Job Title: GRC Consultant (Governance, Risk, and Compliance)
Location: Farnborough (Hybrid, minimum 3 days in the office)
About Us:
We are a growing Cyber Consultancy located in Farnborough, offering Managed Services and Consultancy engagements. Our team blends experienced cybersecurity experts with motivated new consultants to offer a fun and rewarding atmosphere.
Mondas delivers bespoke Cyber Security Solutions across a range of industries through our UK-based consulting team and our Security Operations Centre. We partner with market-leading software vendors to provide a robust and secure IT landscape for our clients.
The Opportunity:
We are seeking an experienced, highly analytical Governance, Risk, and Compliance (GRC) Consultant to own and drive our security and compliance posture across all global operations. This role is central to maintaining the trust of our customers and partners by ensuring adherence to international standards and regulatory requirements.
Key Responsibilities
As our GRC Consultant, you will be responsible for the full lifecycle of our security and compliance programs, including:
Security Frameworks & Audits: Lead the management and continuous improvement of security frameworks (e.g., ISO/IEC 27001, Cyber Essentials ). Drive all certification and re-certification efforts, including Cyber Essentials Plus and ISO 27001 .
Regulatory Compliance: Analyse and ensure strict adherence to applicable global and regional security compliance and regulatory requirements ( EU GDPR, DORA, etc.).
Risk Management: Own and manage the security risk management program, including advanced risk assessments, vendor risk reviews, third-party due diligence, and mitigation planning.
Incident Response & Improvement: Collaborate on incident coordination, response, root cause analysis, and driving continuous improvement initiatives.
Stakeholder Communication: Deliver clear, data-driven reports on GRC metrics, control effectiveness, identified risks, and the overall compliance posture to senior and executive stakeholders.
Security Culture: Design and execute effective user training programs and security awareness initiatives to cultivate a strong security-first culture across the organisation.
Customer Assurance: Respond to customer assurance questionnaires and support Sales and Legal teams with security-related inquiries for RFPs.
What You'll Bring: Experience & Knowledge
5+ years of hands-on experience in information security governance, risk, and compliance (GRC).
Proven ability to lead and maintain ISO 27001 programs.
Demonstrated success with certification efforts and compliance standards across EMEA, the Americas, and Asia .
Strong expertise in ISMS management, internal/external audits, policy lifecycle management, and continuous compliance monitoring.
Strong understanding of international cybersecurity and data protection laws and regulations.
Desirable: Experience working in tech startups or global technology corporations.
Skills & Mindset
Certifications Required:
CISA (Certified Information Systems Auditor)
ISO 27001 Lead Implementer and/or Auditor certification
Confident in conducting risk assessments and third-party due diligence.
Exceptional ability to present to and influence executive leadership.
Excellent written and verbal communication skills, with the ability to translate complex technical security concepts for diverse business audiences.
A hands-on, innovative, and analytical mindset, thriving on tackling complex GRC challenges.
----- Ready to make an impact? Apply now!
TPBN1_UKTJ