We are seeking an NPPV Cleared Cyber Security GRC (Governance, Risk, and Compliance) Consultant to join our team on an initial 3 months contract assignment based in Leicester/Remote. (Duration is very likely to extend) Inside IR35.
This role involves a blend of strategic advisory services, cyber security assessments, and active participation in governance meetings with clients. This is a new role at Telefonica Tech, so the successful candidate will also be involved in helping to develop and refine the Cyber Governance & Advisory service.
Key Responsibilities:
* Conduct bespoke advisory engagements with clients to help them gain answers to cyber security challenges and make key strategic decisions.
* Perform cyber security assessments against established frameworks to identify weaknesses and recommend mitigations including roadmaps to maturity.
* Provide expert opinion and insights during governance meetings with clients' senior stakeholders.
* Facilitate interactive workshops, including tabletop incident response scenarios, to enhance clients' preparedness for cyber threats and help them agree security roles and responsibilities.
* Work closely with clients to customise security policies to their business requirements.
* Conduct cyber security risk assessments to support clients' senior decision-making.
* Operate cyber governance processes for clients, such as maintaining KPIs, running governance forums, and performing policy reviews.
* Contribute to the design and enhancement of our GRC service processes and technologies.
* Identify opportunities for sales of our broader portfolio of services, in particular the NextDefense suite.
* Stay abreast of the latest cyber security trends and regulations to advise clients effectively.
Qualifications:
* A recognized cybersecurity qualification (eg, CISSP, CISM, CRISC) is desirable.
* Minimum of 3 years of experience in a consultancy or security risk management role involving senior stakeholder engagement.
* Proven track record of delivering GRC or similar services in complex business environments.
* Strong understanding of cyber security frameworks (eg, NIST, ISO 27001, CIS-18) and typical cyber security controls.
* Excellent communication and facilitation skills, including written communication skills.
* Ability to translate technical risks into business language for diverse audiences.
#J-18808-Ljbffr