Senior GRC Consultant

Company Profile:

3Columns is a specialist cybersecurity firm delivering a wide range of services from Security Assurance, Security Governance, Professional services and Managed Services. Solutions include Managed Security Services, Offensive Security Services, Cyber Security Consulting, and professional services to assist customer deploy all the required controls. The core service delivered by the SOC is Managed Detection & Response and Incident Response.

About the Role:

3Columns is seeking a Senior GRC/ Cybersecurity Consultant to join the team. They will be responsible for delivering outcome-based engagements to a variety of clients, and proactively improving the Governance, Risk & Compliance capabilities within the organizations they are engaged with. The Senior Security Consultant will lead small to large projects to assist clients in developing and implementing cybersecurity risk mitigation strategies to support the business and help drive the success of organizational business strategies. The successful applicant will become an integral part of each client's cybersecurity strategy, developing strong relationships, and becoming a trusted partner within each organization.

Skills and Experience

• Strong understanding of ISO27001, NIST and ASD8
• Ability to apply and audit cybersecurity frameworks such as ISO/IEC 27001,31000, ASD8 and NIST.
• Ability to take organizations on their Cyber security journey
• Good understanding of GDPR and PCI-DSS, ISM, RFFR, SOC2
• Ability to develop and utilize the company's methodologies to provide effective cybersecurity and risk advice.
• Ability to articulate business implications and accurately calculate risks of findings in relation to the business.
• Ability to develop and deliver training and/or speaking material for public and/or private events.
• Proactively researching emerging security risks and controls.

Business Skills

• Excellent written and verbal skills to clearly explain concepts in non-technical terms.
• Consulting Skills with wide range of audience
• Strong communication and writing skills.
• Ability to translate IT and technical risks into business risk for the C-Level and Board.
• Strong understanding of commercial arrangements for small to large projects and able to demonstrate the value of service offerings to clients.
• Identifying and articulating security advice aimed at employees, managers and executives.

Personal Skills

• Must be forward-thinking in terms of vision for the business and team culture.
• Must have experinece in working with consulting company and with multiple customers and projects at the same time.
• Come up with innovative ideas to deliver services to the customer
• Ability to speak about security and recommend security controls to experienced security   professionals and executives confidently and accurately.
• The ability to work as part of the team.
• Flexibility and motivation to work across various types of engagements.
• The ability to multitask and service multiple clients at once.
• Is detail-orientated, self-motivated and can work independently.

Certifications

You will a proven track record in an Information Security, IT Audit, Risk or Compliance field. You will also be a strategic and innovative thinker with strong organizational skills and an understanding of a range of industries and sectors. Candidates will hold or be studying towards one or some of the following certifications or equivalent:

• ISO 27001 Lead Auditor or Lead Implementer.
• CISSP ( Desirable , not mandatory)
• CISA
• CISM ( Desirable , not mandatory)
• CDPSE ( Desirable , not mandatory)
• Associate PCI DSS QSA ( Desirable , not mandatory)

Past Experience

• Previous or current experience working in a client-facing role is highly regarded.
• Understanding of PCI-DSS framework.
• Experience working with, presenting to, liaising with C level and board members
• Your experience & qualifications

Please Note:- Anyone with less than 5 years of experience in GRC consulting space will not be considered for this role.