Information Security Consultant

Job Description

Information Security Consultant

£45,000 – £60,000 | Hybrid | UK | SC Clearance or eligible

An award-winning consultancy operating across cyber security, data and digital infrastructure is looking to appoint an Information Security Consultant to support the delivery of secure, high-impact programmes within the UK public sector.

The organisation works on complex, meaningful projects that contribute to resilience and public service delivery, offering consultants the opportunity to apply their skills in environments where governance, risk management and regulatory compliance are critical to success.

The Role

You’ll work closely with both internal technical teams and external stakeholders to assess, design and implement effective information security controls and governance frameworks across a variety of programmes. This is a client-facing role that combines security best practice, risk management and technical awareness, making it well suited to someone who enjoys advising organisations on how to embed security in a practical and proportionate way.

Typical responsibilities may include:

• Supporting the development and documentation of secure system and enterprise architectures from a governance and risk perspective
• Performing risk assessments, threat modelling and security assurance activities
• Analysing technical and operational information to support risk-based decision-making
• Ensuring security, risk and compliance considerations are embedded throughout the system and software development lifecycle

Key Responsibilities

• Engage with stakeholders to understand business objectives and translate them into appropriate security governance, risk and control frameworks
• Apply and tailor recognised security standards and frameworks to meet client regulatory and organisational requirements
• Develop and maintain security policies, standards, risk registers and governance processes
• Identify risks within technical and operational environments and recommend proportionate mitigation strategies
• Support the implementation of secure design principles within new and existing systems
• Produce clear, structured documentation including policies, standards, risk assessments and assurance reports
• Conduct and facilitate threat modelling, risk assessments and control reviews to inform decision-making
• Contribute to the development of security strategies and roadmaps aligned to organisational risk appetite
• Support workshops, presentations and proposal activity when required
• Contribute to the continued growth and capability development of the wider consultancy team

Skills & Experience

• 3+ years’ experience working in cyber or information security within a consulting or delivery-focused environment
• Experience supporting or delivering GRC activities such as risk management, policy development, compliance assessments or security assurance
• Strong knowledge in at least one of the following domains: Governance, Risk & Compliance (GRC), Security Operations, & Access Management, Security Engineering
• Exposure to cloud environments such as AWS, Azure or GCP, including understanding how security controls are implemented and assessed
• Familiarity with recognised security standards and frameworks such as ISO 27001, NIST or CAF
• An understanding of technical concepts and architectures sufficient to assess risk and advise on appropriate controls
• Strong interpersonal and communication skills, with the ability to engage effectively with both technical and non-technical stakeholders
• Evidence of continuous professional development, such as relevant certifications (e.g. ISO 27001, CISSP, CISM) or formal training

Security Clearance

Due to the sensitive nature of the work, candidates must either hold UK Security Clearance (SC) or be eligible and willing to undergo the vetting process.

Working Pattern

This role operates on a hybrid basis, with a blend of remote working and time spent on client sites or in a UK office environment as required (typically 2–3 days per week).