Associate Cybersecurity GRC Consultant

Position Overview

We are seeking an Associate Cybersecurity GRC Consultant to join our consulting practice. The primary focus of this role is delivering cybersecurity governance, risk, and compliance (GRC) implementation projects across a range of frameworks (e.g., ISO 27001, CSA Cyber Trust Mark, Cyber Essentials, Security by Design) for clients across diverse industries.

As a secondary function, the consultant will support IT audit and assessment engagements across various frameworks, including ITGC audits, ISO 27001 audits, and Cyber Trust Mark assessments. The successful candidate will work closely with clients to identify security risks, develop mitigation strategies, and implement effective solutions to safeguard their information systems.

Key Responsibilities

• Support cybersecurity GRC implementation projectsend-to-end across a range of frameworks (e.g., ISO 27001, CSA Cyber Trust Mark,Cyber Essentials, Security by Design), including gap analysis, risk assessment, documentation, controls implementation, consultancy, and audit readiness/preparedness.
• Perform cybersecurity risk assessments and develop risk treatment plans aligned to client business context.
• Participate in reviewing, developing and/or enhancing client’s documentation, covering information security policies, procedures, and governance frameworks.
• Support clients in establishing security governance structures, including organization structure, practices and procedures.
• Participate in preparing cybersecurity awareness training programmes to client staff.
• Perform audits evaluating design and operating effectiveness of IT controls, from planning and execution through to draft reporting.
• Prepare audit working papers, document findings, and draft actionable recommendations.
• Manage client relationships and stakeholder communications throughout engagements.
• Stay current on evolving cybersecurity frameworks, regulations, and threat landscape.
• Contribute to internal methodology, tools, and template development.

Job Requirements

• Diploma or bachelor’s degree in information technology, computer science, cybersecurity, information Systems, or a related field.
• Up to 2 years of experience in cybersecurity, IT audit,GRC, or related consulting; fresh graduates with relevant internships orproject work are encouraged to apply.
• Foundational awareness of ISO 27001, CSA Cyber TrustMark / Cyber Essentials, or similar GRC frameworks, with a willingness todeepen knowledge on the job.
• Basic familiarity with IT general controls concepts (e.g.,access management, change management, IT operations) gained through study or early work experience.
• Exposure to risk assessment methodologies and risk treatment planning, or an aptitude to learn them quickly.
• Interest in developing and reviewing security policies, procedures, and governance documentation, with guidance from senior consultants.
• Strong documentation, analytical, and report-writing skills.
• Effective client-facing communication and presentation skills.
• Proactive, detail-oriented, and willing to manage multiple engagements concurrently.
• Ability to work both independently and as part of a team in a fast-paced consulting environment, and openness to coaching and feedback.

Preferred Qualifications

• Entry-level or foundation certifications such asCompTIA Security+, ISC2 Certified in Cybersecurity (CC), ISO 27001 Lead Implementer, or ISO 27001 Internal Auditor.
• Internship or prior exposure to a consulting or professional services environment.