• ISMS management and compliance. Manage and maintain the Information Security Management System, ensuring ongoing compliance with ISO 27001, GDPR, HIPAA, and other applicable frameworks. • Cybersecurity assessments and risk remediation. Conduct cybersecurity assessments and audits; triage and drive remediation of identified risks in collaboration with engineering teams. • Policies and documentation. Author and maintain cybersecurity policies, procedures, and controls documentation to support Cybersecurity and Governance requirements. • Technical security operations. Support cybersecurity operations and IT on technical security tooling, firewalls, networking, endpoint protection, and SIEM. • Security questionnaires and third-party vetting. Respond to bids, tenders, and third-party security vetting. • Security culture and awareness. Champion a security first culture across the organisation: create awareness programs, run training, and embed security-by-design thinking into how teams work. • Data security and governance. Support data security and data governance initiatives across the organisation. • Demonstrably AI-forward. Uses AI in their own workflows and can point to concrete automations they have built or commissioned to take work out of IT and operations.

• Prospect to win new business. • Manage and grow an account portfolio. • Develop, qualify and close opportunities in accordance with agreed criteria and exceed target expectations. • Maintain a complete, accurate, up-to-date sales pipeline and activities log using the GRC pipeline software. • Become an expert in the GRC product value proposition and services. • Develop and maintain relationships with key decision makers, through telephone and email contact. • Register leads, follow up leads, organize scoping calls with consultants where necessary. • Personal forecasting and pipeline management. • Provide supporting information to clients including quotes, proposals, PPT presentations, offers and promotions. • Assist with bids and tenders. • Prepare Professional Services agreements. • Provide customer and industry feedback to support the Group sales strategy. • Develop and maintain an understanding of our customer base and competitors operating in the same markets. • Professionally and passionately represent the GRC brand, vision, and values at all times.

• Mid-level Cybersecurity Engineer (Pentester/Offensive Security/Red Team) in a 100% remote (work-from-home) environment. • The professional will be responsible for performing penetration tests and adversary emulation.

• Own the Microsoft Security Stack • Manage and optimize Microsoft 365 Defender, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and Defender for Office 365 • Administer and tune Microsoft Sentinel - build and maintain KQL detection rules, analytics rules, workbooks, and playbooks • Monitor the Microsoft Secure Score, prioritize improvement actions, and drive remediation across the tenant • Configure and maintain Conditional Access policies, Microsoft Entra ID (Azure AD) security settings, and Privileged Identity Management (PIM) • Monitor and respond to security alerts, incidents, and investigations across Defender XDR and Sentinel • Develop and maintain incident response playbooks, automation workflows (Logic Apps / SOAR), and escalation procedures • Perform threat hunting using KQL and identify gaps in detection coverage • Conduct vulnerability assessments and lead remediation efforts in coordination with IT and engineering teams • Evaluate and respond to identity-based threats, phishing campaigns, and anomalous behavior patterns • Serve as a technical resource for SOC 2 Type 2 audit preparation and execution • Design, implement, and document security controls that satisfy Trust Service Criteria (TSC) requirements across the company’s toolset • Maintain evidence collection for audit deliverables - access reviews, logging configurations, policy enforcement, and change management records • Identify control gaps and drive remediation efforts prior to and during audit windows • Partner with external auditors, providing technical walkthroughs and supporting evidence requests • Implement and enforce security controls across the company’s broader toolset - SaaS platforms, cloud infrastructure, and endpoint environment • Advise and support IT on secure configuration for onboarding, offboarding, and access provisioning workflows • Partner with engineering teams on secure development practices, secrets management, and cloud security posture • Produce clear, concise reporting on security posture, incident trends, and audit readiness for IT leadership • Stay current on the Microsoft security roadmap, threat landscape, and emerging attack techniques relevant to the company’s environment