Cyber Security Risk & Compliance Framework Consultant (Contract)
Duration: 12 months
IR35: In scope
Rate: £600 per day
Location: 60% on site per month in either Bristol or London
We're looking for an experienced Cyber Security Risk & GRC Consultant to help transform how a large, complex organisation measures, manages, and communicates cyber risk.
This is a high-impact, business-critical role focused on building a clear, practical, and transparent approach to security risk - with a strong emphasis on compliance frameworks, measurable controls, and decision-ready reporting for governance boards.
Define and implement meaningful cyber security risk metrics aligned to compliance frameworks (e.g. national and international standards)
Establish a robust, repeatable method to measure performance against these frameworks - turning compliance into something measurable, not theoretical
Create clear, transparent data that shows:
Current risk exposure
Performance against controls
Trends and direction of travel over time
Design concise, plain-English reporting for senior stakeholders and governance boards
No jargon - just clear insight, impact, and action
Map compliance frameworks to real business risks, bridging the gap between:
Technical controls
Governance requirements
Operational reality
Build practical reporting artefacts, dashboards, and templates to improve visibility and consistency
Work closely with stakeholders to ensure outputs are:
Credible
Usable
Aligned to executive decision-making needs
Sought:
Drive a step-change in how cyber risk is measured, understood, and communicated - using compliance frameworks as the backbone, and clear data as the enabler.
Strong experience in Cyber Security GRC (Governance, Risk & Compliance)
Proven ability to work with and measure performance against compliance frameworks
Deep understanding of:
Security risk metrics & KPIs
Risk appetite & governance reporting
Ability to translate technical security data into plain English insights for senior audiences
Strong analytical and data skills - able to turn complex datasets into clear narratives
Solid technical awareness of cyber security principles, controls, and risks (without needing to be hands-on engineering)
Confident engaging with senior stakeholders and governance boards
Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)