PureCyber combines both defensive & offensive cyber security, with expert governance & compliance consultancy - offering organisations a comprehensive service.
Our all-in-one solution simplifies cyber security by providing 24/7 protection, proactive threat intelligence, expert consultancy, and real-world attack simulations - all from a single, trusted source. Our goal is to provide peace of mind to our clients, knowing they are secured by a partner they can trust.
The Governance, Risk and Compliance (GRC) team fulfil a broad role within the delivery of all PureCyber services; focusing on supporting customers to improve their approach to cyber security governance and supporting the organisation on multiple internal projects.
Reporting to the Chief Information Risk Officer, this role plays a key part in maximising the experience of PureCyber clients by guiding them through their cyber security journey and help to improve their assurance levels across multiple service lines.
Key Responsibilities
* Lead on governance and compliance projects such as Cyber Essentials, IASME Cyber Assurance and ISO27001.
* Schedule and co-ordinate GRC engagements with the wider team and ensure timely and accurate delivery of projects.
* Help complete quality assessment checks against the rest of the GRC engagements.
* Preparing client report packs, including cyber audits, board packs & executive summaries.
* Working with all core departments (SOC, Penetration Testing, Sales and Marketing) to assist with client co-ordination and administration to ensure consistency of service.
* Establish and maintain client relationships to maximises levels of confidence, reassurance and trust.
* Actively keep up to date with Cyber developments and the role of GRC functions to maximise effectiveness.
* Working within the internal compliance function of the organisation.
* Drive awareness and education of cybersecurity risks and responsibilities throughout the organisation.
* Travel to client sites as required.
Person Specification
Essential:
* Experience implementing security standards and frameworks such as ISO27001, PCI DSS, NIST, IASME Cyber Assurance etc.
* Proven ability to lead risk assessments and manage control frameworks
* Strong written and verbal communication skills, with the ability to present risk topics to both technical and non-technical stakeholders.
* ISO27001 Lead Implementer or Auditor certification
Desirable:
* CISSP, CISM, CRISC or other relevant certification.
* Cyber Essentials certification