Information Security Consultant

Information Security Consultant

Location: London

Work Arrangement: Hybrid (1 day on-site)

Rate: £425–£450 per day (Inside IR35, via Umbrella)

Duration: 6 months initially (strong extension potential)

Start: Immediate

Sponsorship: Not available

We are seeking a highly adaptable Information Security Consultant with strong consultancy experience and the ability to support a wide range of complex cyber security challenges. This role requires someone who can confidently work across multiple workstreams, handle diverse security issues simultaneously, and provide expert guidance across governance, assurance, risk, incident response, and stakeholder engagement.

You will operate as a hands-on consultant embedded within a leading London law firm, supporting numerous parallel security initiatives and driving improvements across their security posture.

Key Responsibilities

End-to-End Security Consultancy (Multi-Project Delivery)

• Deliver expert security consulting across multiple concurrent projects, adapting quickly to new environments, technologies, and stakeholder needs.
• Provide pragmatic, risk-based advice and actionable recommendations to technical and non-technical teams.
• Engage directly with senior stakeholders, project teams, and external partners as a trusted security advisor.

Governance, Standards & ISMS Enhancement

• Own and improve key elements of the information security governance framework.
• Develop, review, and update security policies, standards, processes, and playbooks.
• Strengthen and maintain ISMS controls, ensuring ongoing alignment with ISO 27001 and related standards.

Third-Party & Client Assurance

• Conduct supplier security assessments, audits, and due diligence for a broad range of third parties.
• Work with vendors on remediation planning, tracking, and validation.
• Lead responses to client assurance requests and questionnaires, identifying gaps and proposing mitigation strategies.

Risk Management & Security Assurance

• Perform comprehensive information security risk assessments across systems, projects, and processes.
• Define mitigation controls and develop robust treatment plans aligned with best practice frameworks.
• Coordinate and validate penetration testing activities, supporting the close-out of remediation actions.

Incident Response & Security Operations Support

• Lead investigations into security incidents, ensuring accurate scoping, containment, remediation, and post-incident reporting.
• Act as an escalation point for complex cyber issues requiring expert judgement.

Cyber Awareness & Training

• Shape and deliver engaging cyber awareness activities for staff and third parties.
• Support cultural change by embedding good security practices across the firm.

Essential Skills / Experience:

• Strong working knowledge of ISO 27001/27002 and experience implementing and assessing associated controls.
• Industry certifications such as CISSP, CISM, CRISC (or equivalent).
• Cloud security expertise, ideally with AWS and/or Azure certifications .
• Familiarity with ISO 27005 risk management or NIST RMF .
• Understanding of global Data Protection and Privacy regulations .
• Proven ability to interpret and respond to client requirements.
• Strong written and verbal communication skills, with the ability to engage across all business functions.
• Self-sufficient and proactive, able to work independently or as part of a project team.