Please find below the updated job description for the Governance & Risk Management Consultant role:
Role Summary
We are looking for a Governance & Risk Management Consultant (15+ years experience) with strong expertise in compliance mapping, vulnerability risk management, and risk escalation. The role focuses on aligning platforms to security frameworks and managing vulnerability life cycles across hybrid and cloud environments.
Key Skills Required
* Security Controls Framework mapping (NIST, ISO 27001, NHS DSP Toolkit, NCSC CAF)
* Strong exposure to vulnerability risk management across hybrid and cloud estates (AWS, Azure)
* Governance oversight of vulnerability burn-down across platforms, applications, Servers, and systems
* Compliance reporting aligned to hardening standards (permissive accounts, IaC, etc.)
* Risk and issue assessment, tracking, and life cycle management
* Compliance evidence collation and governance reporting
* Stakeholder engagement and program oversight
Key Responsibilities
* Map NHS platforms against Security Controls Frameworks with focus on vulnerability management
* Track and manage security issues via Security Issue Management Tracker
* Escalate unresolved risks to Cyber Operations and governance forums
* Conduct weekly risk reviews and support audit readiness
* Work with product owners to identify risks and prioritize vulnerability remediation
* Report to senior management on remediated, mitigated, and residual risks