GRC Consultant

Company Description

Telefónica Tech (part of the Telefónica Group) is a leading NextGen Tech solutions provider with a highly diversified team of over 6,000 exceptionally skilled employees and +60 nationalities. At Telefónica Tech we believe that technology can do great things: from extracting all the value of data to make the best business decisions, to ensuring the resilience of every organisation to build a more sustainable future. We serve more than 5.5m customers every day in over 175 countries, with a global ecosystem of market-leading partners. We are a global business with local strategic hubs in Spain, Brazil, the UK, and Germany.

At Telefónica Tech UK&I, we offer an end-to-end portfolio of services, integrating cutting-edge technology solutions in Cloud, Data & AI, Enterprise Applications, Workplace Services, and Cyber Security & Networking. Our goal is to empower organizations at every stage of their digital journey, solving complex business challenges with our comprehensive suite of technology solutions. 

Job Description

GRC Consultant - Home-Based, UK - Travel Expected

At Telefónica Tech we are seeking a Cyber Security GRC (Governance, Risk, and Compliance) Consultant to join our team. This role involves a blend of strategic advisory services, cyber security assessments and active participation in client governance processes. This is a new role at Telefónica Tech, so the successful candidate will be involved in helping to develop and refine the Cyber Governance & Advisory service. 

Key Requirements

• Conduct bespoke advisory engagements with clients to help them gain answers to cyber security challenges and make key strategic decisions. 
• Perform cyber security assessments against established frameworks to identify weaknesses and recommend mitigations including roadmaps to maturity. 
• Provide expert opinion and insights during governance meetings with clients' senior stakeholders. 
• Facilitate interactive workshops, including tabletop incident response scenarios, to enhance clients’ preparedness for cyber threats and help them agree security roles and responsibilities. 
• Work closely with clients to customise security policies to their business requirements. 
• Conduct cyber security risk assessments to support clients' senior decision-making. 
• Operate cyber governance processes for clients, such as maintaining KPIs, running governance forums and performing policy reviews. 
• Identify opportunities for sales of our broader portfolio of services, in particular the NextDefense suite. 
• Stay abreast of the latest cyber security trends and regulations to advise clients effectively. 

Qualifications

• A recognized cybersecurity qualification (e.g., CISSP, CISM, CRISC) is desirable. 
• Minimum of 5 years of experience in a consultancy or security risk management role involving senior stakeholder engagement. 
• Proven track record of delivering GRC or similar services in complex business environments. 
• Strong understanding of cyber security frameworks (e.g., NIST, ISO 27001) and typical cyber security controls. 
• Excellent communication and facilitation skills, including written communication skills. 
• Ability to translate technical risks into business language for diverse audiences. 

Additional Information

Key Words:

GRC Consultant - Governance - Risk - Compliance - Risk Management - CISSP - CISM - CRISC - NIST - NIST2 - ISO - ISO 27001 - Cyber Security - Security - Cyber Consultant - Cyber Security Consultant - GRC

We don’t believe hiring is a tick box exercise, so if you feel that you don’t match the job description 100%, but would still be a great fit for role, please get in touch.