Senior Cybersecurity Consultant (GRC)

Ensign is hiring !

Senior Cybersecurity Consultant (GRC)

We are seeking a highly experienced Senior Cybersecurity Consultant specialising in Governance, Risk, and Compliance (GRC) to join our practice. The ideal candidate is a trusted advisor who combines deep technical expertise with strategic business acumen, bringing a minimum of 5 years of progressive experience in cybersecurity governance, risk management, regulatory compliance, and Continuous Threat Exposure Management (CTEM). This is a senior-level role suited for a consultant who can independently lead GRC engagements, shape cybersecurity strategy, and drive enterprise-wide compliance and risk transformation.

Responsibilities

• GRC Strategy & Leadership — Own and lead end-to-end GRC engagements across complex, multi-stakeholder environments, developing enterprise cybersecurity governance frameworks that align risk priorities with business objectives and regulatory requirements.
• Risk Management Advisory — Provide senior advisory on ICT and cybersecurity risk assessment methodologies, translating risk findings into actionable mitigation roadmaps and residual risk positions that inform strategic decision-making.
• Enterprise Security Architecture — Advise on the design and governance of enterprise security architectures, establishing scalable and resilient security control frameworks aligned to industry standards and client risk appetite.
• Continuous Threat Exposure Management (CTEM) — Lead the design and implementation of CTEM programmes, guiding clients through the full exposure management lifecycle — scoping, discovery, prioritisation, validation, and mobilisation — to continuously reduce attack surface and improve threat resilience in alignment with business risk appetite.
• Regulatory & Compliance Management — Lead compliance programmes across applicable regulatory frameworks and standards, ensuring clients maintain robust and audit-ready compliance postures across jurisdictions.
• C-Suite & Board Engagement — Serve as a trusted advisor to C-suite executives and board-level stakeholders, communicating cybersecurity risk exposure, governance gaps, and compliance obligations in clear business terms that drive informed decisions.
• Engagement Leadership — Lead and mentor junior consultants and cross-functional teams, ensuring the quality, consistency, and strategic coherence of GRC deliverables across all client engagements.
• Threat Intelligence & Emerging Risk — Monitor the evolving cyber threat and regulatory landscape, translating intelligence into forward-looking GRC and CTEM recommendations that strengthen clients' long-term resilience.
• Business Development Support — Contribute to practice growth through thought leadership, proposal writing, and the cultivation of long-term client and stakeholder relationships.

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related discipline; a Master's degree is advantageous.
• Minimum 5 years of progressive experience in cybersecurity GRC, encompassing governance framework development, risk management, regulatory compliance advisory, and threat exposure management.
• Demonstrated experience designing or implementing CTEM programmes, including attack surface management, vulnerability prioritisation, and exposure validation across enterprise environments.
• Demonstrated experience leading complex GRC engagements and advising senior leadership in large enterprise or government environments.
• Deep knowledge of GRC frameworks and regulatory standards including ISO 27001, NIST CSF, MAS TRM, CSA guidelines, and related compliance requirements.
• Familiarity with CTEM-aligned tools and methodologies such as Breach and Attack Simulation (BAS), attack surface management (ASM) platforms, and threat-informed defence approaches including MITRE ATT&CK.
• Exceptional stakeholder management skills with a proven ability to influence and advise at the executive and board level.
• Strong leadership and mentoring capabilities, with experience guiding junior consultants and managing cross-functional workstreams.
• Strategic thinker with the ability to navigate regulatory complexity, manage competing priorities, and deliver under pressure.
• Professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer, or CTEM-related credentials are highly preferred.