15 of 15 ISO 27001 Lead Auditor Jobs in the UK

Audit and Compliance Department: Information Security Certification About Us We are a UKAS-accredited certification body delivering independent audit and certification services across multiple management system standards, including ISO 9001, ISO 14001, and ISO 27001. Our goal is to help organisations demonstrate compliance, strengthen governance, and continuously improve. Were seeking a … to join our expanding audit team. Youll lead and conduct Information Security Management System (ISMS) audits in line with ISO / IEC 27001:2022 , ISO 17021 , and UKAS requirements. Key Responsibilities Plan, conduct, and report Stage 1, Stage 2, surveillance, and recertification audits for ISO 27001. Assess client ISMS implementations for conformity and effectiveness against ISO / IEC 27001:2022. Lead audits independently or as part of a multi-standard team (e.g. ISO 9001, ISO 22301, ISO 27701). Produce clear, objective audit More ❯

Risk & Compliance Analyst - ISO 27001, SOC 2, GDPR Location: Knutsford (Cheshire) | Office-based Salary: £35,000 - £45,000 DOE + benefits About the Role We're supporting a fast-growing technology company that delivers secure, cloud-based platforms to highly regulated enterprise clients. They're looking for a Risk & Compliance Officer / Analyst to … part in maintaining and improving their information-security and compliance frameworks. Working closely with senior leadership, you'll help ensure the business remains compliant with standards such as ISO 27001, SOC 2 Type II, and GDPR, while building a culture of risk awareness and continuous improvement. Key Responsibilities Maintain and develop compliance policies, standards … and frameworks across the organisation. Support internal and external audits for ISO 27001, SOC 2, and data-protection regulations. Conduct regular risk assessments and contribute to risk treatment plans. Monitor compliance KPIs, prepare monthly status reports, and present findings to senior stakeholders. Review vendor and third-party compliance, ensuring contractual and regulatory obligations are More ❯

to work. No excuses. No passengers. No tolerance for politics or mediocrity. Requirements What This Role Demands: You Own It - You're responsible and proactive, you take the lead and make things happen. You Ask Questions - You don't just gather requirements; you challenge assumptions, to make us better. Why this control, why not another way? You … Management System. Ensure compliance to international standards and regional regulatory requirements. Own security GRC automation tooling (Vanta) and work across the business to maintain security compliance posture. Successfully lead internal and external security audits - ISO 27001 / SOC2 Type II / PCI DSS. Champion a company wide culture of security awareness … and operational resilience by playing a key role in defining, maintaining, and managing security incident response and threat intelligence procedures. Lead, curate, and report on Navro's on going and persistent security awareness programme including frequent phishing testing campaigns, secure development, etc. Work with IT, SRE, and other key stakeholders on implementing and maintaining security policies and More ❯

for an experienced Information Security Analyst to join our client who will play a key role in driving compliance, governance, and continual improvement across key security frameworks including ISO 27001, PCI DSS, and Cyber Essentials Plus. Key Responsibilities: * Lead on the operation and continual improvement of the Information Security Management System … ISMS) * Coordinate internal and external audit readiness for ISO 27001, PCI DSS, and Cyber Essentials Plus * Draft and update information security policies, procedures, and technical standards * Work with procurement and commercial teams to support supplier assurance and risk assessment * Contribute to tender responses and bid processes, ensuring security and compliance requirements are met * Promote … legislation and standards relating to information and cyber security Key Skills & Experience: Essential: * Background in IT, Cyber Security, Information Systems, or a related discipline * Strong working knowledge of ISO 27001, PCI DSS, and Cyber Essentials Plus * Proven ability to support and prepare for audits, including evidence collation and audit readiness * Excellent attention to detail More ❯

enterprise IT, legal, or compliance roles, you will have a proven track record of delivering GRC consultancy across sectors. You will demonstrate strong knowledge of frameworks such as ISO, ISF, NIST CSF, NIS / NIS2, DORA, CIS, and Cyber Essentials, and the ability to explain complex requirements clearly to both technical and non-technical audiences. You will … the opportunity to work on high-impact projects within a forward-thinking, supportive environment that values expertise, innovation, and growth. KEY RESPONSIBILITIES: Deliver high-quality GRC services, including: ISO 27001 NIST Gap Analysis CAF Assessments PCI DSS CSMA, ISF, and CIS Assessments Develop and maintain in-house methodologies, templates, and delivery playbooks for core … SKILLS: Educational Requirements Degree in Information Security, Computer Science, Risk Management, or a related field, or equivalent professional experience. - ESSENTIAL Professional Experience One or more of the following: ISO 27001 Lead Auditor or Lead Implementer certification PCI DSS Qualified Security Assessor (QSA) or Internal Security More ❯

Senior IT Security Specialist to lead and strengthen the cyber resilience of a complex public-sector programme. The postholder will play a pivotal role in developing, implementing, and governing security strategy, ensuring compliance with national standards, and embedding robust cyber practices across digital and IT estates. This is a senior strategic and technical leadership role, ideal for … local government IT environments. £700pd gross umbrella. Key Responsibilities Strategic Planning and Governance Develop, review, and maintain the IT Security Strategy aligned to organisational objectives and statutory duties. Lead the creation and enforcement of cybersecurity governance frameworks. Align security objectives with enterprise architecture and digital transformation strategy. Advise senior management and boards on cyber risk posture, incidents … security perspective. Policy, Procedure, and Guidance Oversight Review, update, and enforce security policies, standards, and guidance (e.g. Acceptable Use, Incident Response, Remote Access). Ensure compliance with NCSC, ISO 27001, NIST, Cyber Essentials, and GDPR frameworks. Clarify security roles and responsibilities across departments. Support Information Governance and Data Protection teams on policy alignment and More ❯

plans (BCP). You will work closely with colleagues in IT to enhance the technology & control frameworks regarding information security compliance & cyber threat security. Risk & Compliance You will lead the development, implementation, and continuous improvement of our Information Security Management System (ISMS) in line with ISO 27001 and other regulatory standards. … Incident & Breach Management, Risk & Control Management, Vendor & System Assurance. What you'll need to succeed You will ideally have the following experience and qualifications:Professional certifications such as ISO 27001 Lead Implementer / Auditor as well as hands-on experience with auditing and maintaining accreditation for ISO 27001:2022 You will have a strong background in enterprise risk management, information governance, compliance, and risk assessment. Excellent communication skills - both written and verbal are required - with the ability to influence and educate. Knowledge of Cyber Essentials & SOC2 or other relevant standards would also be beneficial. What you'll get in return Salary More ❯

our company, or if you have not taken steps to pursue Chartered Cyber Security Professional (ChCSP) status. This is a senior role for an experienced consultant who can lead engagements, provide authoritative advice, and help shape our cyber security services. You will work primarily in Audit & Assurance and Risk & Compliance, with the opportunity to contribute to Incident … and deliver client engagements across governance, risk and compliance (GRC), including audits, assessments and improvement plans aligned to frameworks such as ISO / IEC 27001, NCSC CAF, and PCI DSS. Lead independent assurance, review and test security policies, procedures and controls; identify gaps; and recommend pragmatic remediation strategies. Develop … Significant experience in cyber security consulting or assurance, ideally within the public sector. Deep knowledge of GRC frameworks and standards (e.g. CAF, ISO / IEC 27001, PCI DSS).Strong client-facing skills, able to communicate complex issues clearly to technical and non-technical audiences. Proven track record of delivering high-quality outputs on More ❯

of current threats, vulnerabilities, and best practices in security assurance Experience Required Experience in information security, risk management, or assurance roles. Desirable qualifications - CISM, CRISC, CISSP, CISA, CGEIT, ISO 27001 Lead Auditor (or equivalent) Hold an active and transferable SC clearance Strong analytical skills with the ability to … interpret technical and procedural evidence. Ability to work collaboratively within a multidisciplinary team. Familiarity with security frameworks and standards (e.g., ISO 27001, NIST, CIS Controls). Attention to detail and commitment to producing high-quality documentation. What's in it for You Remote / Hybrid working. Career Development: Continuous learning and professional growth. Benefits More ❯

market-leading risk, control and governance services, working with clients across a variety of industries and beyond. . Joining the Agile Talent Community as an Interim Cybersecurity Internal Auditor, you will have the freedom to work on projects that you choose, whether full or part-time within BRS and support our clients and internal teams on short … to medium-term assignments. Skills we are looking for We are seeking an experienced Cybersecurity Auditor for an interim assignment supporting client engagements across various sectors. This role involves conducting audits, assessing risk, and ensuring compliance with UK cybersecurity regulations and standards. You will work directly with our clients to evaluate their cybersecurity posture, identify gaps, and … Deliver cybersecurity audits for client organisations in line with UK regulations. Assess compliance with: UK GDPR & Data Protection Act 2018 NIS Regulations ISO / IEC 27001 Cyber Essentials / Plus Telecommunications (Security) Act 2021 Identify risks and provide actionable recommendations. Produce clear audit reports and present findings to client stakeholders. Support clients in More ❯

a fast-paced environment, and want to make real impact at Europe’s leading frozen food company. Responsibilities: Overseeing cyber security governance efforts, ensuring alignment with frameworks like ISO 27001, NIST, NIS2 and GDPR, and regulatory standards. Identify, assess, and mitigate security risks across the organisation. Implement and maintain risk management processes, ensuring effective … skillset required for this position are: Graduate level in Cyber Security, Computer Science or similar. CRISC, CISM, CRM, CISA, CCP Practitioner SIRA, ISO / IEC 27001 Lead Auditor, or similar. 3-5 years’ experience in cyber governance, risk and compliance roles, preferably in the FMCG sector. What More ❯

with a great benefit package also. This Information Security Analyst (GRC) role would suit someone with experience with information security risk assessments, reporting risks and who holds the ISO 27001 lead implementer / auditor certification. Any other certifications that you hold will be beneficial. Experience dealing with non More ❯

Drives organisation-wide security governance and cyber maturity through standards compliance, assurance reviews, and gap analysis, be that Arriva policies and standards or industry recognised certifications such as ISO / IEC 27001, Cyber Essentials, NIS CAF, NIST CSF, CIS Controls. Oversees the development of a scalable Operational Technology (OT) Security Assurance Framework, including … Awareness Programme, including training strategy, annual compliance training content, communications plan, roadshows, and ongoing engagement. Knowledge, skills & experience Practitioner qualifications e.g. CISSP certification, CESG Listed Advisor (CLAS), ISO27001 Lead Auditor, Certified Information Security Manager (CISM) Knowledge of all areas of Cyber Security Evidencable extensive experience in information security or IT governance roles, including proven … cultural change, and increased risk literacy across organisations. Familiarity with audit lifecycles, regulatory compliance, control assurance, and data protection including a deep understanding of security control frameworks (e.g., ISO / IEC 27001, Cyber Essentials, NIS CAF, NIST CSF, CIS Controls, PCI-DSS). Knowledge of all areas of IT Security, including cyber security More ❯

management practices is desirable. Whilst not essential, one of the following qualifications is highly desirable: CISMP – Certificate In Information Security Management Principles CISM – Certified Information Security Manager ISO27001 Lead Auditor ISO27005 Certificated Security Risk Manager CSMP – Certified Security Management Professional Whilst not essential, understanding / experience of UK MoD Defence Conditions would be beneficial. More ❯

experienced security risk professional with a passion for driving strategic assurance activities in a complex organisation? We are looking for a number of Security Risk Assurance Consultant to lead a high-performing team in delivering risk-based assurance across people, processes, and technology. In this role, you will: Drive alignment between assurance activities and strategic risks Build … and the ability to interpret and communicate complex security risks to both technical and non-technical audiences. The following qualifications are desirable: CISM, CRISC, CISSP, CISA, CGEIT, ISO27001 Lead Auditor. Office locations include London / Birmingham / Manchester / Newcastle / Sheffield / Blackpool / Leeds with travel required 3 times per week. We are looking for More ❯