Lead Cyber Security Risk Consultant

- Develop, maintain, and evolve the cyber governance and compliance framework in a PCI-DSS environment - Define and manage information security policies, standards, and procedures - Ensure alignment with ISO 27001, NIST CSF, GDPR, and other relevant regulations - Partner with internal teams to integrate governance and compliance into daily operations - Support policy reviews, updates, and communication across business units - Support risk identification, assessment, and treatment processes - Maintain risk registers and monitor remediation of control gaps and audit findings - Conduct risk assessments, control testing, and compliance reviews - Prepare and deliver reports, dashboards, and metrics for management and board-level reviews - Collaborate with technical teams to address findings and improve security posture - Manage compliance with key UK and international standards (e.g., GDPR, NIS Regulations, DPA 2018) - Coordinate internal and external audits, certifications, and customer assurance activities - Manage other GRC specialists on projects and coordinate activities - Evaluate security risks of third-party vendors - Maintain documentation, evidence, and metrics for ongoing audit readiness - Support the development, testing, and refinement of incident response plans - Assist with investigation and reporting of security incidents - Promote and support information security awareness and training initiatives