams, undertake risk, compliance, privacy and third party supplier assessments
+ Undertaking information security gap analysis and audits against established standards and regulations such as ISO 27001, SANS CSC, Cyber Essentials and the GDPR
+ Analysing findings and translating needs into actionable recommendations
+ Writing and presenting detailed findings and recommendations reports, providing added value and thought leadership
+ Creating and reviewing risk management and information security frameworks and policies
+ Creating and delivering security awareness training material
+ Chairing information security committee meetings with clients
+ Participating in lessons learned exercise to create recommendations for improving future engagements

Essential Skills and Requirements, the majority of:

+ Ability to translate technical issues into business terms
+ Commercial and technical understanding of information security frameworks and eco-systems
+ Experience at leading, implementing or auditing IT controls or information security frameworks
+ Knowledge of common IT risk and controls standards such as COBIT, COSO, ISO 27001, ISO 31000, SANS CSC, Cyber Essentials and the Data Protection Act
+ Knowledge of at least one risk assessment methodology
+ Understanding of the range of technical IT and business controls available to protect the Confidentiality, Integrity and Availability (CIA) of data
+ Understand customer environments and be able to work with both technical teams and senior management to identify issues and risks
+ Excellent customer relationship skills, creation and presentation skills
+ Awareness of common attack vectors such as hacking, malware, DDoS etc.
+ Knowledge of common application vulnerabilities and mitigation approaches
+ A commitment to personal development and keeping a current knowledge of the security industry threats and best practices
+ Knowledge and experience of the GDPR 
+ Knowledge and experience of PCI DSS 

Preferred Qualifications:

+ Certified Information Systems Auditor (CISA) 
+ Certified Information System Security Professional (CISSP) or Certified Information Security Manager (CISM) 
+ ISO 27001 Lead Implementer
+ ISO 27001 Lead Auditor or Internal Auditor 
+ Certified in Risk and Information Systems Control (CRISC)

+ Relevant IT / Business degree

Valued Additional Qualifications:

+ IAPP CIPP/E
+ IAPP CIPM
+ PCI DSS QSA or ISA

GIAC Systems and Network Auditor (GSNA), International Register of Certificated Auditors (IRCA), Information Security Management System Auditor (ISMS) or Certified Internal Auditor (CIA) 

What we offer:

We offer a competitive contract rate or salary and benefits, continued development and the opportunity to work in a supportive and pragmatic culture. Working as part of an established and thought-leading Consultancy will allow you to make a real impact on the service provision to our clients and the growth of our business. This is turn will lead to future career progression opportunities for our outstanding permanent talent. 

Interested? Just Apply Below...

...But first a little formality. By applying you Explicitly Consent to us processing & passing your application to our client for review for this vacancy only. If your skills match the role you will hear back from us within 2 business days. If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.