GRC Consultant

Job Description

The team you'll be working with:

The GRC Consultant (Cyber Assurance / Security Operations Manager) is primarily responsible for ensuring the security controls (people, process, technology) are in place and operating as designed. The primary aim is the design, development, test and evaluation of information security throughout its lifecycle. This is to ensure the business purpose of the system is enabled in a safe and secure manner based on the alignment of identified risks to the acceptable risk posture of the business.

What you'll be doing:

• Providing security expertise across security standards and accreditations, measure and control the effectiveness of the security controls framework and maintain the Information Security Management System.

  Deriving and delivering documented Information Security Management Plans which incorporate Regulatory, Legal and Compliance in relation to applicable security policies. Standards and guidelines

  Assisting with the identification of identified risks and emerging cyber security vulnerabilities and threats. The subsequent analysis to quantify and lead risk mitigation plans

  Work with Service Management to ensure that partners and suppliers adhere to agreed standards, policies and verify/evidence appropriate compliance and security KPIs

  Work closely with 1st, 2nd and 3rd lines of defence on all matters relating to cyber security, information assurance, cyber risk, data privacy including regulatory and compliance considerations

  Lead the development and enhancement of governance, risk and compliance aligned to policy, standards an industry good practice

  Ensure that continuous assessment, identification, analysis and reporting of useful metrics to enable informed risk based decisions to be taken

  Constructively challenge established processes and controls to identify, recommend and facilitate continuous improvement, ensuring that all personnel (including senior stakeholders) understand their responsibilities in relation to security risk mitigation and remediation

  Review and verify that documentation relating to process and technical security controls are maintained

  Develops and maintains Information Security Management practice and process to ensure certification to required industry standards (e.g., ISO 27001) within relevant geographic boundaries.

  Develops, proposes and seeks sponsorship for changes to policies, procedures and controls to ensure the integrity of the in-scope IT services and effective management and control of information assets. Facilitates the implementation of these controls.

  Performs focused information risk assessments of existing or new services and technologies, alongside the Operational/Service Management team and technology subject matter experts.

  As required, will extend the assessment of existing and proposed services to third party suppliers, including the facilitation of IT Security checks during the supplier onboarding and contract lifecycle to ensure coherent approach to risk management

  Coordinate audit, ITHC and risk assurance activities to evidence compliance with established regulatory and governance requirements including governance of any Remediation Action Plan (RAP) to ensure timely mitigation of identified risks / vulnerabilities

  Maintains strong working relationships with individuals and groups involved in managing information risk across the in-scope services and aligned suppliers / 3rd parties

  Chairs and co-ordinates the Security Working Group (SWG) and actively participates in supporting/governing forums

  Contribute to the analysis and mitigation of data protection risks

  Monitors information security incidents, contributing to incident response and root cause analysis. Will own resulting actions as required where they relate to required changes in IT Security and Information Risk Management policy and controls

  Security operations and incident response, liaison with internal teams and 3rd party suppliers

What experience you'll bring:

• A track record of delivering security solutions for large-scale infrastructure, transformation or integration programmes
• Practical knowledge and understanding of industry security frameworks and guidance such as NIST CSF, NIST 800-53, NCSC CAF and other NCSC guidelines
• Good knowledge of networking (switching, routing, firewalls)
• In-depth knowledge of modern security concepts, common attack vectors, malware, security analytics and threat intelligence.
• A good understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE)
• Experience working with security standards such as ISO 27001, 27002, 27017, 27108 etc

DESIRABLE SKILLS AND EXPERIENCE

• Experience with the design concepts associated with adoption of Cloud platforms (AWS and/or Microsoft Azure)
• An understanding of the native security capabilities and good practice within Cloud platforms (AWS and/or Microsoft Azure)
• CISSP, CISM, CCSP, CRISC or equivalent experience
• Good knowledge covering several of the following examples (this list is not exhaustive): AD, Cryptography, End User Computing, IAM, PKI, Server hardening, SIEM, SOAR, virtualisation (VMware)
• Familiarity with MITRE ATT&CK
• Familiarity with ITIL

Who we are:

We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.

Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.

For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA

what we'll offer you:

We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.

We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a Disability Confident Committed Employer - we want to see every candidate performing at their best throughout the job application and interview process, if you require any reasonable adjustments during the recruitment process, please let us know and we look forward to hearing from you.

Back to search Email to a friend Apply now

Apply

Listen to the story of Employee Voice

Alejandro Hernandez

Agile Coach/Digital Strategy Consultant for the Banking Sector

Chile

Read more

Giuseppe Cuciniello

International Business Development and commercial planning

Italy

Read more

Ianca Caroline Nascimento Linhares

Agility Trainee

Brazil

Read more

Apply Back to search results