GRC Consultant
Description:
We are seeking an experienced GRC Consultant to support and advise clients in managing cyber risks, ensuring compliance with industry standards, and implementing robust information security governance frameworks. You will work across multiple sectors, helping clients improve their risk posture through audit readiness, control assessments, policy development, and regulatory compliance.
The ideal candidate will have deep knowledge of security. frameworks (ISO 27001, NIST, CIS), regulatory mandates (GDPR, DORA, PCI DSS), and a strategic approach to enterprise-level governance and risk programs.
Job Responsibilities
Advise clients on cybersecurity governance, risk management, and compliance frameworks
Perform risk assessments, control gap analyses, and audits (ISO 27001, SOC 2, etc.)
Develop and implement information security policies, procedures, and risk registers
Lead client engagements related to GDPR, DORA, and other regulatory requirements
Support third-party vendor risk assessments and due diligence activities
Prepare reports and recommendations for CISO, board, and audit committee presentations
Contribute to certification readiness and internal audit programs
Collaborate with technical teams to align risk controls with business strategy
Requirements
Required Skills
In-depth knowledge of ISO 27001, NIST CSF, GDPR, and risk management frameworks
Experience performing security risk assessments, internal audits, and compliance reviews
Strong understanding of cybersecurity controls, regulatory mandates, and business risk alignment
Excellent client communication, stakeholder management, and reporting skills
Familiarity with GRC platforms (e.g., RSA Archer, ServiceNow GRC, LogicGate)
Desired Skills
Certifications such as CISM, CRISC, ISO 27001 Lead Auditor, or similar
Experience working with financial services, healthcare, or SaaS industries
Understanding of emerging regulations (e.g., DORA, NIS2, AI Act)
Cloud compliance knowledge (e.g., CSA CCM, AWS/Azure/GCP compliance)
Familiarity with SOC 2, PCI DSS, HIPAA frameworks
Benefits
Competitive salary with performance-based bonus
Private healthcare & pension scheme
Hybrid or remote work options
Ongoing professional development and certification support (CISM, CRISC, ISO Lead Auditor)
25+ days annual leave
Access to cybersecurity conferences and industry events