Cyber Security Risk & Compliance Framework Consultant (Contract)
Duration: 12 months
IR35: In scope
Rate: £600 per day
Location: 60% on site per month in either Bristol or London
We're looking for an experienced Cyber Security Risk & GRC Consultant to help transform how a large, complex organisation measures, manages, and communicates cyber risk. This is a high-impact, business-critical role focused on building a clear, practical, and transparent approach to security risk - with a strong emphasis on compliance frameworks, measurable controls, and decision-ready reporting for governance boards.
* Define and implement meaningful cyber security risk metrics aligned to compliance frameworks (e.g. national and international standards)
* Establish a robust, repeatable method to measure performance against these frameworks - turning compliance into something measurable, not theoretical
* Create clear, transparent data that shows:
o Current risk exposure
o Performance against controls
o Trends and direction of travel over time
* Design concise, plain-English reporting for senior stakeholders and governance boards
o No jargon - just clear insight, impact, and action
* Map compliance frameworks to real business risks, bridging the gap between:
o Technical controls
o Governance requirements
o Operational reality
* Build practical reporting artefacts, dashboards, and templates to improve visibility and consistency
* Work closely with stakeholders to ensure outputs are:
o Credible
o Usable
o Aligned to executive decision-making needs
Sought:
* Drive a step-change in how cyber risk is measured, understood, and communicated - using compliance frameworks as the backbone, and clear data as the enabler.
* Strong experience in Cyber Security GRC (Governance, Risk & Compliance)
* Proven ability to work with and measure performance against compliance frameworks
* Deep understanding of:
o Security risk metrics & KPIs
o Risk appetite & governance reporting
* Ability to translate technical security data into plain English insights for senior audiences
* Strong analytical and data skills - able to turn complex datasets into clear narratives
* Solid technical awareness of cyber security principles, controls, and risks (without needing to be hands-on engineering)
* Confident engaging with senior stakeholders and governance boards
#J-18808-Ljbffr