Information Security Consultant (CAF Assessments) - SC Cleared

Information Security Consultant - CAF Assessments - Central Government

SC or DV clearance essential

Hybrid working (Mainly remote, with UK client visits when required)

Salary - Circa £60k

Start Data ASAP - Looking for candidates ideally with a 1-month maximum notice period

Our client is a new kind of cyber security consultancy – built from the ground up by practitioners with military and defence backgrounds, with a culture that reflects it. Disciplined, direct, mission-focused and deeply competent. We are a startup, which means the team is small, the work is real, and the people who join now will help define what we become.

If you want a role where you can see the impact of your work, have a genuine say in how things are done, and build something alongside people who take both quality and each other seriously – this is worth reading on.

The role

Four days a week you will be leading and supporting Cyber Assessment Framework (CAF) engagements across central government – working remotely with clients the majority of the time, with occasional travel to UK client sites as required. You will assess compliance against NCSC CAF objectives and indicators of good practice, identify and characterise gaps, and produce clear, actionable reports and remediation roadmaps.

The fifth day is structured time for business development or wider delivery work – contributing to bids, supporting pre-sales conversations, or flexing into other cyber advisory work as the practice grows. Because we are a startup, you will also have the chance to help shape our methodology, sharpen our tooling and build the foundations of something lasting.

What you will be doing

• Conducting end-to-end CAF assessments across central government clients, covering all four CAF objectives and associated indicators of good practice – primarily remote, with occasional on-site visits .
• Engaging with senior stakeholders – SROs, CISOs and technical leads – to gather evidence, validate findings and present outcomes clearly.
• Writing high-quality assessment reports, gap analyses and prioritised improvement plans that clients can actually use.
• Contributing to business development – writing proposal content, attending client conversations and helping win new work alongside senior colleagues
• Helping build the practice – refining internal methodologies, templates and tooling as we grow and scale.
• Flexing into broader delivery on your BD/delivery day – drawing on skills across risk, governance, architecture or assurance depending on where we need you

What we are looking for

Essential

• Hands-on experience conducting NCSC CAF assessments – you have done this for real, not just studied the framework
• 3-5 years Cyber Security experience
• Public Sector/Government experience
• Solid grasp of the CAF objectives, indicators of good practice and the broader UK government cyber security landscape
• Comfortable working independently and remotely – self-directed, organised and reliable without needing close oversight
• Willing to be flexible – a startup means occasional shifting priorities, and the right person sees that as opportunity, not disruption
• Current or eligible for SC clearance (active clearance strongly preferred)
• Strong written communication – producing reports that are accurate, structured and genuinely useful

Desirable

• Relevant certifications – CISSP, CISM, CCP (Lead Assessor or equivalent) or other NCSC-recognised qualifications
• Background in or exposure to military, defence or government security – you will fit right in
• Broader assurance or risk experience across ISO 27001, NIST, GovAssure or similar frameworks
• Experience in a consulting or early-stage business – you know what it means to help build something, not just execute inside it

What you can expect from the client

• A small, capable team that operates with high standards, low ego and genuine mutual respect
• Primarily remote working with the flexibility that brings – and infrequent, predictable UK travel when clients need you on site
• Real influence – you will not be employee number 500. What you build here, and how you build it, will matter
• Ongoing professional development and certification support