+442070788114

We are online 24/7

Menu

GRC Consultant

Job Category: Cybersecurity

GRC Consultant – Cybersecurity Risk & Compliance | ISO 27001 | NIST | GDPR

Salary: £65,000 – £90,000 per year (Depending on Experience)
Location: United Kingdom – London / Manchester / Remote
Type: Full-Time
Industry: Cybersecurity / Risk Management / Compliance / Consulting
Job Owner: Tariq Masood

Job Description

We are seeking an experienced GRC Consultant to advise and support clients in managing cybersecurity risks, ensuring regulatory compliance, and building robust information security governance frameworks.

You will work with organizations across diverse sectors to improve their risk posture through audit readiness, policy development, control assessments, and regulatory alignment.

The ideal candidate will have deep expertise in security frameworks (ISO 27001, NIST, CIS) and regulatory mandates (GDPR, DORA, PCI DSS), with a strategic mindset toward enterprise-level governance and risk programs.

Experience

3–7 years of experience in GRC, Information Security, or IT Risk & Compliance consulting roles.

Key Responsibilities

  • Advise clients on cybersecurity governance, risk management, and compliance frameworks.
  • Perform risk assessments, control gap analyses, and compliance audits (ISO 27001, SOC 2, etc.).
  • Develop and implement information security policies, procedures, and risk registers.
  • Lead client engagements for GDPR, DORA, and other regulatory requirements.
  • Support third-party vendor risk management and due diligence activities.
  • Prepare executive-level reports for CISOs, boards, and audit committees.
  • Assist clients in certification readiness and internal audit programs.
  • Collaborate with technical teams to align risk controls with business strategy and objectives.

Required Skills

  • Strong knowledge of ISO 27001, NIST CSF, GDPR, and risk management frameworks.
  • Experience conducting security risk assessments, audits, and compliance reviews.
  • Deep understanding of cybersecurity controls, regulatory standards, and enterprise risk alignment.
  • Excellent client communication, stakeholder management, and reporting abilities.
  • Familiarity with GRC platforms (e.g., RSA Archer, ServiceNow GRC, LogicGate).

Desired Skills

  • Professional certifications such as CISM, CRISC, ISO 27001 Lead Auditor, or equivalent.
  • Experience working in financial services, healthcare, or SaaS industries.
  • Awareness of emerging regulations (e.g., DORA, NIS2, AI Act).
  • Knowledge of cloud compliance frameworks (CSA CCM, AWS/Azure/GCP compliance).
  • Familiarity with SOC 2, PCI DSS, and HIPAA frameworks.

Job Benefits

  • Competitive base salary with performance-based bonus
  • Private healthcare and pension scheme
  • Hybrid or remote working options for UK-based professionals
  • Continuous training and professional certification support (CISM, CRISC, ISO Lead Auditor)
  • 25+ days annual leave plus public holidays
  • Access to cybersecurity conferences and industry events

Education

  • Bachelor’s degree preferred, but not essential.
  • Professional GRC or cybersecurity certifications are highly valued.

Additional Details

  • Experience Required: 3–7 years in GRC, Information Security, or IT Audit
  • Work Mode: Remote / Hybrid (Flexible)
  • Sponsorship: Not considered

Apply for this position

Allowed Type(s): .pdf, .doc, .docx

Ready to Take the Next Step?

Build your high-performing team with MastarRec’s specialist recruitment solutions.
CONTACT NOW

Close