6-Month contract - Inside IR35 - up to £500 per day
Hybrid working - 2 days a week onsite - either London or Bradford based
We are seeking two highly skilled, hands on Contract Information Security & Resilience Consultants to support several critical, high priority strategic initiatives.
In this dual role, you will be responsible for executing rigorous security due diligence on upcoming M&A activities, maintaining and maturing our Information Security Management System (ISMS) compliance frameworks, and driving our Business Continuity and Resilience programs.
Key Responsibilities M&A Security Due DiligenceDue Diligence Assessments: Conduct comprehensive cybersecurity risk assessments and security due diligence on target acquisition companies.
Control Evaluation: Review target company security controls, policies, third party assurance reports (e.g., SOC 2, ISO certifications), and historical security incident logs.
Identify deal impacting risks, quantify remediation effort (cost/timeline ranges), and advise on onboarding security priorities.
Integration Roadmapping: Identify risk areas and formulate actionable post acquisition security integration roadmaps and transition plans.
Information Security Standards & Compliance (ISO 27001 & SOC 2)Framework Governance: Assess, maintain, and mature existing security frameworks aligned with ISO/IEC 27001 and SOC 2 Type II.
Develop and maintain information security policies, standards, and procedures aligned to these standards and business objectives.
Run security risk assessments, update risk registers, and drive risk treatment/remediation plans.
Remediation & Evidence: Identify control gaps, collaborate with internal system owners to implement remediation plans, and collect audit ready evidence.
External Audits: Assist in preparing the business, staff, and control owners for upcoming external surveillance and compliance audits.
Business Continuity & Disaster RecoveryPlan Development: Lead the review and update of Business Continuity Plans (BCPs) across key business departments.
Impact Analysis: Facilitate Business Impact Analyses (BIAs) to identify critical business processes, evaluate upstream/downstream dependencies, and define Recovery Time Objectives (RTOs).
Testing & Exercises: Design and execute tabletop exercises and simulation tests to validate recovery strategy effectiveness.
Third Party & Supplier SecurityPerform vendor risk assessments, review security clauses, and ensure suppliers meet security and business continuity requirements.
Manage the relationship with our outsourced managed IT and information security suppliers.
Security Awareness & Stakeholder ManagementDeliver security awareness initiatives and provide advisory support to projects and teams.
Communicate risks and recommendations clearly to leadership and non-technical stakeholders.
Required Skills & Experience