CrawlJobs Logo

Senior GRC Consultant

United Kingdom, London · Job Posted March 19, 2026
Apply Position
Job Link Share

Job Description

The Information Security Analyst will be responsible for maintaining and enhancing the organization's information security measures. This role requires significant experience in Information Security and Governance Risk Compliance (GRC), with a strong understanding of risk management methodologies and international security standards. The candidate must be proficient in English and German, with the ability to analyze risks and prepare reports. The position offers opportunities for professional growth within a leading technology services company.

Job Responsibility

  • Maintain the Information Security Management System (ISMS) in accordance with ISO 27001
  • Conduct audit against Telecommunications Security Act (TSA) and other applicable local and regional compliance standards
  • Analyze and evaluate internal projects to identify risks and define appropriate compensatory measures
  • Prepare and present reports on information security including areas for improvement
  • Manage and update content for the information security awareness platform for employees and key suppliers, ensuring up-to-date training on information and cybersecurity best practices
  • Research and recommend security enhancements and improvements.

Requirements

  • Significant experience in Information Security and GRC
  • Strong understanding of risk management methodologies and international security standards (e.g., ISO 27001, US NIST, TSA, etc.) and the ability to assess risks, identify vulnerabilities, etc.
  • Familiarity with data privacy legislation such as EU GDPR
  • Experience maintaining and auditing Information Security Management Systems (ISMS) in line with ISO 27001
  • Customer service-oriented with the ability to build strong relationships with internal stakeholders
  • Analytical and creative thinking skills, with the ability to identify pragmatic solutions
  • The ability to organize the daily work schedule and delegate where necessary
  • Strong verbal and written proficiency in English and German.

What we offer

  • We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing
  • Our Learning and Development team ensure that there are continuous growth and development opportunities for our people
  • We also offer the opportunity to have flexible work options.

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior GRC Consultant

8 matching positions

Senior GRC Security Consultant

Senior GRC Security Consultant The Opportunity We are currently partnering wit...
Location
Location
United Kingdom
Salary
Salary:
350.00 - 600.00 GBP / Day
myn.co.uk Logo
Myn
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience in Governance, Risk, and Compliance (GRC) within an information security context
  • Strong knowledge of industry-standard security frameworks such as ISO 27001, NIST, or NCSC CAF
  • Extensive experience conducting security risk assessments, gap analyses, and risk treatment planning
  • Proficiency in managing audit lifecycles, including evidence collection and remediation tracking
  • Ability to develop and maintain comprehensive security policies, standards, and procedures
  • Strong stakeholder management skills with the ability to communicate technical risk to business audiences
  • Experience in client-facing consultancy or cross-functional internal advisory roles
Job Responsibility
Job Responsibility
  • Taking ownership of assessing organisational security posture against industry-standard frameworks
  • Managing full audit lifecycles
  • Ensuring regulatory compliance across complex environments
  • Conducting comprehensive risk assessments and gap analyses
  • Developing robust security policies
  • Collaborating with cross-functional teams to embed security controls into core business operations
Read More
Arrow Right

Senior RSA Archer GRC Consultant – Enterprise / Government Projects

Location
Location
United States , Austin
Salary
Salary:
Not provided
dutechsystems.com Logo
Dutech Systems
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Archer Certified Professional (ACP) OR Level 3 Archer Certified Administrator – Expert Certification
  • Expert-level knowledge of RSA Archer platform architecture, data model, configuration, and workflow design
  • Strong understanding of GRC processes, risk management, compliance frameworks, and security control assurance
  • Experience integrating Archer with enterprise platforms via REST APIs and web services
  • Proficiency in JavaScript and jQuery for client-side customization
  • Ability to translate complex business requirements into scalable technical solutions
  • Strong documentation, communication, and stakeholder engagement skills
  • Experience working in structured, change-controlled enterprise environments
  • Ability to work independently on complex technical implementations
Read More
Arrow Right

Senior Associate Security Consultant (GRC)

The Senior Associate Security Consultant is responsible for developing expertise...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree or equivalent in Information Technology or Computer Science or Engineering or related field
  • Industry relevant certifications such as CISSP, CISM, CEH, GSEC or CompTIA Security+ essential
  • Moderate level of demonstrable experience in the Information Technology Security Industry or relevant experience in similar role within a related environment
  • Moderate level of experience with security architecture design principles
  • Moderate level of experience with industry compliance and standards such as ISO 27000, PCI:DSS, NIST, HIPAA or others
  • Moderate level of experience with security tools and techniques to cover SANS Top 25, OWASP or others
  • Strong interest in cybersecurity and a desire to learn and grow in the field
  • Knowledge of basic cybersecurity concepts, principles, and best practices
  • Familiarity with common security tools and technologies is a plus
  • Excellent analytical and problem-solving skills
Job Responsibility
Job Responsibility
  • Assists in conducting security assessments, vulnerability scans, and penetration tests to identify weaknesses in client systems
  • Analyzes security data, logs, and reports to detect and investigate security incidents or anomalies
  • Prepares and maintains documentation, including security assessment reports, findings, and recommendations
  • Collaborates with senior consultants to provide advice and support to clients on security best practices and risk mitigation strategies
  • Learns and uses various security tools and technologies for assessments and monitoring
  • Stays updated on the latest cybersecurity threats, vulnerabilities, and industry best practices
  • Assists in evaluating client systems for compliance with industry standards (e.g., ISO 27001, NIST) and regulatory requirements
  • Communicates effectively with clients to understand their security needs and concerns
  • Participates in training programs and certifications to develop expertise in cybersecurity
  • Fulltime
Read More
Arrow Right

Security Consultant GRC

The Security Consultant (GRC) role involves leveraging expertise in Governance, ...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years' varied experience in information security, data protection, risk management, enterprise IT, legal or (relevant) compliance roles
  • Strong understanding of security governance, risk, and compliance frameworks such as ISO 27001, NIST 800-53 / CSF, NIS/NIS2, DORA, UK CNI / OT / IIOT compliance
  • Hands-on experience building credibility with external stakeholders, including enterprise clients, critical system vendors, certification auditors and regulatory bodies
  • Proven leadership skills with the ability to guide and mentor teams, as well as influence and collaborate with senior stakeholders in a similar GRC, security, or risk management role
  • A hands-on approach with the ability to balance strategic oversight with direct involvement in security tasks
  • Excellent communication skills, with the ability to present complex information clearly and effectively to non-technical stakeholders
  • The ability to explain complex topics to a diverse range of audiences
  • Strong attention to detail and the ability to deliver high quality work
  • A valid right to work in the UK
  • Eligible to obtain UK SC clearance
Job Responsibility
Job Responsibility
  • Governance: directs, oversee, designs, implements or operates within the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage cyber and information security at an enterprise level
  • Policy and Procedure Management: directs, develops or maintains organisational cyber and information security policies, standards and processes, using recognised standards (e.g. the ISO/ IEC 27000 family, NIST CSF) where appropriate
  • Risk Management: develops cyber and information security risk management strategies and controls, considering business needs, balancing technical, physical, procedural and personnel controls
  • Data Privacy: directs, oversee, designs, implements, contributes to, or operates within the set of multi-disciplinary structures, policies, procedures, processes and controls to manage the protection of personal data, privacy and human rights
  • Internal Controls Oversight: Establish and monitor internal controls to safeguard data and assets, conducting regular reviews and audits
  • Stakeholder Engagement: Serve as a liaison, offering guidance and support to internal teams, external partners, and regulatory authorities
  • Continuous Improvement: Identify opportunities for process enhancements, driving initiatives to bolster governance framework and security posture
What we offer
What we offer
  • Tailored benefits that support your physical, emotional, and financial wellbeing
  • Continuous growth and development opportunities
  • Flexible work options
Read More
Arrow Right

Grc Specialist Senior

The GRC Specialist Senior is responsible for conducting security assessments, co...
Location
Location
United States , Coral Gables
Salary
Salary:
Not provided
citynational.com Logo
City National Bank of WV
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-7 years of of applied work experience in cyber security compliance management, cyber security programs, data engineering, analytics or integration, audits, assessments, risk and remediation
  • Knowledge of AI concepts (LLMs, prompt design, limitations, hallucinations, etc.)
  • Knowledge of information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC, and NIST
  • Knowledge of IT systems and processes, network infrastructure, data architecture, and protocols
  • Skill in applying cyber and cloud security frameworks, architecture, design, operations, controls, and service orchestration
  • Proficiency in Microsoft Office products (Word, Excel, PowerPoint)
  • Ability to develop and implement enterprise governance, risk, and compliance strategies and solutions
  • Ability to research and locate information related to internal and external organizations using online and other sources
  • Skill in security project management and planning
  • Ability to maintain confidentiality and handle sensitive information appropriately
Job Responsibility
Job Responsibility
  • Coordinate risk and control self-assessments with IT and cybersecurity subject matter experts and enterprise risk management team
  • Conduct control testing and document results to identify potential gaps in control design and/or control operating effectiveness
  • Collaborate with GRC, engineering, SecOps, IT operations, and BCP teams to define requirements and ensure scalable, secure, and maintainable AI-driven automation solutions
  • Identify opportunities to develop automated solutions using Microsoft Copilot, Power Automate, or another approved automation tool
  • Develop and maintain cybersecurity and IT policies, standards, procedures, program metrics and help develop automated compliance reports and risk metrics for executive leadership, to improve decision-making and reduce operational risk
  • Coordinate work assignments with process owners, control owners, external auditors, and consultants, ensuring issues are documented, monitored, and resolved
  • Advise internal stakeholders on internal control design for ongoing risk mitigation of information systems based on regulatory requirements and best practices
  • Communicate security issues and risks effectively to diverse audiences and ensure compliance with applicable controls based on a unified framework
  • Identify and correct process gaps proactively, recommending improvements to advance the Bank’s information security program maturity in alignment with company goals
  • Guide program leaders on risk remediation efforts, ensuring adequacy of response and timeliness based on risk severity
What we offer
What we offer
  • Medical, dental, and vision plans with employer contributions
  • 401(k) with matching
  • Generous PTO and paid holidays
  • Access to mental health and financial wellness resources
  • Tuition Reimbursement
  • Flex Time
  • Fulltime
Read More
Arrow Right

Senior Security Consultant

The Senior Security Consultant will lead security architecture design and compli...
Location
Location
United States , Cheyenne
Salary
Salary:
97864.00 - 145000.00 USD / Year
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum ten (10) years of combined, progressive experience in cybersecurity, information assurance, or IT security, including senior advisory, advanced practitioner, or program-level leadership responsibilities
  • Demonstrated expertise in: Threat modeling
  • Security architecture
  • Security and privacy risk assessments across the full Software Development Life Cycle (SDLC) and production environments
  • Proven experience in IT governance, risk, and compliance (GRC), including: Internal and external audit and compliance assessments
  • Drafting and maintaining security and privacy documentation
  • Conducting security and privacy risk assessments
  • Extensive experience developing and supporting: Security Incident Response Plans
  • System Security & Privacy Plans (SSPPs)
  • Risk Assessments and POA&M remediation strategies
Job Responsibility
Job Responsibility
  • Provides System Integration security architecture design and collaborate with the client to document security standards and provide security architecture advice and oversight to module vendors in support of module solution development, integration, and infrastructure
  • Responsible for adherence to State security standards, communications with State Chief Information Security Officer (CISO), compliance with HIPAA, Health Information Technology for Economic and Clinical Health (HITECH) and NIST requirements, and Internal Revenue Service (IRS) Federal Tax Information
What we offer
What we offer
  • medical insurance
  • dental insurance
  • vision insurance with an employer contribution
  • flexible spending or health savings account
  • life and AD&D insurance
  • short and long term disability coverage
  • paid time off
  • employee assistance
  • participation in a 401k program with company match
  • additional voluntary or legally-required benefits
  • Fulltime
Read More
Arrow Right

Senior Security Consultant

As a Senior Security Technical Architect at NTT DATA, you will design complex se...
Location
Location
Philippines , Metro Manila
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Possess at least 8 years of working experience related to information security consulting with a minimum of 5 years of hands-on experiences on GRC practice areas
  • Required degree level education, or significant experience and track record with tertiary qualifications on relevant domains, including computer science, computer engineering and information security
  • Information security and audit certifications such as ISO 27001 LI, ISO 27001 LA, CISA, CRISC, CISSP
  • Experienced in supporting consulting pre-sales work (e.g. writing SoWs, proposals etc.)
  • Demonstrate excellent skills in structured problem solving techniques, creativity and intelligence in the development of solutions to customer problems
  • Be self-motivated and self-disciplined with a demonstrable and successful track record in delivering consultancy projects to all sizes of organizations
  • Must have good presentation skills with the ability to present to audiences of both business and IT stakeholders
  • Must have good written communication and report writing skills
  • Must be a good team player
  • Demonstrates commitment to delivering projects within time and in budget and to a high level of client satisfaction
Job Responsibility
Job Responsibility
  • Deliver and lead GRC (Governance, Risk and Compliance) security consulting projects covering the following key areas: ISMS (ISO27001) Advisory
  • Security Maturity/Posture Assessments
  • Third party security assessments
  • Cloud Security posture assessments
  • Risk assessments
  • PCI DSS Gap Analysis
  • Security compliance assessments
  • Information security framework design (policies, processes and procedures)
  • Support security consulting pre-sales work (e.g. writing SoWs, proposals etc.)
  • Be flexible to acquire new skills and show willingness in learning/re-learning and un-learning things as needed for the success of this role and the overall security consulting practice
  • Fulltime
Read More
Arrow Right

Senior Product Security Consultant

The Product Security Consultant is a post-sales role that works closely with cus...
Location
Location
United States
Salary
Salary:
89300.00 - 120700.00 USD / Year
rapid7.com Logo
Rapid7
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 5 years of technical experience working with security applications: Security Information and Event (SIEM)/ Log Management, Governance Risk Compliance (GRC), Identity Access Management, IDS/IPS, Advanced Persistent Threat, Anti-Virus, Vulnerability Management
  • Experience with scripting languages and databases: Python or Powershell
  • SQL
  • Interacting with APIs
  • Experience communicating highly technical concepts to a non-technical audience
  • Understanding of network technologies and protocols (e.g. DHCP, IP, DNS, HTTP, etc.)
  • Experience deploying and maintaining virtual machines and configuring policies on cloud platforms (e.g. Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP))
  • Administrator-level experience with Microsoft Windows Server, Linux and/or MacOS operating systems
  • Customer Centric Communication: Ability to translate complex technical concepts and security best practices into clear, actionable guidance for customers with varying levels of technical expertise
  • Technical Collaboration & Enablement: Ability to partner sales teams to provide technical expertise and support throughout the customer lifecycle, from pre-sales scoping to post-implementation success
Job Responsibility
Job Responsibility
  • Evaluate information technology architecture within customer environments across a broad range of industries and proportions to deploy Rapid7 products, and advise on security best practices within the scope of these products
  • Document and communicate design & implementation details to customer end users
  • Automate and customize solutions to enable customers to use Rapid7 products most efficiently via API scripting, reporting, and custom dashboard development
  • Support sales teams by providing enablement on available offerings and by providing scoping assistance during the sales cycle
  • Generate, Maintain and deliver R7 internal enablement materials to team members and cross-functional R7 partners, as well as team infrastructure, internal processes, tooling, and collateral
  • Willingness to travel up to 30%
  • Fulltime
Read More
Arrow Right