Senior Consultant regulatory compliance, GRC and Risk Management
We are Nuvantiq an industrial cyber resilience business focused on critical infrastructure and asset heavy industries. We are a specialist team of industry leaders, OT practitioners, cybersecurity specialists and digital technologists with deep industry knowledge and experience in building and managing critical infrastructure.
Nuvantiq’s vision is to make critical infrastructure and asset intensive organisations more Secure, Resilient and Operational in a sustainable way
We are on a mission to enable the move from reactive defence to proactive resilience backed by industry knowledge, operational expertise, AI and automation capabilities
Role Description
Seeking a senior consultant with hands on expertise in GRC, regulatory compliance and risk management to lead assessment and implementation and ongoing management of NIS2, NIS CAF and ISO 27001–aligned controls, third‑party risk management and vulnerability management in an industrial / asset-heavy environment. The role will support enterprise and OT/industrial resilience programmes for critical assets and services.
Key Responsibilities
* Act as subject‑matter expert on NIS/NIS2 compliance, GRC, TPRM and CTEM for industrial and asset‑heavy environments.
* Lead and manage Nuvantiq’s solution offering for Compliance and GRC, Supply Chain Risk Management offerings.
* Perform NIS/NIS2 readiness and gap assessments for in‑scope services, draft remediation plans, policies and procedures, and support evidence collection for regulators or auditors.
* Develop and maintain cyber GRC policies, standards and control frameworks tailored to industrial and critical‑infrastructure operations (plants, terminals, logistics, field sites).
* Design and document practical control implementations for plants and OT/ICS, working with engineering, IT and security operations teams.
* Own the Third‑Party Risk Management (TPRM) process: due‑diligence questionnaires, security clauses in contracts, risk assessments for suppliers and service providers, secure by design initiatives and remediation follow‑up.
* Analyse vulnerability / exposure data, prioritise issues based on business impact, and work with operations teams to define remediation actions and realistic SLAs.
* Prepare concise risk and compliance reports and present recommendations to CISO / OT leads / programme managers.
* Partner with vulnerability management and CTEM / exposure-management teams to ensure governance, risk prioritisation and remediation tracking for IT and OT assets.
* Pre-sales ownership - End to end pre-sales activities from preparing proposal responses, commercial modelling to managing client meetings and presentations
Required experience and skills
* 6–8 years in cybersecurity GRC, information security compliance or risk management, including at least one end‑to‑end implementation of ISO 27001 and practical work with NIS2, NIS CAF
* Hands‑on experience defining and operating TPRM programmes: supplier security assessments, remediation plans and reporting for complex vendor ecosystems.
* Solid understanding of vulnerability management processes and tools (scanning, prioritisation, SLAs, tracking), ideally within an exposure‑management / CTEM or industrial‑resilience context.
* Prior work in asset‑heavy or critical‑infrastructure sectors (e.g. energy, utilities, manufacturing, transport, oil & gas, mining), with familiarity with OT / ICS environments.
* Demonstrated ability to translate technical issues into business language and to work with cross‑functional teams (IT, OT, engineering, procurement, legal).
Personal attributes
* Pragmatic, risk‑based mindset with focus on operational continuity and resilience rather than “checkbox” compliance.
* Comfortable working in industrial sites and with engineering / operations personnel.
* Strong ownership, attention to detail and ability to manage multiple parallel projects.
Few other things to consider
* Right to work in the UK [ no sponsorship available]
* All roles will require a level of security clearance; BPSS
* Should be travel ready for customer visits and site work UK and Europe
* 2-3 days a month in the office in Solihull or as required
Seniority level
* Mid-Senior level
Employment type
* Full-time
Job function
* Consulting, Information Technology, and Sales
* Industries
Referrals increase your chances of interviewing at Nuvantiq by 2x
Get notified about new Senior Consultant jobs in Solihull, England, United Kingdom.
Birmingham, England, United Kingdom 1 week ago
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr