Job title: IT Security Technical, Governance, Risk and Compliance Consultant
Job type: Permanent
Emp type: Full-time
Salary type: Annual
Salary: negotiable
Location: York
Job published: 2025-09-04
Job ID: 32784
Contact name: Richard Padget
Phone number: +441617147120
Contact email: richard@candour-solutions.co.uk

Job Description

Governance, Risk, and Compliance Consultant - ISO27001 - Yorkshire Remote Opportunity | Full-Time

Overview

Are you passionate about cybersecurity and governance? Do you thrive in a dynamic, client-facing environment where you can make a real impact? We’re looking for a Governance, Risk, and Compliance Consultant** to join our clients team and help organizations navigate the complex world of information security, compliance, and risk management.

This is a fully remote role, offering you the flexibility to work from anywhere while delivering top-notch consultancy services to our diverse client base. If you’re ready to take your expertise to the next level and work with a team that values innovation and excellence, we want to hear from you!

Responsibilities

As an IT Security Technical, Governance, Risk, and Compliance Consultant, you will:

  • Deliver Excellence: Manage and deliver client projects on time and to a high standard, ensuring a seamless experience for our customers.
  • Consult and Advise: Conduct assessments and reviews for ISO27001 (Information Security Management) and ISO22301 (Business Continuity Management). Provide expert advice on compliance standards such as PCI-DSS, Cyber Essentials, and more.
  • Policy Development: Create, review, and update information security policies to align with business and regulatory requirements.
  • Technical Expertise: Translate information security requirements into actionable IT security controls and measures.
  • Stay Ahead: Keep up-to-date with the latest regulations, standards, and best practices in cybersecurity and compliance.
  • Client Engagement: Participate in scoping calls, client meetings, and ongoing project management to ensure client satisfaction.
  • Incident Response Planning: Assist clients in developing robust Cyber Security Incident Response Plans (CSIRP).

Qualifications

We’re looking for someone with:

Professional Certifications:

  • CISM, CISSP, or equivalent certifications.
  • ISO27001 and ISO22301 Lead Auditor/Implementor certifications.
  • Knowledge of Cyber Essentials/Cyber Essentials Plus.
  • Familiarity with PCI DSS and ISO31000 (preferred).

Experience:

  • Proven track record in delivering governance, risk, and compliance services.
  • Expertise in information security management and business continuity frameworks.
  • Experience working with industry standards such as NIST, CIS, and NCSC.
  • Strong communication skills with the ability to engage clients at all levels, including C-suite executives.

Skills:

  • Attention to detail and a knack for aligning security policies with business needs.
  • Ability to translate complex security requirements into practical solutions.
  • A proactive approach to staying informed about emerging security technologies and trends.

Day-to-Day

Here’s what a typical day might look like:

  • Start your day with a virtual team meeting to discuss ongoing projects and share insights.
  • Conduct a remote ISO27001 assessment for a client, identifying areas for improvement.
  • Draft or review an information security policy tailored to a client’s unique needs.
  • Participate in a scoping call with a new client to understand their compliance requirements.
  • Research the latest updates in cybersecurity regulations to ensure your advice is cutting-edge.
  • Wrap up the day by preparing a detailed report for a client, summarizing your findings and recommendations.

Curious? We're available anytime to talk through the finer details, in the words of the four tops........reach out!