Senior Information Assurance Consultant (GRC)

  • Location: Hybrid (London/Camberley/Sheffield/Home)

  • Working Pattern: Hybrid (at least 2 days in office)

  • Job Type: Permanent

  • Start date: ASAP

  • Ref No: V11564

The Vacancy:

Cyro provides skilled experts to help its client build cyber security and information assurance capability through pragmatic consultancy. This role will be a client facing role helping them to implement compliance regimes or controls to secure their organisations. Cyro focuses on assisting UK companies from a variety of verticals (Government, Critical National Infrastructure, Finance, Legal, Retail etc.) therefore a vast majority of work takes place in the UK though there is some international travel required in certain instances. The work is varied and engagements can vary from a 5-day risk assessment or regular vCISO engagements to a 6-month placement with the client. It’s an ideal way to broaden experience and prepare oneself for a CISO role in the future.

The role of Senior IA Consultant aligns with CCP/ SFIA Level 4 and is designed for individuals looking to for an interesting challenge within one of the UK’s fastest growing Cyber Security organisations. This position involves working closely with experienced professionals in Cyro Cyber to support clients in implementing and maintaining robust security practices.

This position involves leading security risk assessments, implementing compliance regimes, and advising on best practices aligned with industry standards such as ISO 27001 and NIST. The candidate will help organisations to enhance their overall security posture.

The ideal candidate is a person with demonstratable experience within cyber or information security. Able to complete, and possibly lead teams to deliver, engagements with clients to the highest of standards. Previous incumbents have progressed to positions as Principal consultant, specialising in management, leadership or perhaps a technical subject matter expert in topics such as Operational Technology (OT), NIST or PCI DSS.

Primary responsibilities:

Governance, Risk and Compliance

Lead and deliver client engagements, including:

  • Cyber Security Maturity Assessment

  • Regulatory or Standard specific consulting:

  • ISO 9000, 22301, 27001, 27701,42000

  • Government: TSA, NIS, CAF, DORA, EU CRA

  • NIST: 800, CSF

  • Virtual CISO

  • Third Party Risk Management

Internal Compliance and Security

Support the Cyro Cyber CISO in delivery of their duties, to include:

  • Ensure compliance of services with relevant regulatory standards and frameworks (CREST SOC, ISO27001, Cyber Essentials, PSN, CAF, NIST, ISO9001, ISO2000).

  • Third Party Risk Management.

  • Maintain overall security posture.

Client and Stakeholder Engagement

Collaborate with clients to identify their cybersecurity needs and deliver desired services solutions.

Support sales and marketing teams by contributing to content or events.

Technology and Innovation

Develop and improve services available for Cyro Cyber to provide to its clients.

Management

Cyro Cyber will encourage the incumbents of this role to seek management opportunities. This may be in the form of formal team and personnel management, or functional management of a project, program or service. Should a candidate do so, the following responsibilities may apply:

  • Manage communication lines between team members and stakeholders.

  • Complete periodic project management tasks.

  • Complete periodic performance reviews (formal and informal).

  • Act as a first line of contact between interested parties for personal or operational concerns.

  • Escalate, where appropriate, any matter deemed appropriate to the correct stakeholders to ensure the successful delivery of a project, program or service.

  • Manage the requirements of team members, providing career advice and development opportunities. Complimented by annual structured objectives, aligned with team and company direction.

Essential Skills and Experience:

  • Proven background in auditing or implementing cyber or information security frameworks or standards to organisations.

  • Experience managing the delivery of projects or engagements.

  • Strong understanding of IT Security.

  • Excellent attention to detail.

  • Strong interpersonal and communication skills

  • Strong analytical and problem-solving mindset.

  • Good presentation and relationship management skills.

  • Eligible for Security Clearance (successful appointment will be subject to being granted Security Clearance)

Desirable Skills and Experience:

  • Previously held Security Clearance or Developed Vetting (SC/DV)

  • Academic qualifications or certifications relating to cyber or information security (e.g. ISO 27001 LI/LA, CISSP, CISM, CCSP, Azure or AWS Security specific).

  • Experience working on security related activity with Critical National Infrastructure or Government departments.

  • Experience working as a Cyber or Information Security consultant.

  • Experience managing people or a team in previous roles.

SFIA Level 4 Description:

Levels of responsibility: Level 4 - Enable

Essence of the level:

  • Performs diverse complex activities, supports and guides others, delegates tasks when appropriate, works autonomously under general direction, and contributes expertise to deliver team objectives.

  • Autonomy: Works under general direction within a clear framework of accountability. Exercises considerable personal responsibility and autonomy. When required, plans, schedules, and delegates work to others, typically within own team.

  • Influence: Influences projects and team objectives. Has a tactical level of contact with people outside their team, including internal colleagues and external contacts.

  • Complexity: Work includes a broad range of complex technical or professional activities in varied contexts.

  • Knowledge: Applies knowledge across different areas in their field, integrating this knowledge to perform complex and diverse tasks. Applies a working knowledge of the organisation’s domain.

  • Decision-making: Uses judgment and substantial discretion in identifying and responding to complex issues and assignments related to projects and team objectives. Escalates when scope is impacted.

  • Planning: Plans, schedules and monitors work to meet given personal and/or team objectives and processes, demonstrating an analytical approach to meet time and quality targets.

  • Collaboration: Facilitates collaboration between stakeholders who share common objectives. Engages with and contributes to the work of cross-functional teams to ensure that user/customer needs are being met throughout the deliverable/scope of work.

  • Problem-solving: Investigates the cause and impact, evaluates options and resolves a broad range of complex issues.

  • Improvement mindset: Encourages and supports team discussions on improvement initiatives. Implements procedural changes within a defined scope of work.

  • Creativity: Applies, facilitates and develops creative thinking concepts and finds alternative ways to approach team outcomes.

  • Communication: Communicates with both technical and non-technical audiences including team and stakeholders inside and outside the organisation. As required, takes the lead in explaining complex concepts to support decision making. Listens and asks insightful questions to identify different perspectives to clarify and confirm understanding.

  • Leadership: Leads, supports or guides team members. Develops solutions for complex work activities related to assignments. Demonstrates an understanding of risk factors in their work. Contributes specialist expertise to requirements definition in support of proposals.

  • Adaptability: Enables others to adapt and change in response to challenges and changes in the work environment.

  • Learning and development: Rapidly absorbs and critically assesses new information and applies it effectively. Maintains an understanding of emerging practices and their application and takes responsibility for driving own and team members’ development opportunities.

  • Digital mindset: Maximises the capabilities of applications for their role and evaluates and supports the use of new technologies and digital tools. Selects appropriately from, and assesses the impact of change to applicable standards, methods, tools, applications and processes relevant to own specialism.

  • Security, privacy and ethics: Adapts and applies applicable standards, recognising their importance in achieving team outcomes.

So why choose Cyro for your next opportunity?

To build, run and maintain a successful compliance programme, you need a connected approach – a team you can trust from strategy to support, and everything in between. At Cyro, this is what we do!

As part of our team, you could be working with some of the biggest names in the Critical Nation Infrastructure and Service Provider sectors including London Underground, Network Rail, Transport for London, RNLI, MOD and Virgin Media. You’ll help us ensure the most important messages get through – however tough the conditions.

Here are just some of the ways we’re different:

o   You’ll go further with us. We understand the importance of career development and will give you all the support you need to realise your potential. You’ll receive formal training, e-learning and mentoring from top professionals. And we offer opportunities to transfer to other sectors – or even different technology areas.

o   You’ll make a difference. You could be working outdoors, battling the elements, or in one of our many offices helping us develop the network infrastructures of tomorrow.

o   You’ll be treated as an individual. We’re not a vast corporation, which means every individual counts. With us, you’ll be valued and supported, involved and empowered from day one.

o   You’ll be well rewarded. We offer salary progression that reflects market rates and personal performance, a flexible working environment and excellent training.

Excellent Employee Benefits:

Cyro is committed to ensuring that we offer industry leading career opportunities, salary and benefits packages. Join us and you can expect to receive:

  • 25 days holiday, including public holidays, plus the option to buy or sell five days each year

  • Company pension scheme

  • A range of family friendly policies

  • An employee-funded car leasing scheme

  • Occupational health support

  • Cyro Rewards Scheme

Click here to download our company information pack

Cyro is an equal opportunities employer and is committed to diversity and inclusion.

We reserve the right to close this vacancy once we have received sufficient applications.

This job description sets out the duties and responsibilities of the job at the time when it was drawn up.  Such duties and responsibilities may vary from time to time without changing the general character of the duties or the level of responsibility entailed.  Such variations are a common occurrence and cannot in themselves justify a reconsideration of the grading of the job.