Skills

Communication Incident Response Research Attention to detail Training Project Management

Job Specifications

Security Consultant - ISO 27001 GRC - remote first (occasional client visits)

Are you passionate about cybersecurity and governance? Do you thrive in a dynamic, client-facing environment where you can make a real impact?

One of our most successful clients is on the hunt for a Security Consultant with experience of delivering ISO 27001 & GRC assessments & training to a host of their clients spanning the public sector world.

This is a fully remote role, offering you the flexibility to work from anywhere while delivering top-notch consultancy services to their diverse client base.

As a Governance, Risk, and Compliance Consultant, you will:

Deliver Excellence: Manage and deliver client projects on time and to a high standard, ensuring a seamless experience for our customers.
Consult and Advise: Conduct assessments and reviews for ISO27001 (Information Security Management) and ISO22301 (Business Continuity Management). Provide expert advice on compliance standards such as PCI-DSS, Cyber Essentials, and more.
Policy Development: Create, review, and update information security policies to align with business and regulatory requirements.
Technical Expertise: Translate information security requirements into actionable IT security controls and measures.
Stay Ahead: Keep up-to-date with the latest regulations, standards, and best practices in cybersecurity and compliance.
Client Engagement: Participate in scoping calls, client meetings, and ongoing project management to ensure client satisfaction.
Incident Response Planning: Assist clients in developing robust Cyber Security Incident Response Plans (CSIRP).

We’re looking for someone with:

CISM, CISSP, or equivalent certifications.
ISO27001 and ISO22301 Lead Auditor/Implementor certifications.
Knowledge of Cyber Essentials/Cyber Essentials Plus.
Familiarity with PCI DSS and ISO31000 (preferred).

Experience:

Proven track record in delivering governance, risk, and compliance services.
Expertise in information security management and business continuity frameworks.
Experience working with industry standards such as NIST, CIS, and NCSC.
Strong communication skills with the ability to engage clients at all levels, including C-suite executives.

Skills:

Attention to detail and a knack for aligning security policies with business needs.
Ability to translate complex security requirements into practical solutions.
A proactive approach to staying informed about emerging security technologies and trends.

Here’s what a typical day might look like:

Start your day with a virtual team meeting to discuss ongoing projects and share insights.
Conduct a remote ISO27001 assessment for a client, identifying areas for improvement.
Draft or review an information security policy tailored to a client’s unique needs.
Participate in a scoping call with a new client to understand their compliance requirements.
Research the latest updates in cybersecurity regulations to ensure your advice is cutting-edge.
Wrap up the day by preparing a detailed report for a client, summarizing your findings and recommendations.

Curious? We're available anytime to talk through the finer details, in the words of the four tops........reach out!

About the Company

Candour - noun [U] UK (US Candor) The quality of being open and honest; frankness: a man of refreshing candour. It's fair to say the recruitment industry has had more than its fair share of bad press over the years. You only have to see what Google throws up in response to the word recruiter to see the regard so many hold the profession in. We're working hard to change that perception one placement at time. As a valued client of ours, you can expect a forthright appraisal of your requirements outlining any potential issue... Know more