Cyber Security Risk &pliance Framework Consultant (Contract)Duration: 12 monthsIR35: In scopeRate: £600 per dayLocation: 60% on site per month in either Bristol or LondonWe’re looking for an experienced Cyber Security Risk & GRC Consultant to help transform how a large,plex organisation measures, manages, andmunicates cyber risk.This is a high-impact, business-critical role focused on building a clear, practical, and transparent approach to security risk - with a strong emphasis onpliance frameworks, measurable controls, and decision-ready reporting forernance boards.
1. Define and implement meaningful cyber security risk metrics aligned topliance frameworks ( national and international standards)
2. Establish a robust, repeatable method to measure performance against these frameworks - turningpliance into something measurable, not theoretical
3. Create clear, transparent data that shows:Current risk exposurePerformance against controlsTrends and direction of travel over time
4. Design concise, plain-English reporting for senior stakeholders andernance boardsNo jargon - just clear insight, impact, and action
5. Mappliance frameworks to real business risks, bridging the gap between:Technical controlsOperational reality
6. Build practical reporting artefacts, dashboards, and templates to improve visibility and consistency
7. Work closely with stakeholders to ensure outputs are:CredibleUsableAligned to executive decision-making needs
Sought:
8. Drive a step-change in how cyber risk is measured, understood, andmunicated - usingpliance frameworks as the backbone, and clear data as the enabler.
9. Strong experience in Cyber Security GRC ernance, Risk &pliance)
10. Proven ability to work with and measure performance againstpliance frameworks
11. Deep understanding of: Security risk metrics & KPIsRisk appetite &ernance reporting
12. Ability to translate technical security data into plain English insights for senior audiences
13. Strong analytical and data skills - able to turnplex datasets into clear narratives
14. Solid technical awareness of cyber security principles, controls, and risks (without needing to be hands-on engineering)
15. Confident engaging with senior stakeholders andernance boards
#4803040 - Phil Barrowclough