Head of Governance, Risk & Compliance (UK)
Birmingham, GB, B37 7ES
LRQA
We help businesses evolve by connecting them with tomorrow’s thinking, today.About LRQA Nettitude
LRQA Nettitude (formerly Nettitude) been around since 2003 and our focus has always been on excellence in cyber security. We have teams that offer world class consulting and advisory services, specifically in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance, and plenty more across the cybersecurity services. Our business is global and so are our clients. We work closely with central banks, central and local government, critical national infrastructure, large retailers, and plenty more besides!
We’re an award winning provider of cyber security services and we’re are at a very exciting stage of development. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. Nettitude will be at the forefront of this arena and we want to seek the right people to join the team and make it happen.
You can find out more about us at www.nettitude.com. If you want to review our research and tooling, then head on over to https://labs.nettitude.com
The role
We are looking for a candidate to lead the UK Governance, Risk & Compliance team and oversee US operations until we expand this region further. The primary purpose of the role is to oversee all aspects of delivering governance, risk, and compliance (GRC) consultancy services to our clients and ensuring we are hitting high standards across the board and maintaining a client first approach. This includes leading a team of consultants, aligning services with client requirements, resolving issues, and driving client satisfaction, e.g. NPS.
This role is home-based, with occasional travel to client sites and LRQA offices.
What you’ll be doing in your role:
Key responsibilities:
- Team management and recruitment. Lead and manage the team, including recruitment, performance management, and development. This also includes managing a pool of subcontractors as appropriate, to provide additional flexible resources.
- Service ownership. Own all GRC services, with overall responsibility for delivery. Develop new services and evolve existing services based on client-demands and industry changes.
- Financial and utilisation performance. Achieve defined revenue, profitability, and utilisation targets and reporting these figures to the P&L holder.
- Support sales and marketing. Work with colleagues to ensure that GRC services are appropriately marketed. Ensure sales and presales teams are supported in selling GRC services, by creating or contributing to proposals, sales training materials, Confluence content, etc.
- Create bespoke solutions. Ensure that requests for bespoke services are evaluated, and be creative in developing solutions that meet unique client requirements that do not align to existing services. Manage risks related to delivery of bespoke services.
- Support delivery scheduling. Work with the Project Delivery team to prioritise conflicting demands on consultant resources to ensure that engagements are scheduled as efficiently as possible. Ensure that delivery demands are balanced to support a healthy work/life balance for consultants. Act as an escalation point where client timelines are at risk, and make use of subcontractors where appropriate.
- Client delivery. Provide support and oversight to strategic engagements.
You’ll be leading a team of delivering security consultants, with a particular focus on:
- PCI DSS consultancy and assessments
- Security reviews against standards or guidelines such as the NCSC 10 Steps to Cyber Security and NIST CSF
- ISO 27001 gap analyses
- Helping our clients to implement Information Security Management Systems and achieve and maintain ISO27001 certification
- Conducting risk assessments
- Creating or supporting third-party risk management and audit programmes
Location
- This role is home-based, with an expectation of travel to client sites, primarily in the UK, but with some opportunities for European and international travel; therefore, all candidates must be willing to travel where appropriate
- We can support working from across the UK
- All applicants will require residence in the UK
Key Skills:
Essential skills and experience:
- Strong experience in GRC consultancy, with expertise in domains such as PCI DSS, ISO 27001, NIST CSF, and NCSC CAF. Hands on delivery experience in at least one of these areas.
- Have a proven track record in team management, including recruitment and retention of professional services consultants, performance management, and professional development.
- Commercial awareness and ability to work with sales and presales teams to align commercial and delivery requirements.
- Extensive experience in client-facing delivery, with strong customer relationship management skills.
- Proven ability to resolve client complaints and objections, taking ultimate responsibility for the delivery of GRC services and client satisfaction.
- Be able to set direction and lead clients in a multitude of scenarios, including where direction and expectations are unclear, and be able to quickly pivot to meet changing client requirements.
- Leadership and communications skills.
Desirable skills and experience:
- Experience working with the NIS directive, NCSC CAF or CAA ASSURE
- Be experienced at C-Level, including presenting to top-level management, decision makers and risk owners. You will have the ability to articulate information security risks in a way that demonstrates an understanding of the broader business impact
- Demonstrate leadership experience and line management
- Experience in delivering security awareness training to end-users
- Hand-on technical experience, even if not recent
Certifications
Whilst a collection of certifications is less important than experience, many areas in which our team works have pre-requisite certifications that our consultants either hold or are working towards achieving. With this in mind, its expected the head of this team should have one or more of the following qualifications, either valid or expired:
- PCI DSS QSA, with experience delivering PCI DSS assessments for complex merchant and service providers using PCI DSS v3.2.1 or v4.0.
- ISO 27001 Lead Auditor or Lead Implementor.
- At least one of: CISSP, CISA, CISM, CRISC
What we offer:
We are a people-focused, high-performing, high-trust professional services team. You’ll be part of a diverse and growing international group of consultants, and we go out of our way to make sure our consultants feel part of our team. We use technology to ensure we’re always communicating with each other and schedule time every week to talk as a team.
The successful candidate will have opportunities to:
- Make a difference – as clichéd as it sounds, this really is true. We encourage all employees to challenge norms and empower them to get involved. This might be getting involved with other teams or developing a new service offering – but if you want to do something, we always try to make it happen
- Get involved – enjoy blogging or public speaking? Our team is committed to getting involved in industry discussions. We make time to attend conferences and get involved in the infosec community
- Develop their skills – we love learning and ensure we find time for professional development. This isn’t just about collecting certifications and attending training courses – gaining and sharing knowledge in new areas is vital. These don’t always have to be directly related to your “day job”; in fact, we actively encourage developing knowledge in new and exciting domains
Apply?
Are you interested in this job? Apply now via the ‘apply’ button and upload your C.V. and cover letter
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: C CISA CISM CISSP Compliance Confluence CRISC Governance ISO 27001 NIST PCI DSS Pentesting Red team Risk assessment Risk management Threat intelligence
Perks/benefits: Career development Conferences Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs