GRC Assessor

Location: 100% RemoteStart: 13.04.2026Co-operation length: 6 weeks (high chance of extension)Tasks • Perform Post Go Live & Transition Effectiveness Security Assessment • Assess live security control effectiveness following transition of ICT Managed Services to a new service provider • Conduct non‑assurance, point‑in‑time operational security reviews • Perform evidence‑based post implementation reviews using logs, tickets, access records, incidents and change records • Assess transition and inherited risks including access transfer and revocation, logging continuity, knowledge handover and ownership of inherited controls • Review effectiveness of IAM, SOC and monitoring, incident response, vulnerability and patch management, backup and recovery, and change and configuration management across on‑prem and cloud environments • Work within a non‑assurance engagement excluding penetration testing Requirements • Strong experience in operational security reviews within managed services and or regulated public sector environments • Comfort performing evidence‑based post implementation reviews rather than design reviews or technical testing • Proven experience assessing transition and inherited risks • Strong understanding of IAM, SOC and monitoring, incident response, vulnerability and patch management, backup and recovery, and change and configuration management • Experience across on‑prem and cloud environments including Azure, AWS and GCP • Familiarity with ISO 27001, NIS2 and GDPR at control effectiveness and governance level • Availability to start on 13th April • Availability for a 6‑week engagement with a high chance of extension Offer • Multisport card • Private healthcare • Access to an e‑learning platform • Group life insurance