Governance, Risk & Compliance (GRC) Consultant – 6‑Month Contract

About the role

We are supporting a large public sector organisation in the education and research sector to strengthen its cyber governance, compliance and operational resilience. The role is a six‑month contract focused on delivering governance, risk and compliance initiatives across complex technology environments.

Key responsibilities

• Support cyber governance, risk and compliance activities across enterprise and research platforms.
• Assist with certification and recertification programmes for recognised security and compliance frameworks.
• Conduct gap assessments and provide practical remediation recommendations.
• Develop and maintain risk registers, risk reporting processes and governance documentation.
• Contribute to policy development and ensure compliance alignment for security, operational resilience and technology governance.
• Prepare for audits, gather evidence and produce compliance documentation.
• Perform cyber risk assessments for cloud platforms, AI technologies and research environments.
• Collaborate with technical, operational and senior stakeholder groups.
• Support vulnerability management, governance processes and security improvement initiatives.
• Assist with onboarding, mentoring and knowledge transfer within internal governance and security teams.
• Help strengthen internal GRC operating models, procedures and documentation standards.

Required profile

• Proven experience in Governance, Risk & Compliance (GRC), cyber governance or information security.
• Background working in the public sector, higher education, research or similarly regulated organisations.
• Strong understanding of cybersecurity governance frameworks and compliance standards.
• Experience supporting certification, audit or assurance programmes.
• Familiarity with risk management methodologies, policy development and operational governance processes.
• Ability to work with both technical and non‑technical stakeholder groups.
• Understanding of cloud security environments and modern technology governance challenges.
• Experience in vulnerability management, compliance remediation or security improvement programmes.
• Excellent documentation, stakeholder engagement and communication skills.

Required skills

• ISO 27001
• NIST CSF
• PCI‑DSS
• Cloud security
• AI governance
• Vulnerability management
• Risk register management
• Policy development
• Audit preparation