Security Consultant (GRC)
| Dyddiad hysbysebu: | 06 Awst 2025 |
|---|---|
| Cyflog: | Heb ei nodi |
| Gwybodaeth ychwanegol am y cyflog: | Competitive Salary Depending On Experience |
| Oriau: | Llawn Amser |
| Dyddiad cau: | 05 Medi 2025 |
| Lleoliad: | London, UK |
| Gweithio o bell: | Hybrid - gweithio o bell hyd at 2 ddiwrnod yr wythnos |
| Cwmni: | NTT Data |
| Math o swydd: | Parhaol |
| Cyfeirnod swydd: |
Crynodeb
The team you'll be working with:
Security Consultant (GRC)
The team that you’ll be working with:
NTT DATA is one of the world’s largest global security service providers, partnering with some of the most recognized security technology brands. We’re looking for passionate, curious, and motivated individuals to join our team.
What you'll be doing:
What you'll be doing:
Using your background in Governance, Risk & Compliance, you will help our clients:
· Governance: directs, oversees, designs, implements or operates within the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage cyber and information security at an enterprise level. Supporting an organisation’s immediate and future regulatory, legal, risk, environmental and operational requirements and ensuring compliance with those requirements.
· Policy and Procedure Management: directs, develops or maintains organisational cyber and information security policies, standards and processes, using recognised standards (e.g. the ISO/ IEC 27000 family, NIST CSF) where appropriate. Applies recognised cyber and information security standards and controls within an organisation, programme, project or operation. Applies relevant security classification.
· Risk Management: develops cyber and information security risk management strategies and controls, considering business needs, balancing technical, physical, procedural and personnel controls. Identifies and assesses information assets, threat specific information, business impacts, business benefits and costs to identify and assess potential vulnerabilities and risks.
· Data Privacy: directs, oversees, designs, implements, contributes to, or operates within the set of multi-disciplinary structures, policies, procedures, processes and controls to manage the protection of personal data, privacy and human rights, supporting regulatory, legal, risk, environmental and operational requirements, and ensuring compliance with those requirements. (e.g. GDPR, Data Protection).
· Internal Controls Oversight: Establish and monitor internal controls to safeguard data and assets, conducting regular reviews and audits.
· Stakeholder Engagement: Serve as a liaison, offering guidance and support to internal teams, external partners, and regulatory authorities. Providing remediation guidance and prepare management reports to track remediation activities.
· Continuous Improvement: Identify opportunities for process enhancements, driving initiatives to bolster governance framework and security posture. Assess and test the effectiveness of security controls, and document the compliance levels to identify risks and control gaps.
What experience you'll bring:
What experience you’ll bring:
It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security risk management and have evidence of experience in a number of the following fields of expertise:
· 3+ years' varied experience in information security, data protection, risk management, enterprise IT, legal or (relevant) compliance roles.
· Strong understanding of security governance, risk, and compliance frameworks such as ISO 27001, NIST 800-53 / CSF, NIS/NIS2, DORA, UK CNI / OT / IIOT compliance.
· Hands-on experience building credibility with external stakeholders, including enterprise clients, critical system vendors, certification auditors and regulatory bodies.
· Proven leadership skills with the ability to guide and mentor teams, as well as influence and collaborate with senior stakeholders in a similar GRC, security, or risk management role.
· A hands-on approach with the ability to balance strategic oversight with direct involvement in security tasks.
· Excellent communication skills, with the ability to present complex information clearly and effectively to non-technical stakeholders.
· The ability to explain complex topics to a diverse range of audiences.
· Strong attention to detail and the ability to deliver high quality work.
· A valid right to work in the UK.
· Eligible to obtain UK SC clearance.
· CISA, CRISC, CISM or CISSP certification advantageous
Security Consultant (GRC)
The team that you’ll be working with:
NTT DATA is one of the world’s largest global security service providers, partnering with some of the most recognized security technology brands. We’re looking for passionate, curious, and motivated individuals to join our team.
What you'll be doing:
What you'll be doing:
Using your background in Governance, Risk & Compliance, you will help our clients:
· Governance: directs, oversees, designs, implements or operates within the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage cyber and information security at an enterprise level. Supporting an organisation’s immediate and future regulatory, legal, risk, environmental and operational requirements and ensuring compliance with those requirements.
· Policy and Procedure Management: directs, develops or maintains organisational cyber and information security policies, standards and processes, using recognised standards (e.g. the ISO/ IEC 27000 family, NIST CSF) where appropriate. Applies recognised cyber and information security standards and controls within an organisation, programme, project or operation. Applies relevant security classification.
· Risk Management: develops cyber and information security risk management strategies and controls, considering business needs, balancing technical, physical, procedural and personnel controls. Identifies and assesses information assets, threat specific information, business impacts, business benefits and costs to identify and assess potential vulnerabilities and risks.
· Data Privacy: directs, oversees, designs, implements, contributes to, or operates within the set of multi-disciplinary structures, policies, procedures, processes and controls to manage the protection of personal data, privacy and human rights, supporting regulatory, legal, risk, environmental and operational requirements, and ensuring compliance with those requirements. (e.g. GDPR, Data Protection).
· Internal Controls Oversight: Establish and monitor internal controls to safeguard data and assets, conducting regular reviews and audits.
· Stakeholder Engagement: Serve as a liaison, offering guidance and support to internal teams, external partners, and regulatory authorities. Providing remediation guidance and prepare management reports to track remediation activities.
· Continuous Improvement: Identify opportunities for process enhancements, driving initiatives to bolster governance framework and security posture. Assess and test the effectiveness of security controls, and document the compliance levels to identify risks and control gaps.
What experience you'll bring:
What experience you’ll bring:
It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security risk management and have evidence of experience in a number of the following fields of expertise:
· 3+ years' varied experience in information security, data protection, risk management, enterprise IT, legal or (relevant) compliance roles.
· Strong understanding of security governance, risk, and compliance frameworks such as ISO 27001, NIST 800-53 / CSF, NIS/NIS2, DORA, UK CNI / OT / IIOT compliance.
· Hands-on experience building credibility with external stakeholders, including enterprise clients, critical system vendors, certification auditors and regulatory bodies.
· Proven leadership skills with the ability to guide and mentor teams, as well as influence and collaborate with senior stakeholders in a similar GRC, security, or risk management role.
· A hands-on approach with the ability to balance strategic oversight with direct involvement in security tasks.
· Excellent communication skills, with the ability to present complex information clearly and effectively to non-technical stakeholders.
· The ability to explain complex topics to a diverse range of audiences.
· Strong attention to detail and the ability to deliver high quality work.
· A valid right to work in the UK.
· Eligible to obtain UK SC clearance.
· CISA, CRISC, CISM or CISSP certification advantageous
Aelod balch o'r cynllun cyflogwyr Hyderus o ran Anabledd
Hyderus o ran Anabledd
Gwybodaeth am Hyderus o ran Anabledd
Yn gyffredinol, bydd cyflogwr Hyderus o ran Anabledd yn cynnig cyfweliad i unrhyw ymgeisydd sy'n datgan eu bod yn anabl ac yn bodloni'r meini prawf lleiaf ar gyfer y swydd fel y diffinnir gan y cyflogwr. Mae'n bwysig nodi, mewn rhai sefyllfaoedd recriwtio fel nifer fawr o ymgeiswyr, cyfnod tymhorol ac amseroedd prysur iawn, efallai y bydd y cyflogwr am gyfyngu ar y niferoedd cyffredinol o gyfweliadau a gynigir i bobl anabl a phobl nad ydynt yn anabl. Am fwy o fanylion ewch i Hyderus o ran Anabledd.