We are seeking an experienced Senior GRC Consultant to join our consulting practice. The successful candidate will operate as a client‑facing consultant across a portfolio of concurrent engagements, delivering governance, risk management, and compliance advisory services to multiple clients with the autonomy and rigor expected of a senior consulting professional.
Key Responsibilities
- Governance:
Assess, develop, and uplift governance frameworks, policies, and procedures across the firm and external client environments. Ensure that governance structures are robust, clearly documented, and aligned with strategic objectives. Facilitate governance forums and committees, preparing board‑level and executive reporting as required.
- Risk Management:
Deliver enterprise‑wide cyber risk assessments across the firm and client environments, including identification, analysis, evaluation, and treatment of key risks. Maintain and enhance risk registers, ensuring risks are accurately captured, rated, and escalated in accordance with the applicable risk appetite framework. Assess and uplift risk management methodologies, tools, and reporting mechanisms across stakeholder groups. Provide subject‑matter expertise and advisory guidance on emerging risks, threat landscapes, and risk mitigation strategies.
- Compliance:
Monitor and assess compliance posture against applicable laws, regulations, standards, and contractual obligations (e.g. GDPR, ISO 27001, SOC 2, PCI DSS, NIS2) across the firm and external client engagements. Design and execute compliance assessment programmes, internal audits, and gap analyses. Advise on and manage relationships with external auditors, regulators, and certification bodies. Track regulatory developments and deliver clear, actionable guidance on the impact of new or amended requirements.
- Stakeholder Engagement & Advisory:
Act as a trusted adviser to senior leadership across the firm and client environments on GRC matters, translating complex risk and compliance topics into clear, actionable insights. Collaborate with IT, Information Security, Legal, Data Protection, and operational teams to embed GRC principles into day‑to‑day operations and client delivery. Deliver GRC awareness training and education programmes to promote a risk‑aware culture across the firm and within client organisations.
- Reporting & Metrics:
Develop and maintain GRC dashboards, key risk indicators (KRIs), and key performance indicators (KPIs) to provide visibility of risk and compliance status across the firm and client engagements. Define and track meaningful metrics to measure the effectiveness of GRC activities and demonstrate progress against maturity objectives. Prepare regular reports for senior management, audit committees, and the board as required.
Qualifications
- A minimum of five (5) years’ experience in a GRC, risk management, information security, or compliance role, with demonstrable experience operating at a senior or lead level within a consulting or advisory capacity.
- Strong working knowledge of governance and risk management frameworks (e.g. ISO 27001, ISO 31000, NIST CSF, COBIT).
- Proven experience conducting risk assessments, compliance audits, and gap analyses.
- Experience engaging with regulators, external auditors, and certification bodies.
- Excellent understanding of relevant regulatory landscapes (e.g. GDPR, NIS2, PCI DSS, FCA regulations, or sector‑specific requirements).
- Demonstrated ability to deliver GRC advisory services with the autonomy and rigor expected of a senior consulting professional.
Desirable Qualifications & Certifications
- Professional certifications such as CRISC, CISA, CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent.
- Experience with GRC tooling platforms (e.g. ServiceNow GRC, OneTrust, Archer, or similar).
- Prior experience in financial services, legal, defence, or other highly regulated sectors.
- Familiarity with third‑party risk management and supply chain assurance programmes.
- Experience delivering GRC services to multiple clients simultaneously, managing competing priorities and maintaining consistent quality of delivery across engagements.
Key Skills & Competencies
- Exceptional analytical and critical‑thinking skills with the ability to assess complex risk scenarios.
- Outstanding written and verbal communication skills, with the ability to present to executive and board‑level audiences.
- Strong client relationship management skills, with the ability to build trust and credibility across diverse stakeholder groups.
- Proven ability to context‑switch effectively across multiple concurrent engagements without compromising quality of delivery.
- Strong stakeholder management and influencing skills.
- Self‑motivated and able to work independently, managing multiple priorities within a fast‑paced consulting environment.
- High attention to detail and a commitment to delivering quality outcomes.
#J-18808-Ljbffr…
