PureCyber combines both defensive & offensive cyber security, with expert governance & compliance consultancy - offering organisations a comprehensive service.

Our all-in-one solution simplifies cyber security by providing 24/7 protection, proactive threat intelligence, expert consultancy, and real-world attack simulations - all from a single, trusted source. Our goal is to provide peace of mind to our clients, knowing they are secured by a partner they can trust.

The Governance, Risk and Compliance (GRC) team fulfil a broad role within the delivery of all PureCyber services; focusing on supporting customers to improve their approach to cyber security governance and supporting the organisation on multiple internal projects. 

Reporting to the Chief Information Risk Officer, this role plays a key part in maximising the experience of PureCyber clients by guiding them through their cyber security journey and help to improve their assurance levels across multiple service lines. 

Key Responsibilities

• Lead on governance and compliance projects such as Cyber Essentials, IASME Cyber Assurance and ISO27001.
• Schedule and co-ordinate GRC engagements with the wider team and ensure timely and accurate delivery of projects.
• Help complete quality assessment checks against the rest of the GRC engagements.
• Preparing client report packs, including cyber audits, board packs & executive summaries.
• Working with all core departments (SOC, Penetration Testing, Sales and Marketing) to assist with client co-ordination and administration to ensure consistency of service.
• Establish and maintain client relationships to maximises levels of confidence, reassurance and trust.
• Actively keep up to date with Cyber developments and the role of GRC functions to maximise effectiveness. 
• Working within the internal compliance function of the organisation. 
• Drive awareness and education of cybersecurity risks and responsibilities throughout the organisation.
• Travel to client sites as required. 

Person Specification

Essential:

• Experience implementing security standards and frameworks such as ISO27001, PCI DSS, NIST, IASME Cyber Assurance etc.
• Proven ability to lead risk assessments and manage control frameworks
• Strong written and verbal communication skills, with the ability to present risk topics to both technical and non-technical stakeholders.
• ISO27001 Lead Implementer or Auditor certification 

Desirable:

• CISSP, CISM, CRISC or other relevant certification.
• Cyber Essentials certification