Risk and Compliance Consultant

Job Description:

Job Title: Risk and Compliance Consultant
Employer: DXC Technology
Location: Erskine or Newcastle
Salary: Competitive
Security Clearance: SC Essential

About DXC Technology

DXC Technology is a global leader in IT services and solutions, driving innovation and delivering business outcomes for enterprises and governments worldwide. With expertise in cybersecurity, cloud, analytics, and AI, DXC empowers organizations to navigate the complexities of modern technology landscapes. Our focus is on providing secure, efficient, and scalable solutions, making DXC a trusted partner for digital transformation.

Role Overview

As a Risk and Compliance Consultant, you will ensure that the delivered services are secure and compliant with authority security requirements. This role involves conducting cybersecurity risk assessments in line with NIST 800-30, developing actionable risk remediation plans, and adhering to "Secure by Design" principles. You will also create and assist in delivering Secure By Design artifacts, ensuring that security standards are maintained throughout project lifecycles.

Key Responsibilities

• Conduct cybersecurity risk assessments, considering outcomes from threat modeling, cybersecurity controls, and technical assessments (aligned with NIST 800-30/37 v5).
• Perform threat modeling exercises using methodologies like STRIDE and Attack Trees.
• Develop and facilitate risk remediation action plans in collaboration with risk owners and technical teams.
• Update Risk Management Accreditation Document Sets (RMADS) to align with Secure by Design requirements.
• Perform gap assessments against cybersecurity standards.
• Support the implementation of Information Security Management Systems (ISMS) aligned with regulatory and client security standards.
• Continuously enhance knowledge of security aspects of common technologies and DXC service offerings.
• Demonstrate strong consultancy skills and foster trusted relationships with customers.

Essential Qualifications and Skills

• Education: BSc and/or MSc in IT Security, related field, or relevant apprenticeship/industry experience.
• Certifications (one or more):
  • CompTIA Security+
  • Associate membership with CIISEC
  • ICS2 Cybersecurity Certification (CC), CISSP, ISSAP
  • ISACA CISM or CRISC
• Experience:
  • Professional IT experience (at least 2 years in cybersecurity).
  • Cybersecurity risk assessments and remediation planning.
  • Developing security documentation and writing security policies.
• Knowledge:
  • Threat modeling techniques and current cyberattack methods.
  • NIST 800-30/37 and ISO27001 standards.

Desirable Skills

• Experience in MoD, HMG, or public sector cybersecurity.
• Knowledge of physical and environmental controls.
• Incident response, business continuity, and recovery planning expertise.
• Third-party cybersecurity risk assessment experience.
• Cloud security qualifications (e.g., Microsoft Azure, AWS, Google Cloud).

​Apply Now to make a difference in securing tomorrow's digital world with DXC Technology!

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.