Share this Job

Senior Information Security Consultant - GRC

Apply now »

Date: 17-Jun-2022

Location: Leamington Spa, GB, CV31 3RZ

Company: Lloyds Register

About Nettitude


Nettitude is an LRQA Company. We’ve been around since 2003 and our focus has always been on excellence in cyber security. We have teams that offer world class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance, and plenty more. Our business is global and so are our clients. We work closely with central banks, central and local government, critical national infrastructure, large retailers, and plenty more besides!

We’re an award winning provider of cyber security services and we’re are at a very exciting stage of development. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. Nettitude will be at the forefront of this arena and we want to seek the right people to join the team and make it happen.

You can find out more about us at If you want to review our research and tooling, then head on over to


The role

We’re looking for an experienced information security consultant to join our GRC team. The role will be focused on delivering strategic consultancy to our clients, including acting as a “Virtual CISO”. As a vCISO lead you’ll work with a number of different clients on an ongoing basis, acting as their CISO and helping to mature and manage their business as usual information security functions. Candidates must have a broad skillset, and previous experience working up to board level in a consultancy role. You must possess leadership qualities and be skilled at proactively managing client engagements, as well as coaching colleagues who form part of the wider CISO support team. As well as delivering ongoing vCISO services, you’ll also have opportunities to deliver other GRC services including security awareness training, third-party risk reviews, and cybersecurity assessments in mergers and acquisitions.

Whilst certification does not equate to experience, successful candidates will likely hold recognised certifications such as CISSP and ISO 27001 Lead Auditor/Implementer. Previous client-facing consultancy experience is required for this position.


This role is remote, and you will be delivering client engagements approximately 70% of the time, which is split between on-site and remote depending on client requirements. Our clients are primarily based in the UK, however there are opportunities some European and international travel. All applicants will require residence in the UK.


What you’ll be doing in your role:


  • Leading Virtual CISO and CISO support engagements
  • Conducting security reviews against standards or guidelines such as the NCSC 10 Steps to Cyber Security, NIST CSF, CIS controls
  • Performing ISO 27001 gap analyses
  • Helping our clients to implement Information Security Management Systems, and achieve and maintain ISO27001:2013 certification
  • Conducting risk assessments
  • Creating third-party risk management and audit programmes



Key Skills:

The successful candidate will have experience and skills including:

  • Developing cyber strategy
  • Risk management
  • Security best practice reviews
  • Strong understanding of ISO 27001 and experience in implementation of an ISMS
  • Strong understanding of and experience in using relevant standards and guidelines such as CIS controls, NIST CSF
  • Policy creation, review and development
  • Managing technical projects
  • Contributing to business as usual functions such as change approval boards, technical design authorities, and steering groups
  • Clearly communicating information security objectives and requirements to all levels, from end-users through to board level
  • Strong communication skills and an ability to build rapport with key stakeholders
  • Willingness to “roll up your sleeves” and get involved, and take responsibility for ensuring we always exceed client expectation



What we offer:


We offer you an exciting working environment with intellectual challenges, responsibility and high level client interaction. An attractive remuneration package will be negotiated with the right candidate.





Are you interested in this job? Apply now via the ‘apply’ button and upload your C.V. and cover letter


Job Segment: Information Security, R&D, Technology, Research