Overview
We're seeking a motivated and detail-oriented consultant to join our Governance, Risk, and Compliance (GRC) team. This hybrid role encompasses responsibilities in both data protection and cyber security, helping clients maintain compliance with GDPR, ISO27001, and other regulations. You will advise on data protection strategies, manage incidents, and support clients' security postures by monitoring risks and assisting in audits.
Reporting to the Security Manager, you will play a key role in delivering effective security solutions, data protection strategies and supporting our clients' security posture.
A day in the life
* Monday morning we have the Periculo Pulse, a weekly brief on the industry, threats, and news that may help with your role
* Start your day by clearing customer queries or monitoring alerts from environments like Google Workspace and Office 365.
* You may advise a customer on a data protection issue or investigate a security threat impacting one of your clients.
* Review or update client procedures, maintaining both security and data protection policies.
* Tackle incidents such as data breaches or compliance gaps, assisting with documentation for audits (e.g., ISO27001).
* Stay updated with the latest in privacy law and cyber security trends to support your clients effectively.
If you are ready to make a significant impact and grow your expertise in cyber security and data protection, we want to hear from you
Key Duties
* Compliance Monitoring:
Monitor and ensure compliance with industry standards and regulations such as GDPR, ISO27001, and SOC2.
* Client Engagement:
Participate in client meetings to understand their security needs and requirements. Maintain positive relationships with clients through regular communication and follow-up.
* Document Development:
Assist in the development, implementation, and maintenance of security policies, procedures, standards, and guidelines.
* Risk Monitoring:
Monitor risks using our compliance tool to identify and evaluate potential security threats to clients.
* Security Audits:
Support internal and external security audits, including preparation, coordination, and follow-up on findings.
* DPIA's:
Conduct Data Protection Impact Assessments (DPIAs) and lead compliance gap analysis.
* Incident Response:
Assist in the development and execution of incident response plans and procedures.
* Training and Awareness:
Help develop and deliver security awareness training programs to staff.
* Vendor Management:
Assist in evaluating third-party vendors' security practices and ensuring they meet organisational requirements.
* Reporting:
Prepare and present regular reports on security risks, compliance status, and mitigation activities to senior management.
* Continuous Improvement:
Stay up-to-date with the latest security trends, technologies, and regulatory changes to continuously improve the organisation's security posture.
Skills & Qualifications
* Security Plus qualification is advantageous.
* Knowledge of security standards including GDPR & ISO27001.
* Strong problem-solving.
* Attention to detail.
* Excellent verbal and written communication.
* Client engagement and relationship building.
* Team collaboration.
* Effective time management.
* Multitasking ability.
* Proactive issue resolution.
Work Environment
* Hybrid working with 3 days per week in the Melksham office.
* Comfortable office environment with pool table, ping pong table and shower.
* Onsite gym & access to recovery suite including sauna and ice bath.
* Additional days leave for birthday.
* From time to time there might be a need to travel to customers' premises.
Job Type: Full-time
Benefits:
* Casual dress
* Company pension
* Free parking
* Health & wellbeing programme
* Life insurance
* On-site gym
* On-site parking
* Sick pay
* Work from home