Share this Job

Information Security Consultant - GRC

Apply now »

Date: 18-Nov-2021

Location: Leamington Spa, GB, CV31 3RZ

Company: Lloyds Register

About Nettitude


Founded in 2003, Nettitude is an award-winning global provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace. Through our research and innovation centres, we provide threat led services that span technical assurance, consulting and managed detection and response offerings.

To learn more, please visit https://www.nettitude.com/



The role

We’re looking for an information security consultant to join our team. You’ll be part of a team delivering security consultancy in a client-facing role, covering a range of areas including

  • ISO27001 implementation support
  • Cyber strategy
  • Risk management, workshops, and risk assessments
  • CISO Support
  • Security awareness training
  • Data protection, DPA, GDPR
  • PCI DSS, consultancy, workshops, training, assessments
  • Security best practice reviews
  • Policy creation, review and development

This role is home-based, and you will be delivering client engagements approximately 70% of the time, which is split between on-site and remote depending on client requirements. Our clients are primarily based in the UK, however there are opportunities some European and international travel.

Our team of consultants are based throughout the UK, and meet regularly both virtually, and in person. You will be exposed to learning opportunities through formal training, and on-the-job learning through collaboration with the wider team.

We’re open to candidates of varying levels of experience, but previous client-facing consultancy experience is required for this position.




This role is remote. We can support working from across the UK. All applicants will require residence in the UK.






What you’ll be doing in your role:


As part of our Governance, Risk & Compliance (GRC) team, you will deliver a mixture of on-site and remote consultancy services to our clients.


In your role you will work with our clients to:

  • Conduct security reviews against standards or guidelines such as the NCSC 10 Steps to Cyber Security, NIST CSF, CIS 20
  • Perform ISO 27001 gap analyses
  • Help our clients to implement Information Security Management Systems, and achieve and maintain ISO27001:2013 certification
  • If eligible, qualify as a PCI DSS QSA and deliver gap analyses and assessments
  • Conduct risk assessments
  • Create third-party risk management and audit programmes
  • Deliver security awareness training to end-users
  • Support our Virtual CISO services, working alongside our team and client CISOs and security managers



Key Skills:


The following are the requirements for this role:


  • Experience in a consultancy role, and an ability to communicate clearly, with impact, to both technical and exec/board level staff.
  • Be an ISO 27001:2013 Lead Auditor and/or Lead Implementer
  • Have experience of ISO27001:2013, including implementing an ISMS, and leading a client through to successful certification
  • Have experience of using your time effectively, and be motivated to drive client engagements and be pro-active in your approach
  • Support the account management team by helping to identify client needs and building bespoke solutions
  • A solid technical background, ideally with hands-on experience with technologies such as Windows/Linux, networking, databases, development, firewalls, security technologies such as antivirus, IDS/IPS, DLP
  • Strong written skills
  • Strong communication skills and an ability to build rapport with key stakeholders
  • Willingness to “roll up your sleeves” and get involved, and take responsibility for ensuring we always exceed client expectation


Senior candidates would benefit from the following:

  • Be experienced at C-Level. This includes presenting to top level management, decision makers and risk owners. You will have the ability to articulate information security risks in a way that demonstrates an understanding of the wider business impact
  • Be able to communicate clearly, with impact, at both technical and exec/board level
  • Demonstrate leadership as a senior team member. You will be expected to have input into developing the wider team, take ownership of service areas, and be able to support and mentor other team members
  • Demonstrate commercial awareness by understanding how Nettitude can build strategic “trusted partner” relationships


Qualifications & Certifications

Whilst a collection of certifications is less important than experience, we would expect candidates to possess one or more of the following certifications:

  • ISO 27001 Lead Auditor or Lead Implementor
  • CISM
  • CISA


What we offer:


We offer you an exciting working environment with intellectual challenges, responsibility and high level client interaction. An attractive remuneration package will be negotiated with the right candidate.





Are you interested in this job? Apply now via the ‘apply’ button and upload your C.V. and cover letter





Job Segment: Information Security, Consulting, Linux, Technology, Research