Cybersecurity (Governance, Risk and Compliance) Consultant – Managing Consultant
Crossword has a full-service Cyber Security Consulting team that provides Strategy, Assurance and Audit, Third Party Assurance and Penetration Testing. Find out more about our Cyber Security Consulting services here.
We are looking for an experienced GRC Consultant with 5+ years experience. You should have experience of managing client engagements, leading small teams of consultants and working with client stakeholders. Due to the rapid expansion of our Consulting team we offer great career opportunities for the right candidate.
Required skills and experience
- Develop risk management procedures – Under the supervision of the Principle Enterprise Risk Manager, develop and embed risk management procedures
- Operate Enterprise Risk Management plus Governance, Risk and Compliance systems – knowledge of different ERM/GRC software solutions will be advantageous, but not a necessity
- Operating business-integrated processes to ensure ERM/GRC systems remain up-to-date and provides powerful on-going reporting to management
- Apply a high-level knowledge of both technical and non-technical security controls as they pertain to security frameworks like ISO27001 and Cyber Essentials
- Conduct and coordinate risk assessments – In line with the risk approach and appetite of the business, personally conduct or coordinate risk assessments to help the business understand new risks or the current postures of known risks
- Provide both first line risk management and/or second line assurance of risk, dependent on business area risk capability
- Provide security and risk advice to project teams as and where required
- Risk and controls – Experienced and competent in discussing risks, categories of risks, and articulating the types of mitigations / controls and their respective impacts on reducing risks
- Highly structured – Experienced and pre-disposed towards structures and frameworks which will help visualise the end-goals of the strategic developments within Enterprise Risk. Solid understanding of ISO and COSO frameworks is desirable
- Systems – Confidence with technology will enable the candidate to embrace the developmental and operational aspects to this role, as the ERM/GRC solution will ingest all information created by the enterprise risk processes
- Communication and influencing skills – Confident and enjoys working with team members and senior business stakeholders. Has strong written communication skills and has some experience in writing risk assessments and other Risk Management documentation
- Either a Bachelor or MSc Risk Management, or equivalent professional experience (desirable)
- It would also be beneficial if you have a certificate or diploma in Risk Management from the IRM or CRISC from ISACA, or NCSC CCP SIRA / CISM
- SC Cleared (desired)
- Responsible for managing the delivery of multiple project work streams
- To work with minimal levels of supervision
- Responsible for planning the programme of work for client projects (Project Management)
- To work pro-actively solve problems and present solutions to the Director where possible
- To manage and coach the project team, supervision and helping with ‘technical’ delivery where necessary
- To provide quality assurance on all deliverables
- To drive high standards of self-delivery and delivery in others
- To track project risks and keep the Director aware at all times
- To actively seek business opportunities within projects and with external contacts
Working Hours: The working hours will be 37.5 hours per week but may have varied start and finish timings. We will have a flexible work schedule to suit the business needs, client requirements and the person in the role.
Flexibility is valued at Crossword and whilst this role is a full-time role, we are happy to consider flexible working proposals from candidates.
To apply, please send your CV to firstname.lastname@example.org.
The deadline for applications is Friday 31st January 2020.