GRC Assessor

Location: 100% Remote
Start: 13.04.2026
Co-operation length: 6 weeks (high chance of extension)


Tasks

• Perform Post Go Live & Transition Effectiveness Security Assessment

• Assess live security control effectiveness following transition of ICT Managed Services to a new service provider

• Conduct non‑assurance, point‑in‑time operational security reviews

• Perform evidence‑based post implementation reviews using logs, tickets, access records, incidents and change records

• Assess transition and inherited risks including access transfer and revocation, logging continuity, knowledge handover and ownership of inherited controls

• Review effectiveness of IAM, SOC and monitoring, incident response, vulnerability and patch management, backup and recovery, and change and configuration management across on‑prem and cloud environments

• Work within a non‑assurance engagement excluding penetration testing

Requirements

• Strong experience in operational security reviews within managed services and or regulated public sector environments

• Comfort performing evidence‑based post implementation reviews rather than design reviews or technical testing

• Proven experience assessing transition and inherited risks

• Strong understanding of IAM, SOC and monitoring, incident response, vulnerability and patch management, backup and recovery, and change and configuration management

• Experience across on‑prem and cloud environments including Azure, AWS and GCP

• Familiarity with ISO 27001, NIS2 and GDPR at control effectiveness and governance level

• Availability to start on 13th April

• Availability for a 6‑week engagement with a high chance of extension

Offer

• Multisport card

• Private healthcare

• Access to an e‑learning platform

• Group life insurance