Job Description
About the Role
A growing security consultancy is looking to strengthen its defence and public sector practice with an experienced mid to senior level consultant. This is a growth hire driven by an expanding portfolio. They are remote first but have done an amazing job at making sure their culture is a huge part of what makes them great as business. It's a team that gets stuck in together. No egos, just people who really know their stuff and look out for each other.
You will work across a range of complex, regulated programmes and will advise on risk and compliance, leading assurance activities and helping clients build security postures that stand up to scrutiny. The role suits someone who is confident being client facing and working in a collaborative environment.
What You’ll Be Doing
* Deliver information assurance and GRC consultancy across defence and central government programmes
* Lead and conduct risk assessments, control reviews, gap analysis, and threat assessments
* Produce and maintain accreditation documentation including RMADS, SyOps, security cases and risk registers
* Apply and advise on frameworks including ISO/IEC 27001, NIST SP 800-53 and JSP 440 / JSP 604
* Engage confidently with programme teams, risk owners, SROs and accrediting authorities
* Own client workstreams and deliverables, managing quality and timelines
* Produce clear, well-evidenced reports and briefings for technical and non-technical audiences
* Support the development of less experienced colleagues within the team
What you’ll need
Two or more of the following...
* Solid, hands-on experience in information assurance, security assurance or GRC
* Proven delivery in defence or central government environments
* Strong working knowledge of ISO/IEC 27001, NIST SP 800-53 and the Cyber Assessment Framework
* Practical experience with defence accreditation frameworks - JSP 440 and JSP 604
* Experience producing RMADS, SyOps and supporting accreditation documentation
* Confident engaging with senior stakeholders, risk owners and accrediting authorities
* SC clearance or demonstrable eligibility
Desirable:
* CCP certification
* CISSP, CISM or equivalent
* Experience in OT / ICS or critical national infrastructure environments
* ISO 27001 Lead Auditor or Lead Implementer qualification
* Background in public sector, civil service or the military
Interested?
Apply now for more information!