SustainGRC
Cyber & Resilience Solutions Practice Lead

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
SustainGRC Expansion into UK and GCC Markets
SustainGRC is scaling its Cyber & Resilience suite — Third-Party Risk Management, Cyber Incident Management, Operational Incident Management, Cyber Controls & Assurance, Business Continuity Management, and Regulatory Operations — into UK financial services and GCC enterprise markets.
We're looking for a practitioner who understands how cyber governance, operational resilience, and business continuity intersect in regulated environments. You'll own this from day one: assess platform readiness against regulatory frameworks, take the Cyber & Resilience practice into a market-leading capability — shaping delivery methodology, leading client engagements, and representing SustainGRC in front of CISOs, CROs, and Audit Committees as we scale across UK and GCC markets.
What you'll do
Platform ownership
- Assess our Cyber & Resilience modules against FCA/PRA Operational Resilience rules, ISO 27001, ISO 22301, NIST CSF, and DORA.
- Map controls to UK obligations under PS21/3 and SS1/21, and GCC requirements under SAMA and NCA ECC-2.
- Produce a Regulatory Alignment Report that becomes the practice's technical baseline.
Practice delivery
- Lead clients on cyber risk measurement, incident classification, escalation protocols, and audit trail requirements.
- Validate client BCM frameworks against regulatory thresholds.
- Bring technical credibility to pre-sales conversations with CISOs, CROs, and Heads of Operational Resilience.
- Deliver client-facing workshops on cyber risk governance, operational resilience maturity, and BCM implementation.
- Own regulatory submissions and compliance assessments end to end.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
What we're looking for
- Working knowledge of FCA/PRA Operational Resilience requirements, ISO 27001/22301, and NIST CSF — SAMA and NCA ECC-2 familiarity a strong advantage.
- A background in cyber risk management, operational resilience, incident response, or BCM within financial services or regulated industries.
- Understanding of how cyber governance intersects with internal audit, third-party risk, and board accountability.
- 15+ years' relevant experience preferred; strong regulatory foundation and entrepreneurial appetite considered.
- Fluent English; Arabic a strong advantage for GCC client-facing engagements.
- What matters most: regulatory credibility — you can hold a room with a CISO, Head of Operational Resilience, or Audit Committee — and practical judgement, knowing the difference between compliant on paper and resilient in practice.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Why this role
You're not reviewing a generic cyber tool. You're assessing resilience infrastructure that regulated enterprises will rely on for audit evidence, regulatory submissions, and board accountability. Your feedback shapes the product. Your credibility opens doors. UK operational resilience enforcement is live. DORA is in force across EU financial entities. The GCC cyber governance landscape — SAMA, NCA ECC-2, SDAIA — is accelerating toward mandatory compliance across regulated sectors. This is precisely where we're deploying.
What we offer
- Flexible engagement structure — performance-based competitive package.
- Equity available for the right fit.
- Peer advisory standing — your opinions shape product and sales strategy, not just a review checklist.
- Clear delivery channel — as deals close, you step into client engagements with visibility and compensation.
- Thought leadership platform — content, regulatory briefings, and analyst relations tied to your name and credentials.
- UK and GCC market entry on the ground floor — the regulatory and enforcement wave rewards early positioning.
We'll start with a focused 30-minute conversation about the modules, your read on the UK and GCC market, and how you'd structure the engagement.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location