Role Overview
The Junior Cybersecurity Consultant supports the delivery of Governance, Risk and Compliance engagements across a wide range of clients. This role is suited to someone with strong analytical ability, excellent written communication skills, and a genuine interest in cyber risk. A core part of the role involves understanding how people, processes and technology interact to form security controls, and how those controls influence the organization's overall risk posture.
Key Responsibilities
Core Delivery
- Assist with and independently run components of cyber risk, audit, controls, and compliance engagements under supervision from senior team members.
- Configuration and maintenance of Cyber GRC Tech such as MyCISO and Apollo Secure.
- Conduct controls assessments using standard audit methodology, including Design Effectiveness (DE) and Operating Effectiveness (OE).
- Support Third Party Risk Management activities including assessments, evidence reviews and supplier assurance workflows.
- Review, maintain and create security policies, standards and frameworks aligned to industry best practice such as ISO 27001, NIST CSF and Essential Eight.
- Support qualitative and quantitative cyber risk assessments including the FAIR methodology (training provided).
- Contribute to cyber strategy uplift initiatives, including assessments, documentation and governance support.
- Perform evidence reviews, documentation analysis and assessment of control maturity across people, process and technology domains.
Stakeholder Engagement
- Engage confidently with stakeholders across technical and business functions.
- Ask clarifying questions when requirements or evidence are unclear.
- Assist in facilitating workshops, interviews and information gathering sessions.
- Build trusted working relationships and represent the security consulting team professionally.
Documentation and Communication
- Develop high quality written deliverables including reports, policy documents, risk assessments and executive level summaries.
- Translate technical or ambiguous information into clear and structured risk focused language.
- Articulate how individual controls mitigate risks and how deficiencies impact the organisation.
Business and Service Development
- Contribute to the development of service collateral, frameworks, templates and methodologies.
- Assist with drafting Statements of Work, proposals and other pre sales documentation.
- Support mapping of client requirements to industry control frameworks during scoping or sales activities.
Required Skills and Experience
Must Have
- Exceptional written English and ability to communicate complex ideas clearly.
- Strong critical thinking, decision making and analytical skills.
- High attention to detail and ability to identify inconsistencies or gaps.
- Ability to operate autonomously on defined tasks and proactively seek direction when needed.
- Strong stakeholder engagement skills and confidence in asking questions to clarify context or requirements.
- High level of professional integrity and client facing communication skills.
Nice to Have
- Exposure to cybersecurity, risk, audit, compliance or GRC functions.
- Familiarity with control frameworks such as ISO 27001, Essential Eight and NIST CSF.
- Understanding of audit methods including DE and OE assessments.
- Foundational knowledge of the FAIR risk methodology.
- Experience with Third Party Risk Management tools or processes.
Qualifications
- Degree in Cybersecurity, Information Systems, Business, Risk, or a related field, or equivalent experience.
- Certifications such as ISO 27001 Foundation, CompTIA Security Plus, CRISC or CISA are beneficial but not required.
