Role Description

Security Governance Risk and Compliance Consultant at IT Lab, Remote

Company Background

At IT Lab, we help customers to navigate the changing world of technology. We are taking on new and exciting challenges specifically targeted at helping our clients deal with the ever-changing cyber threat. If you want to help UK businesses be more secure, join us in expanding our operational security operations centre.

The cyber team has grown rapidly over the past 12 months, including the acquisition of an expert and highly accredited Penetration Testing and Security Consultancy capability. IT Lab Cyber has an integrated set of capabilities that can provide services to customers across the cyber security lifecycle. As a managed security services provider, with a strong technical testing and consultancy core, we can offer advice, operations and remediation in tandem with the wider technology services operations that are carried out by IT Lab. We are looking for ambitious individuals to join the team and help to secure our customers and keep malicious actors at bay. 
IT Lab is a successful, ambitious and rapidly growing organisation: backed by ECI Partners in 2016, we are funded for organic and acquisitive growth and the cyber team is an important strategic part of this growth. We deliver a valuable set of strategic and innovative cyber services that are highly relevant to IT Lab’s customers and which complement the other services that the firm offers. 

The Role

The Security GRC Consultant role is part of the Cyber team within IT Lab. Candidates in this role will engage with clients on discrete and on-going cyber security projects defining and delivering solutions to meet the client’s needs. You will establish and maintain processes, tooling and metrics that help provide a high level of productivity, supportability, and operational readiness while also participating in project planning activities such as service enhancements. Candidates will also coach and mentor co-workers on governance, risk and compliance issues and verify that they follow process to ensure all projects are delivered with the highest quality. 

Key GRC capabilities 

  • Policy Development: Drafting new policy or amending existing security policy and procedure sets for clients that meet legal, regulatory and compliance requirements but also are tailored to the culture of the client’s unique business environment. 
  • Gap Analysis: Undertaking assessment activity to identify gaps against well-known standards as well as internally developed client security standards. Taking a meticulous evidence based approach to discover the gaps and provide recommendations in closing gaps. 
  • Risk Assessments: Creating end to end risk management programmes or undertaking risk assessments utilising well-known RA methodologies to identify risk. Defining or incorporating risk appetite in to actionable risk treatment plans for IT Lab clients. 
  • Auditing: Carrying out internal security audits or security audits of client’s supply chain to provide assurances to the client that compliance is maintained and exceeded. 
  • ISMS Implementation: Helping clients design and implement end to end or partial components of an Information Security Management System aligned to legal, regulatory and other standards of importance to the client. 
  • Cyber Strategy: Develop cyber strategy for IT Lab’s clients as they seek to become more proactive in improving their security posture in an achievable and tailored manner. Taking in to account relevant threats, business operating environment, and culture to define security principles to help guide definition of plans to address cyber risk. 
Individual Responsibilities
  • Develop and maintain delivery processes for the GRC services to ensure they are operating effectively and keeping up with latest developments in security strategy and security standards 
  • Deliver security engagements on and off client sites around the UK and occasionally internationally 
  • Develop and maintain tooling that supports the delivery process for GRC services 
  • Help develop marketing collateral and supporting the sales and marketing team in driving GRC business in to IT Lab 
  • Play a significant role in long-term GRC Service strategy and planning, including initiatives geared toward operational excellence 

Location and environment

This role can be based out of either our London or Manchester offices; however, you will work amongst a wider team that is split across the UK. 

We are a dynamic and fast-growing company that truly values and is reliant upon our people, our culture and our commitment to excellence we call Service Obsession. Being the best means having the best people, and getting the best people means being the best place to work. 
We like to laugh, we like to do things together and among all the challenges of growing a fast-paced business, we endorse people being themselves, allowing them to focus on outcomes and substance rather than form. We’re proud of our employee engagement and have successfully been listed in the Sunday Times “Best Companies to Work for” for six years and with our group companies, 11 of the last 13 years.   

We’re also pleased with our number 80 ranking in the Sunday Times Tech Track 100 which tracks the fastest growing technology companies in the UK.

Background, Experience and Skills

To apply for this role, you will ideally have a 2:2 or above in a Bachelors’ or Masters’ degree, or, significant work experience that enables you to demonstrate the capabilities that would be gained through a degree. Industry recognised qualifications such CISA, CISM, CISSP or any SANS certifications would be beneficial but not necessary. 

In addition to above, you will be able to demonstrate capability across a number of the areas listed below: 

  • Demonstrable experience in a related security or management consultancy role 
  • Awareness of cyber-attack techniques and how protective monitoring systems can be used for detection, mitigation, remediation and protection 
  • An understanding of well-known standards such as ISO27001, PCI DSS, as well as frameworks such as NIST. 
  • Experience in risk assessment/analysis methodologies 
  • Good understanding of data privacy laws such as GDPR and ability carry out compliance audits 
  • Developing and delivering user awareness training to clients through online content and in person high impact class room based training 
  • A keen interest in the latest security technologies. 
  • A wide awareness of Cyber Security and Cyber Threat Landscape 
  • Awareness of risk management and the ability to contextualise technical issues in to business risk relevant to clients, jargon free 
  • You can understand customer’s needs and deliver appropriate services 
  • You are a self-starter and keen to develop new services 
  • You can collaborate effectively within a team environment 
  • You have excellent communication (verbal and written) skills 
  • You are keen to develop personally and help others do the same

Package and Logistics

  • Package dependent on experience 
  • Role can be based out of either Manchester or Central London offices. 
  • 25 days annual leave 
  • Pension, healthcare (a whole array of benefits) 
  • Working hours of 40 hours per week, between 9.00am – 6.00pm, Monday to Friday 
  • Continual professional development plans

Good luck and please bear in mind we receive a very high number of applications; we will endeavour to get back to all applicants, however, we thank you for understanding this is not always possible for unsuccessful applicants.

IT Lab is an equal opportunities employer and is committed to attracting and retaining the best talent.