Lead Information Security Consultant (GRC)

About the position At LRQA Cybersecurity, our focus is on excellence in cyber security. We have teams that offer world class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance, and plenty more. Our business is global and so are our clients. We work closely with central banks, central and local government, critical national infrastructure, large retailers, and plenty more besides! We're an award winning provider of cyber security services and we are at a very exciting stage of development. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. LRQA will be at the forefront of this arena and we want to seek the right people to join the team and make it happen. The purpose of this role is to deliver information security consultancy to LRQA clients, specialising in both strategic consultancy - via the CISO Support Office (CSO) and governance, risk and compliance (GRC). As a Lead Consultant, you will be capable of working autonomously, supporting colleagues and leading engagements to ensure that delivery of LRQA services is delivered effectively, to scope and in line with budget. This role is hybrid, with occasional travel to client sites and LRQA offices as required. Responsibilities • Drive engagements whilst supporting other members of the team to achieve excellent client satisfaction results. • Provision of client support to achieve compliance/certification against recognised standards such as ISO 27001, the GDPR, NIST CSF and PCI DSS. • Independently conduct ISO/IEC 27001:2022 audit activities. • Provide expert advice to clients on governance structures - including policies, procedures and controls to achieve compliance and reduce risk exposure. • Conduct Cybersecurity Maturity Assessment engagements. • Facilitate information asset discovery workshops and engagements. • Facilitate risk assessment workshops and engagements. • Deliver business continuity scenario tabletop exercises. • Deliver external stakeholder training and awareness presentations. • Contribute to service development by providing guidance and using subject matter expertise to identify, design and deliver collateral. Requirements • Degree level qualification in Computer Science, Computer Engineering, IT, Cyber Security, or a related field or 5 years experience working within an information security role. • Minimum 2 years experience in delivering consultative engagements using well known risk management and data security frameworks, standards, and methodologies. • Current PCI DSS QSA certification, or the ability to attain this within three months. • ISO 27001 Lead Auditor or Lead Implementer qualification. • Experience implementing SOC 2 Type 2 is strongly preferable. • CISSP/CISM (or equivalent) certification preferable. • Experience in ISO 27001 implementation and use of relevant standards to build control frameworks. • Demonstrable experience communicating complex information security concepts to top level (C suite) management. • Experience in cyber resilience planning, security operations, and managing security professionals. • Strong communication skills and the ability to build rapport with key stakeholders. Nice-to-haves • Experience in GDPR regulation. • Experience in TISAX. • Experience in CIS Controls. • Experience in CMMC. • Experience in DORA. • Experience in NIS 2 Directive. • Experience in HIPAA / NHS DSPT / Healthcare regulation. • Experience in Business Continuity. • Experience in Supplier Management. • Experience in Incident Management. • Experience in Physical Security. Benefits • Opportunities to make a difference and get involved in developing new service offerings. • Encouragement to participate in industry discussions, blogging, and public speaking. • Support for professional development and gaining knowledge in new areas. Apply tot his job