GRC Consultant (Outside IR35)

Job Specifications

Information Security GRC SME - London/Hybrid - (Outside IR35)
La Fosse is partnered with a leading organisation to hire an Information Security GRC Subject Matter Expert. This is a key role within the information security function, focused on enhancing governance, risk, and compliance capabilities across cloud and on-prem environments.
Key Responsibilities:

Lead the uplift of GRC security policies, standards, and procedures across the organisation.
Conduct gap analyses on current GRC documentation and implement effective control measures.
Support risk and control assessments alongside the GRC Manager, documenting and reporting findings.
Maintain and enhance a security control library, aligned with regulatory and internal standards.
Perform assurance reviews to ensure compliance with frameworks like NIST, ISO 27001, and PCI-DSS.
Develop third-party cybersecurity governance to manage vendor and contractor risk.
Deliver regular reports to senior leadership on KRIs, KPIs, and metrics using live dashboards.
Act as a knowledge-transfer lead, embedding modern GRC practices into the wider security team.

Requirements:

Proven experience leading GRC enhancements in both cloud and on-prem environments.
Strong understanding of frameworks and regulations such as ISO 27001, GDPR, NIST CSF, CIS, and Cyber Essentials Plus.
Hands-on experience developing security documentation and transitioning it to BAU.
Background in cloud governance, IAM, Zero Trust, and SASE principles.
Certifications such as CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Implementer are desirable.
Strong communication and stakeholder engagement skills with the ability to present GRC work to senior leadership.

Please apply for more information or get in touch for a confidential conversation.

About the Company

La Fosse is on a mission to help our customers achieve their ambitions, working by their side to create a total talent solution from the classroom to the boardroom. Our vision is simple: to lead by example to achieve a change in the standards of care within our industry. We partner with our customers to build solutions for their business and people challenges, leveraging our recruitment, academy, solutions, and executive search offerings. Our expert teams work at all levels on a permanent, contract, interim, and executive ... Know more

Related Jobs

Company Name

Lenovo

Job Title

Security GRC Lead

Farnborough, United kingdom

On site

Full Time

11-12-2025

Company Name

McFall Recruitment Limited

Job Title

Head of Cyber Risk, Governance & Compliance GRC

Edinburgh, United kingdom

Hybrid

Full Time

06-11-2025

Company Name

AKKODIS

Job Title

Information Security GRC Specialist

London, United kingdom

Hybrid

Freelance

06-11-2025

Company Name

British Heart Foundation

Job Title

Information Security GRC Analyst

London, United kingdom

On site

Full Time

15-10-2025