Job Title: Cyber Governance Consultant – Permanent
Location: Hybrid (Client sites, Company offices, and Home – note: cannot be fully remote)
About the Role:
We are looking for a Cyber Governance Consultant to help clients design and implement cyber guidelines and governance frameworks tailored to their specific needs. The role involves working across pre- and post-sales consulting activities, helping clients align their cyber strategy with regulatory frameworks and industry best practices.
Key Responsibilities:
* Conduct gap analysis and rationalisation of controls against regulatory frameworks.
* Perform threat modelling, risk identification, assessment, and mitigation planning.
* Analyse, protect, and manage data outputs, including Data Loss Prevention (DLP) and Rights Management.
* Conduct 3rd party risk analysis, controls, audit, and cyber resilience and recovery assessments.
* Review cloud and network security posture, including mobile data and device protection.
* Manage policy and procedure lifecycle, including development, testing, review, and compliance audit participation (internal and external).
* Support business development and advisory activities in cybersecurity governance.
Skills and Experience:
* Experience designing or implementing secure solutions based on regulatory frameworks such as ISO, NIS, NIST, TISAX, DORA, NCSC CAF, or IEC62443.
* Background in GRC consulting or cybersecurity governance.
* Ability to balance security, compliance, usability, agility, and cost considerations.
* Experience creating business cases, roadmaps, or strategic recommendations for regulatory compliance.
* Strong communication skills and the ability to work effectively with clients and cross-functional teams.
Pre-Employment Checks:
* Identity verification, nationality or immigration status.
* Employment history (3 continuous years).
* Disclosure and Barring Service (DBS) check for unspent criminal records.
Why This Role:
You will join a supportive, inclusive environment that values diversity and innovation, helping clients improve their cyber posture and governance practices while working with a variety of sectors and secure industries.