Bytes is a top provider of premium IT solutions and services, working with SMEs, corporations, and public sector organizations to modernize and digitally transform their IT infrastructures. Founded in 1982, Bytes has experienced significant growth, now employing over 750 people across seven locations in the UK and Ireland, with a turnover surpassing £1.8 billion in 2023.
At Bytes, we nurture talented individuals to achieve remarkable outcomes and are dedicated to supporting our employees through continuous training, guidance, and development to help you advance and fulfil your career goals. We foster a culture of innovation, collaboration, recognition and inclusivity and offer a wide range of benefits to support staff wellbeing.
Your Future Starts Here
PURPOSE OF JOB:
We are seeking an experienced Governance, Risk & Compliance (GRC) Consultant to join our growing cyber security team. You will deliver high-quality GRC services to a diverse client base, help build in-house capability for core offerings, and support the integration of GRC with our Assurance and DFIM service lines.
With 3+ years’ experience in information security, data protection, risk management, enterprise IT, legal, or compliance roles, you will have a proven track record of delivering GRC consultancy across sectors. You will demonstrate strong knowledge of frameworks such as ISO, ISF, NIST CSF, NIS/NIS2, DORA, CIS, and Cyber Essentials, and the ability to explain complex requirements clearly to both technical and non-technical audiences.
You will have experience engaging with enterprise clients, vendors, auditors, and regulators. Skilled at producing clear, concise reports, you will translate technical findings into business-focused recommendations that support informed decision-making.
A hands-on and collaborative approach is essential, balancing strategic oversight with direct delivery. You will be confident in mentoring colleagues, influencing senior stakeholders, and working closely with sales to scope and shape new business opportunities.
Reporting to the Head of Assurance Testing, you will actively contribute to client delivery while having dedicated time for professional development, including industry-recognised certifications. This role offers the opportunity to work on high-impact projects within a forward-thinking, supportive environment that values expertise, innovation, and growth.
KEY RESPONSIBILITIES:
* Deliver high-quality GRC services, including:
* ISO 27001
* NIST Gap Analysis
* CAF Assessments
* PCI DSS
* CSMA, ISF, and CIS Assessments
* Develop and maintain in-house methodologies, templates, and delivery playbooks for core GRC services.
* Conduct client workshops, interviews, and assessments to gather requirements and provide actionable recommendations.
* Produce clear, concise, and accurate reports, Statements of Work, and other deliverables.
* Collaborate with internal teams to integrate GRC services into Assurance and DFIM offerings.
* Support Incident Management and Assurance engagements as required.
* Provide pre-sales support, including scoping engagements, defining deliverables, and contributing to proposals.
* Maintain up-to-date knowledge of industry frameworks, standards, and regulatory changes.
* Identify opportunities for service improvement and cross-selling.
INDIVIDUAL RESPONSIBILITIES
* Deliver high quality GRC consultancy services
* Ensure all deliverables meet defined quality standards and client expectations
* Actively participate in internal training, enablement sessions, and professional development activities.
* Share knowledge and expertise with peers to build team capability.
* Uphold the highest ethical standards in all interactions with clients, colleagues, and partners.
* Manage workload effectively, balancing delivery commitments with learning and development goals.
QUALIFICATIONS, EXPERIENCE, & SKILLS:
Educational Requirements
* Degree in Information Security, Computer Science, Risk Management, or a related field, or equivalent professional experience. - ESSENTIAL
Professional Experience
One or more of the following:
* ISO 27001 Lead Auditor or Lead Implementer certification
* PCI DSS Qualified Security Assessor (QSA) or Internal Security Assessor (ISA)
* NIST Cybersecurity Framework or CAF-related training/accreditation
* Certified Information Systems Security Professional (CISSP)
* Certified Information Security Manager (CISM)
* Certified Information Systems Auditor (CISA)
* Certified in Risk and Information Systems Control (CRISC)
Years of Experience
* Minimum 3 years’ experience delivering GRC services in a consultancy or in-house security role. - ESSENTIAL
* Proven track record of managing client-facing projects from scoping through to delivery.- DESIRABLE
* Experience working across multiple sectors, including regulated industries (e.g., finance, healthcare, government). - DESIRABLE
* Experience supporting Incident Response planning, tabletop exercises, or assurance testing engagements. - DESIRABLE
Other Requirements
* Strong understanding of governance, risk, and compliance principles, including key frameworks and regulations such as ISO 27001, NIST CSF, CAF, PCI DSS, and GDPR. - ESSENTIAL
* Excellent written and verbal communication skills, with the ability to translate technical requirements into business language. - ESSENTIAL
* Ability to travel to client sites as required. - ESSENTIAL
CORE COMPETENCIES & SKILLS
* GRC Experience
* Business acumen
* Strong communicator
* Friendly and approachable
* Calm and considered
* Strong code of ethics and morals