Lead Information Security Consultant - Role Profile
About the Company
The company's cybersecurity division focuses on delivering excellence across a broad range of cyber security services. Teams specialise in areas such as red teaming, penetration testing, threat intelligence, research and development, detection and response, and governance, risk and compliance (GRC).
The organisation supports clients globally, including central banks, government bodies, critical national infrastructure, major retailers, and many other large enterprises. It is an award‑winning provider of cyber security services and is experiencing significant growth driven by advancements in technology and the evolving threat landscape. The business is committed to staying at the forefront of the industry and is looking for talented professionals who want to contribute to that mission.
The Role
This position is responsible for delivering tactical and strategic information security consultancy to clients, with a focus on governance, risk and compliance (GRC). The role also plays a key part in supporting the CISO Support Office.
A Lead Consultant is expected to operate autonomously, contribute to the development of colleagues, lead client engagements, and ensure that services are delivered to scope, on time, and within budget.
The role is hybrid, with occasional travel to client sites and company offices.
Key Responsibilities
Delivery
A core requirement of this role is the ability to deliver client engagements to a consistently high standard. As a Lead Information Security Consultant, you will take ownership of engagements while supporting other members of the team and ensuring excellent outcomes for clients.
Examples of typical delivery work include:
- Helping clients achieve compliance or certification with standards such as ISO 27001, GDPR, NIST CSF and PCI DSS
- Independently conducting ISO/IEC 27001:2022 audit activities
- Providing expert advice on governance structures, including policies, procedures and controls
- Conducting cybersecurity maturity assessments
- Facilitating information asset discovery workshops
- Facilitating risk assessment workshops
- Leading business continuity tabletop exercises
- Delivering stakeholder training and awareness sessions
Service Development
Service development is vital within GRC, and this role contributes by applying subject‑matter expertise to strengthen and evolve the company's service offerings. Activities include:
- Standardising customer‑facing collateral across all regions
- Supporting the implementation of new and emerging frameworks
- Identifying enhancements and improvements for existing collateral
- Creating new resources where required
- Working with product development teams to ensure platforms and tools integrate appropriate information security and data protection requirements
Business Experience / Credentials
- Degree in Computer Science, IT, Cyber Security or a related field, or at least five years of experience in an information security role
- Minimum two years of experience delivering consultancy using recognised risk management and data security frameworks
- Current PCI DSS QSA certification, or ability to obtain it within three months
- ISO 27001 Lead Auditor or Lead Implementer certification
- Preferably CISSP, CISM or an equivalent certification
- Experience implementing ISO 27001 and NIST CSF and using these standards to build control frameworks
- Demonstrated ability to communicate complex information security concepts to senior leadership, including C‑suite executives
- Experience in cyber resilience planning, security operations and managing security professionals
- Strong communication skills with the ability to develop trust with key stakeholders
- Experience in one or more of the following areas:
- GDPR
- PCI DSS
- CMMC
- SOC 2
- DORA
- NIS 2
- HIPAA / Healthcare regulation
- Business continuity
- Supplier management
- Incident management
- Physical security
What We Offer
The company operates as a high‑trust, high‑performing professional services team with a strong focus on people. You will be part of a diverse and supportive international group of consultants, with regular opportunities to connect and collaborate.
Employees benefit from:
- The chance to make a genuine impact - whether contributing to new services, improving processes, or collaborating across teams
- Opportunities to participate in the wider industry - including blogging, public speaking, attending events, and connecting with the security community
- Continuous development - covering both formal training and personal knowledge growth in new or emerging areas, not limited to core job responsibilities
