1 to 25 of 29 ISO 27001 Lead Auditor Jobs in the UK

onsite) Job Description: Overview The Third-Party Audit Consultant is responsible for conducting customer audits, managing short-term projects, and assessing third-party security compliance. This role requires ISO 27001 Lead Auditor certification and a solid understanding of risk management principles. Requirements Certification as an ISO 27001 Lead Auditor, with hands-on experience conducting audits and managing audit processes. Ability to manage short-term projects independently, from planning to execution, including audit preparation and report generation. Familiarity with technology systems, infrastructure, and related security controls. Proven track record of conducting audits of third-party … vendors or partners to ensure compliance with security standards. Understanding of risk management principles and their application in security audits. Knowledge of compliance frameworks like ISO 27001, SOC 2, or similar, and their implementation within enterprise environments. Experience with audit tools and software used for planning, executing, and documenting audits. Experience in writing a More ❯

Hybrid (75% remote) with on-site presence as required Contract Type: Permanent & Full-time Salary: Competitive + Benefits About the Role As a Senior ISO27001 Consultant, you will lead client engagements to design, implement, and maintain ISO frameworks, supporting clients through gap analysis, remediation, certification readiness, and continual improvement. You'll collaborate with senior … stakeholders across industries to deliver strategic advisory and hands-on implementation of information security governance, risk management, and compliance Key Responsibilities Lead ISO 27001 implementation projects from initial assessment through to certification Conduct gap analysis tailored to private sector risk profiles and commercial priorities Facilitate risk assessments in accordance with ISO 27005 or recognised equivalents Draft, review, and update ISMS documentation including policies and procedures Advise on and oversee technical, administrative, and physical control implementation per ISO 27001 Annex A Deliver internal audits and lead clients through Stage 1 and Stage 2 certification audits Establish ISMS performance monitoring and More ❯

responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal / external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You … 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR / CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal / external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You … 3+ years’ experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR / CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal / external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You … 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR / CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal / external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You … 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR / CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal / external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You … 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR / CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal / external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You … 3+ years’ experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR / CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background More ❯

standards on highly complex programmes of work. Delivery of client engagements to support governance, risk and compliance against a range of cyber security regulations, frameworks and standards, including ISO 27001, NIST Regulations, CAF and secure by design. Staying on top of the latest developments within Cyber Security & Information Assurance by attending training and conferences. … to tenders and provide pre-sales support. About you: Experience: Security assurance, working with JSP440, JSP604 Security accreditation Secure by design Implementing security standards and frameworks, such as ISO 27001, NIST 800 and CAF Conducting Cyber Security risk assessments and managing risk management activities Good knowledge of IT systems covering traditional infrastructure, cloud platforms … or security management / leadership position Working with various technical teams Conducting Cyber Security assessments and gap analysis against various frameworks. Qualifications: NIST Foundation / Practitioner CISM CRISC ISO 27001 Lead Implementer / Auditor CISSP CISMP What we offer: Our story to-date has been phenomenal, but success More ❯

years' experience performing IT Audit or security control testing. 8+ years' of experience in Information Security and / or Information Technology. Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent. Familiarity with industry standards and frameworks e.g., NIST 800-53, ISO 27001 / 27002, CIS Controls, COBIT. Experience with control testing methodologies, risk assessments, and auditing tools. Familiarity with IT systems, and cybersecurity practices and domains. Strong analytical, problem solving and critical thinking skills with meticulous attention to detail. Excellent verbal and written communication skills. Ability to work both independently and collaboratively within a team More ❯

years' experience performing IT Audit or security control testing. 8+ years' of experience in Information Security and / or Information Technology. Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent. Familiarity with industry standards and frameworks e.g., NIST 800-53, ISO 27001 / 27002, CIS Controls, COBIT. Experience with control testing methodologies, risk assessments, and auditing tools. Familiarity with IT systems, and cybersecurity practices and domains. Strong analytical, problem solving and critical thinking skills with meticulous attention to detail. Excellent verbal and written communication skills. Ability to work both independently and collaboratively within a team More ❯

years' experience performing IT Audit or security control testing. 8+ years' of experience in Information Security and / or Information Technology. Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent. Familiarity with industry standards and frameworks e.g., NIST 800-53, ISO 27001 / 27002, CIS Controls, COBIT. Experience with control testing methodologies, risk assessments, and auditing tools. Familiarity with IT systems, and cybersecurity practices and domains. Strong analytical, problem solving and critical thinking skills with meticulous attention to detail. Excellent verbal and written communication skills. Ability to work both independently and collaboratively within a team More ❯

years' experience performing IT Audit or security control testing. 8+ years' of experience in Information Security and / or Information Technology. Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent. Familiarity with industry standards and frameworks e.g., NIST 800-53, ISO 27001 / 27002, CIS Controls, COBIT. Experience with control testing methodologies, risk assessments, and auditing tools. Familiarity with IT systems, and cybersecurity practices and domains. Strong analytical, problem solving and critical thinking skills with meticulous attention to detail. Excellent verbal and written communication skills. Ability to work both independently and collaboratively within a team More ❯

experience performing IT Audit or security control testing. 8+ years' of experience in Information Security and / or Information Technology Professional certification such as as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent Familiarity with industry standards and frameworks e.g., NIST 800-53, ISO 27001 / 27002, CIS Controls, COBIT. Experience with control testing methodologies, risk assessments, and auditing tools. Familiarity with IT systems, and cybersecurity practices and domains Strong analytical, problem solving and critical thinking skills with meticulous attention to detail. Excellent verbal and written communication skills Ability to work both independently and collaboratively within a team More ❯

and AI. Liaise with IT and MSSP teams to identify and remediate security risks / incidents. Draft reports, risk register updates, and maintain documentation aligned with best practice (ISO 27001, NIST CSF). Track and advise on industry security trends and their implications. Contribute to social engineering assessments, BAU risk mitigation, and business process … What We're Looking For A Bachelor's or Master's degree (preferably in IT, Security, or Risk). At least one recognised IS qualification (CISM, CISA, CISSM, ISO 27001 Lead Auditor / Implementer, CIPP / E). Proven experience in delivering project and supplier assurance activities in More ❯

and AI. Liaise with IT and MSSP teams to identify and remediate security risks / incidents. Draft reports, risk register updates, and maintain documentation aligned with best practice (ISO 27001, NIST CSF). Track and advise on industry security trends and their implications. Contribute to social engineering assessments, BAU risk mitigation, and business process … What We're Looking For A Bachelor's or Master's degree (preferably in IT, Security, or Risk). At least one recognised IS qualification (CISM, CISA, CISSM, ISO 27001 Lead Auditor / Implementer, CIPP / E). Proven experience in delivering project and supplier assurance activities in More ❯

Bring Essential: Extensive experience in Information Security assurance, ideally in complex, multi-vendor or regulated environments. Strong understanding of security frameworks, risk management principles, and relevant standards (e.g. ISO 27001, GDPR / DPA). Broad technical knowledge across infrastructure, cloud, networking, and security tooling. Ability to work collaboratively across teams while also driving independent … decision-making. Excellent documentation and stakeholder communication skills. Desirable: Certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor / Implementer. Familiarity with the NIST Cybersecurity Framework. Experience in highly regulated sectors (e.g. telecoms, energy, critical national infrastructure). Knowledge of cloud security and smart technologies (a plus More ❯

candidates who have: A proven background in Security Controls Assesment / IT Audit for large corporate clients. Big 4 accounting experience preferred. Professional certifications in CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent would be preferred Familiarity with frameworks such as NIST 800-53, ISO 27001 / 27002, CIS, COBIT Strong skills in security control tools like SailPoint, Wiz, or Rapid7 Comfortable using tools like RSA Archer, ServiceNow, Kanban Boards and Jira Adept at working in agile teams and communicating effectively across all levels Knowledge of Excel, Tableau, Alteryx, and PowerBI would be desirable Interested? Apply now for immediate More ❯

standards. Articulating risk clearly for both technical and non-technical stakeholders. Skills / Experience: Strong background in information security project assurance. Knowledge of frameworks and standards such as ISO 27001, GDPR / DPA, and risk management methodologies. Experience with a broad range of security tools and technologies (vulnerability scanning, SIEM, authentication / authorisation, firewalls … DLP, cloud, networking etc). Excellent communication skills – able to present findings and influence stakeholders. Security qualifications such as CISSP, CISM or ISO 27001 Lead Auditor are desirable but not essential. More ❯

business individuals Skills: Recognised qualifications include CISSP, CISM, CISA or equivalent ISO 27001 Lead Auditor / Lead Implementor or similar qualification Familiarity with the NIST Cybersecurity Framework is beneficial. Formal qualification in Information Security domain or equivalent experience desirable Cloud Security Controls Location – Manchester or More ❯

business individuals Skills: Recognised qualifications include CISSP, CISM, CISA or equivalent ISO 27001 Lead Auditor / Lead Implementor or similar qualification Familiarity with the NIST Cybersecurity Framework is beneficial. Formal qualification in Information Security domain or equivalent experience desirable Cloud Security Controls Location – Manchester or More ❯

business individuals Skills: Recognised qualifications include CISSP, CISM, CISA or equivalent ISO 27001 Lead Auditor / Lead Implementor or similar qualification Familiarity with the NIST Cybersecurity Framework is beneficial. Formal qualification in Information Security domain or equivalent experience desirable Cloud Security Controls Location – Manchester or More ❯

or sectors against recognised standards (e.g. ISO27001, NCSC CAF, NIS Directive, UK GovAssure) Identify mitigations for cyber risk in a given business or operational scenario and threat environment Lead and deliver cyber security audits, risk reviews and control assessments Identify control weaknesses, assess risks, and present actionable recommendations Produce high-quality risk reports, advisory outputs and client … driven with eye for the detail Eligibility to obtain UK security clearance (requires 5 years continuous UK address history) Desirable qualification(s) for the Cyber Security Risk Consultant: ISO 27001 Lead Auditor or Implementer ISACA Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional More ❯

or sectors against recognised standards (e.g. ISO27001, NCSC CAF, NIS Directive, UK GovAssure) Identify mitigations for cyber risk in a given business or operational scenario and threat environment Lead and deliver cyber security audits, risk reviews and control assessments Identify control weaknesses, assess risks, and present actionable recommendations Produce high-quality risk reports, advisory outputs and client … driven with eye for the detail Eligibility to obtain UK security clearance (requires 5 years continuous UK address history) Desirable qualification(s) for the Cyber Security Risk Consultant: ISO 27001 Lead Auditor or Implementer ISACA Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional More ❯

or sectors against recognised standards (e.g. ISO27001, NCSC CAF, NIS Directive, UK GovAssure) Identify mitigations for cyber risk in a given business or operational scenario and threat environment Lead and deliver cyber security audits, risk reviews and control assessments Identify control weaknesses, assess risks, and present actionable recommendations Produce high-quality risk reports, advisory outputs and client … driven with eye for the detail Eligibility to obtain UK security clearance (requires 5 years continuous UK address history) Desirable qualification(s) for the Cyber Security Risk Consultant: ISO 27001 Lead Auditor or Implementer ISACA Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional More ❯