IT Security Consultant

Senior IT Security Specialist to lead and strengthen the cyber resilience of a complex public-sector programme. The postholder will play a pivotal role in developing, implementing, and governing security strategy, ensuring compliance with national standards, and embedding robust cyber practices across digital and IT estates.

This is a senior strategic and technical leadership role, ideal for a seasoned security professional with a background in enterprise-scale or local government IT environments.

£700pd gross umbrella.

• Develop, review, and maintain the IT Security Strategy aligned to organisational objectives and statutory duties.
• Lead the creation and enforcement of cybersecurity governance frameworks.
• Align security objectives with enterprise architecture and digital transformation strategy.
• Advise senior management and boards on cyber risk posture, incidents, and mitigations.
• Identify and manage strategic risks — technical, legal, reputational, and financial.
• Evaluate emerging technologies (AI, RPA, cloud, hybrid infrastructure) from a security perspective.

• Review, update, and enforce security policies, standards, and guidance (e.g. Acceptable Use, Incident Response, Remote Access).
• Ensure compliance with NCSC, ISO 27001, NIST, Cyber Essentials, and GDPR frameworks.
• Clarify security roles and responsibilities across departments.
• Support Information Governance and Data Protection teams on policy alignment and compliance.

• Lead or oversee reviews of system architectures, applications, cloud services (IaaS, PaaS, SaaS), and network security.
• Assess IAM/PAM implementations and M365/Azure/Active Directory configurations.
• Conduct or oversee penetration testing, vulnerability assessments, and threat modelling.
• Review and approve technical designs and solution architectures from a security standpoint.

• Develop and maintain an IT Security Assurance Framework.
• Lead internal and external audits, accreditation, and certification activities (e.g. PSN, Cyber Essentials Plus, ISO 27001).
• Monitor compliance with standards and respond to audit findings.
• Analyse SIEM outputs, threat intelligence feeds, and monitoring tools.

• Define and track key security KPIs and metrics.
• Produce security performance and risk reports for executive and board audiences.
• Maintain security risk registers and oversee remediation activity.

• Act as senior security advisor to leadership, IT programmes, and project boards.
• Influence project governance to embed security by design.
• Represent the organisation in regional and national cyber forums (e.g. WARP, NCSC, iNetwork).

• Lead and support cyber awareness campaigns and training.
• Promote a culture of security and resilience across the organisation.
• Collaborate with HR and L&D to embed cyber hygiene into inductions and ongoing learning.

• Oversee the development and testing of Incident Response, Disaster Recovery, and Business Continuity Plans.
• Provide senior escalation and leadership during security incidents.
• Conduct post-incident reviews and ensure lessons learned drive continuous improvement.

• Stay informed on emerging threats and industry trends.
• Champion automation and innovation in security operations (e.g. SOAR, XDR).
• Drive security maturity assessments and roadmap development.

• Proven leadership in IT or cyber security at enterprise or local authority level.
• Strong understanding of security governance, risk management, and compliance.
• Hands-on experience with cloud, network, and identity security.
• Familiarity with UK public sector standards (e.g. PSN, NCSC, GDPR).
• Relevant certifications desirable (CISSP, CISM, ISO 27001 Lead Auditor, etc.).