We are seeking an NPPV Cleared Cyber Security GRC (Governance, Risk, and Compliance) Consultant to join our team on an initial 3 months contract assignment based in Leicester/Remote. (Duration is very likely to extend) Inside IR35

This role involves a blend of strategic advisory services, cyber security assessments and active participation in governance meetings with clients. This is a new role at Telefonica Tech, so the successful candidate will also be involved in helping to develop and refine the Cyber Governance & Advisory service.

Key Responsibilities:

• Conduct bespoke advisory engagements with clients to help them gain answers to cyber security challenges and make key strategic decisions.
• Perform cyber security assessments against established frameworks to identify weaknesses and recommend mitigations including roadmaps to maturity.
• Provide expert opinion and insights during governance meetings with clients' senior stakeholders.
• Facilitate interactive workshops, including tabletop incident response scenarios, to enhance clients' preparedness for cyber threats and help them agree security roles and responsibilities.
• Work closely with clients to customise security policies to their business requirements.
• Conduct cyber security risk assessments to support clients' senior decision-making.
• Operate cyber governance processes for clients, such as maintaining KPIs, running governance forums and performing policy reviews.
• Contribute to the design and enhancement of our GRC service processes and technologies.
• Identify opportunities for sales of our broader portfolio of services, in particular the NextDefense suite.
• Stay abreast of the latest cyber security trends and regulations to advise clients effectively.
• A recognized cybersecurity qualification (eg, CISSP, CISM, CRISC) is desirable.
• Minimum of 3 years of experience in a consultancy or security risk management role involving senior stakeholder engagement.
• Proven track record of delivering GRC or similar services in complex business environments.
• Strong understanding of cyber security frameworks (eg, NIST, ISO 27001, CIS-18) and typical cyber security controls.
• Excellent communication and facilitation skills, including written communication skills.

Qualifications: Ability to translate technical risks into business language for diverse audiences