26 to 50 of 69 ISO 27001 Lead Auditor Jobs in the UK

London-Based) Permanent | Hybrid Working | Competitive Salary I am working with a leading international law firm to support their search for an experienced and proactive Information Security Officer (ISO) to lead their global information and data security programme. This senior-level role offers the opportunity to shape the firm’s long-term security strategy … drive ISO 27001 certification, and ensure the resilience of systems and data across offices in the UK, US, and Europe. The position reports to the Director of IT and works closely with regional IT teams and external partners. Key Responsibilities: Lead the firm’s information security governance framework across all offices … and platforms Maintain and enhance the ISO 27001-aligned Information Security Management System (ISMS) Ensure compliance with frameworks including CIS Controls, NIST, ISO 27701, and GDPR Oversee incident response, threat detection, and access governance across systems such as iManage, Intapp, Aderant, Microsoft 365, and Azure Drive firm-wide security awareness and More ❯

London-Based) Permanent | Hybrid Working | Competitive Salary I am working with a leading international law firm to support their search for an experienced and proactive Information Security Officer (ISO) to lead their global information and data security programme. This senior-level role offers the opportunity to shape the firm’s long-term security strategy … drive ISO 27001 certification, and ensure the resilience of systems and data across offices in the UK, US, and Europe. The position reports to the Director of IT and works closely with regional IT teams and external partners. Key Responsibilities: Lead the firm’s information security governance framework across all offices … and platforms Maintain and enhance the ISO 27001-aligned Information Security Management System (ISMS) Ensure compliance with frameworks including CIS Controls, NIST, ISO 27701, and GDPR Oversee incident response, threat detection, and access governance across systems such as iManage, Intapp, Aderant, Microsoft 365, and Azure Drive firm-wide security awareness and More ❯

London-Based) Permanent | Hybrid Working | Competitive Salary I am working with a leading international law firm to support their search for an experienced and proactive Information Security Officer (ISO) to lead their global information and data security programme. This senior-level role offers the opportunity to shape the firm's long-term security strategy … drive ISO 27001 certification, and ensure the resilience of systems and data across offices in the UK, US, and Europe. The position reports to the Director of IT and works closely with regional IT teams and external partners. Key Responsibilities: Lead the firm's information security governance framework across all offices … and platforms Maintain and enhance the ISO 27001-aligned Information Security Management System (ISMS) Ensure compliance with frameworks including CIS Controls, NIST, ISO 27701, and GDPR Oversee incident response, threat detection, and access governance across systems such as iManage, Intapp, Aderant, Microsoft 365, and Azure Drive firm-wide security awareness and More ❯

enterprise IT, legal, or compliance roles, you will have a proven track record of delivering GRC consultancy across sectors. You will demonstrate strong knowledge of frameworks such as ISO, ISF, NIST CSF, NIS / NIS2, DORA, CIS, and Cyber Essentials, and the ability to explain complex requirements clearly to both technical and non-technical audiences. You will … the opportunity to work on high-impact projects within a forward-thinking, supportive environment that values expertise, innovation, and growth. KEY RESPONSIBILITIES: Deliver high-quality GRC services, including: ISO 27001 NIST Gap Analysis CAF Assessments PCI DSS CSMA, ISF, and CIS Assessments Develop and maintain in-house methodologies, templates, and delivery playbooks for core … SKILLS: Educational Requirements Degree in Information Security, Computer Science, Risk Management, or a related field, or equivalent professional experience. - ESSENTIAL Professional Experience One or more of the following: ISO 27001 Lead Auditor or Lead Implementer certification PCI DSS Qualified Security Assessor (QSA) or Internal Security More ❯

Senior IT Security Specialist to lead and strengthen the cyber resilience of a complex public-sector programme. The postholder will play a pivotal role in developing, implementing, and governing security strategy, ensuring compliance with national standards, and embedding robust cyber practices across digital and IT estates. This is a senior strategic and technical leadership role, ideal for … local government IT environments. £700pd gross umbrella. Key Responsibilities Strategic Planning and Governance Develop, review, and maintain the IT Security Strategy aligned to organisational objectives and statutory duties. Lead the creation and enforcement of cybersecurity governance frameworks. Align security objectives with enterprise architecture and digital transformation strategy. Advise senior management and boards on cyber risk posture, incidents … security perspective. Policy, Procedure, and Guidance Oversight Review, update, and enforce security policies, standards, and guidance (e.g. Acceptable Use, Incident Response, Remote Access). Ensure compliance with NCSC, ISO 27001, NIST, Cyber Essentials, and GDPR frameworks. Clarify security roles and responsibilities across departments. Support Information Governance and Data Protection teams on policy alignment and More ❯

security risk assessments and threat modelling for new IT platforms, systems, and applications and for material changes. Provide security architecture advice (patterns, guardrails) aligned to NIST CSF / ISO 27001 and company standards. Define and agree control selection (prevent / detect / correct) proportionate to risk, including identity, data and platform controls. Conduct IT … 7+ years in information risk, security assurance or IT audit within regulated, safety-critical or industrial environments (energy / oil & gas preferred). Strong knowledge of NIST CSF, ISO 27001, UK GDPR and supplier assurance practices; familiarity with the UK CAF is desirable. Proven experience running compliance and assurance functions, Secure-by-Design reviews … business-outcome focused). Tooling familiarity: GRC / IRM platforms (e.g., ServiceNow), and common cloud services (M365 / Azure) for workflows and evidence capture. Advantageous Certifications: Governance & Audit: ISO 27001 Lead Auditor, CISM Architecture & Design: SABSA, CISSP OT / ICS: SANS GICSP, ISA / IEC 62443 Our More ❯

security risk assessments and threat modelling for new IT platforms, systems, and applications and for material changes. Provide security architecture advice (patterns, guardrails) aligned to NIST CSF / ISO 27001 and company standards. Define and agree control selection (prevent / detect / correct) proportionate to risk, including identity, data and platform controls. Conduct IT … 7+ years in information risk, security assurance or IT audit within regulated, safety-critical or industrial environments (energy / oil & gas preferred). Strong knowledge of NIST CSF, ISO 27001, UK GDPR and supplier assurance practices; familiarity with the UK CAF is desirable. Proven experience running compliance and assurance functions, Secure-by-Design reviews … business-outcome focused). Tooling familiarity: GRC / IRM platforms (e.g., ServiceNow), and common cloud services (M365 / Azure) for workflows and evidence capture. Advantageous Certifications: Governance & Audit: ISO 27001 Lead Auditor, CISM Architecture & Design: SABSA, CISSP OT / ICS: SANS GICSP, ISA / IEC 62443 Our More ❯

plans (BCP). You will work closely with colleagues in IT to enhance the technology & control frameworks regarding information security compliance & cyber threat security. Risk & Compliance You will lead the development, implementation, and continuous improvement of our Information Security Management System (ISMS) in line with ISO 27001 and other regulatory standards. … Incident & Breach Management, Risk & Control Management, Vendor & System Assurance. What you'll need to succeed You will ideally have the following experience and qualifications:Professional certifications such as ISO 27001 Lead Implementer / Auditor as well as hands-on experience with auditing and maintaining accreditation for ISO 27001:2022 You will have a strong background in enterprise risk management, information governance, compliance, and risk assessment. Excellent communication skills - both written and verbal are required - with the ability to influence and educate. Knowledge of Cyber Essentials & SOC2 or other relevant standards would also be beneficial. What you'll get in return Salary More ❯

the organisation’s GRC framework. Conduct and document risk assessments, identifying control gaps and recommending appropriate mitigations. Maintain and update internal policies and procedures to ensure compliance with ISO 27001, GDPR, and other regulatory requirements. Assist with internal and external audits, including evidence gathering and control testing. Prepare and deliver compliance and risk reports … with stakeholders across all levels of the organisation. Essential Skills and Experience: Previous experience in a GRC, Risk, or Compliance Analyst position. Good knowledge of frameworks such as ISO 27001, NIST, or COBIT. Understanding of data protection and privacy regulations (e.g., GDPR). Excellent written, verbal, and interpersonal communication skills. Strong analytical and organisational … abilities. Relevant professional certifications (e.g., ISO 27001 Lead Implementer / Auditor, CISM, CRISC, CISSP) are desirable but not essential. More ❯

of the organisations GRC framework. Conduct and document risk assessments, identifying control gaps and recommending appropriate mitigations. Maintain and update internal policies and procedures to ensure compliance with ISO 27001, GDPR, and other regulatory requirements. Assist with internal and external audits, including evidence gathering and control testing. Prepare and deliver compliance and risk reports … with stakeholders across all levels of the organisation. Essential Skills and Experience: Previous experience in a GRC, Risk, or Compliance Analyst position. Good knowledge of frameworks such as ISO 27001, NIST, or COBIT. Understanding of data protection and privacy regulations (e.g., GDPR). Excellent written, verbal, and interpersonal communication skills. Strong analytical and organisational … abilities. Relevant professional certifications (e.g., ISO 27001 Lead Implementer / Auditor, CISM, CRISC, CISSP) are desirable but not essential. More ❯

the organisation’s GRC framework. Conduct and document risk assessments, identifying control gaps and recommending appropriate mitigations. Maintain and update internal policies and procedures to ensure compliance with ISO 27001, GDPR, and other regulatory requirements. Assist with internal and external audits, including evidence gathering and control testing. Prepare and deliver compliance and risk reports … with stakeholders across all levels of the organisation. Essential Skills and Experience: Previous experience in a GRC, Risk, or Compliance Analyst position. Good knowledge of frameworks such as ISO 27001, NIST, or COBIT. Understanding of data protection and privacy regulations (e.g., GDPR). Excellent written, verbal, and interpersonal communication skills. Strong analytical and organisational … abilities. Relevant professional certifications (e.g., ISO 27001 Lead Implementer / Auditor, CISM, CRISC, CISSP) are desirable but not essential. More ❯

of current threats, vulnerabilities, and best practices in security assurance Experience Required Experience in information security, risk management, or assurance roles. Desirable qualifications - CISM, CRISC, CISSP, CISA, CGEIT, ISO 27001 Lead Auditor (or equivalent) Hold an active and transferable SC clearance Strong analytical skills with the ability to … interpret technical and procedural evidence. Ability to work collaboratively within a multidisciplinary team. Familiarity with security frameworks and standards (e.g., ISO 27001, NIST, CIS Controls). Attention to detail and commitment to producing high-quality documentation. What's in it for You Remote / Hybrid working. Career Development: Continuous learning and professional growth. Benefits More ❯

meetings and producing high-quality deliverables with minimal supervision while also using their business acumen to identify new opportunities and support business development activities including proposals and presentations. ISO specialism is required. Day to day you will: Work with our customers to assist them in identifying and effectively managing cyber security risk Evaluate customers' business needs and … advise on strategic cyber security planning and objectives Lead complex cyber security projects in the Governance, Risk and Compliance (GRC) and Strategy & Consulting domains Work with clients to evaluate, develop, improve, or manage their cybersecurity initiatives across cyber transformation, security strategy, security governance, operating model, risk and compliance, maturity assessments, cyber resilience, security architecture, data privacy and … level higher qualification in Cyber Security, Information Systems, Computer Engineering, Computer Science, Cybersecurity or related field is preferred At least one major security certification (CISM, CISA, CISSP, ISO27001 Lead Auditor / Lead Implementer) Minimum of 5 years of experience dealing with a diverse range of information / cyber security projects and More ❯

meetings and producing high-quality deliverables with minimal supervision while also using their business acumen to identify new opportunities and support business development activities including proposals and presentations. ISO specialism is required. Day to day you will: Work with our customers to assist them in identifying and effectively managing cyber security risk Evaluate customers' business needs and … advise on strategic cyber security planning and objectives Lead complex cyber security projects in the Governance, Risk and Compliance (GRC) and Strategy & Consulting domains Work with clients to evaluate, develop, improve, or manage their cybersecurity initiatives across cyber transformation, security strategy, security governance, operating model, risk and compliance, maturity assessments, cyber resilience, security architecture, data privacy and … level higher qualification in Cyber Security, Information Systems, Computer Engineering, Computer Science, Cybersecurity or related field is preferred At least one major security certification (CISM, CISA, CISSP, ISO27001 Lead Auditor / Lead Implementer) Minimum of 5 years of experience dealing with a diverse range of information / cyber security projects and More ❯

meetings and producing high-quality deliverables with minimal supervision while also using their business acumen to identify new opportunities and support business development activities including proposals and presentations. ISO specialism is required. Day to day you will: Work with our customers to assist them in identifying and effectively managing cyber security risk Evaluate customers' business needs and … advise on strategic cyber security planning and objectives Lead complex cyber security projects in the Governance, Risk and Compliance (GRC) and Strategy & Consulting domains Work with clients to evaluate, develop, improve, or manage their cybersecurity initiatives across cyber transformation, security strategy, security governance, operating model, risk and compliance, maturity assessments, cyber resilience, security architecture, data privacy and … level higher qualification in Cyber Security, Information Systems, Computer Engineering, Computer Science, Cybersecurity or related field is preferred At least one major security certification (CISM, CISA, CISSP, ISO27001 Lead Auditor / Lead Implementer) Minimum of 5 years of experience dealing with a diverse range of information / cyber security projects and More ❯

meetings and producing high-quality deliverables with minimal supervision while also using their business acumen to identify new opportunities and support business development activities including proposals and presentations. ISO specialism is required. Day to day you will: Work with our customers to assist them in identifying and effectively managing cyber security risk Evaluate customers' business needs and … advise on strategic cyber security planning and objectives Lead complex cyber security projects in the Governance, Risk and Compliance (GRC) and Strategy & Consulting domains Work with clients to evaluate, develop, improve, or manage their cybersecurity initiatives across cyber transformation, security strategy, security governance, operating model, risk and compliance, maturity assessments, cyber resilience, security architecture, data privacy and … level higher qualification in Cyber Security, Information Systems, Computer Engineering, Computer Science, Cybersecurity or related field is preferred At least one major security certification (CISM, CISA, CISSP, ISO27001 Lead Auditor / Lead Implementer) Minimum of 5 years of experience dealing with a diverse range of information / cyber security projects and More ❯

meetings and producing high-quality deliverables with minimal supervision while also using their business acumen to identify new opportunities and support business development activities including proposals and presentations. ISO specialism is required. Day to day you will: Work with our customers to assist them in identifying and effectively managing cyber security risk Evaluate customers' business needs and … advise on strategic cyber security planning and objectives Lead complex cyber security projects in the Governance, Risk and Compliance (GRC) and Strategy & Consulting domains Work with clients to evaluate, develop, improve, or manage their cybersecurity initiatives across cyber transformation, security strategy, security governance, operating model, risk and compliance, maturity assessments, cyber resilience, security architecture, data privacy and … level higher qualification in Cyber Security, Information Systems, Computer Engineering, Computer Science, Cybersecurity or related field is preferred At least one major security certification (CISM, CISA, CISSP, ISO27001 Lead Auditor / Lead Implementer) Minimum of 5 years of experience dealing with a diverse range of information / cyber security projects and More ❯

McFall Recruitment are partnering with a Financial Services company seeking a pragmatic and experienced Head of Cyber Security Governance, Risk & Compliance to lead and evolve our global Information Security control framework. This pivotal role will shape the resilience, responsiveness, and maturity of our Information Security function across all regions and business units. Reporting directly to the Chief … you’ll play a key leadership role in transforming Cyber Security —enhancing people, processes, and technology to protect the business and maintain operational resilience. What you’ll do Lead the global Cyber Security risk management programme , driving best-in-class governance and compliance. Develop and maintain cybersecurity policies, standards, and procedures aligned with regulatory requirements and business … evaluations, and oversee treatment planning. Embed cyber risk into enterprise risk frameworks through collaboration with global teams. Oversee vendor risk management and ensure third-party compliance. Chair and lead the Cyber Security Digital Resilience Forum . Support the NIST maturity uplift programme and alignment with ISO 27001:2022 . Ensure compliance More ❯

McFall Recruitment are partnering with a Financial Services company seeking a pragmatic and experienced Head of Cyber Security Governance, Risk & Compliance to lead and evolve our global Information Security control framework. This pivotal role will shape the resilience, responsiveness, and maturity of our Information Security function across all regions and business units. Reporting directly to the Chief … you’ll play a key leadership role in transforming Cyber Security —enhancing people, processes, and technology to protect the business and maintain operational resilience. What you’ll do Lead the global Cyber Security risk management programme , driving best-in-class governance and compliance. Develop and maintain cybersecurity policies, standards, and procedures aligned with regulatory requirements and business … evaluations, and oversee treatment planning. Embed cyber risk into enterprise risk frameworks through collaboration with global teams. Oversee vendor risk management and ensure third-party compliance. Chair and lead the Cyber Security Digital Resilience Forum . Support the NIST maturity uplift programme and alignment with ISO 27001:2022 . Ensure compliance More ❯

McFall Recruitment are partnering with a Financial Services company seeking a pragmatic and experienced Head of Cyber Security Governance, Risk & Compliance to lead and evolve our global Information Security control framework. This pivotal role will shape the resilience, responsiveness, and maturity of our Information Security function across all regions and business units. Reporting directly to the Chief … you’ll play a key leadership role in transforming Cyber Security —enhancing people, processes, and technology to protect the business and maintain operational resilience. What you’ll do Lead the global Cyber Security risk management programme , driving best-in-class governance and compliance. Develop and maintain cybersecurity policies, standards, and procedures aligned with regulatory requirements and business … evaluations, and oversee treatment planning. Embed cyber risk into enterprise risk frameworks through collaboration with global teams. Oversee vendor risk management and ensure third-party compliance. Chair and lead the Cyber Security Digital Resilience Forum . Support the NIST maturity uplift programme and alignment with ISO 27001:2022 . Ensure compliance More ❯

McFall Recruitment are partnering with a Financial Services company seeking a pragmatic and experienced Head of Cyber Security Governance, Risk & Compliance to lead and evolve our global Information Security control framework. This pivotal role will shape the resilience, responsiveness, and maturity of our Information Security function across all regions and business units. Reporting directly to the Chief … you’ll play a key leadership role in transforming Cyber Security —enhancing people, processes, and technology to protect the business and maintain operational resilience. What you’ll do Lead the global Cyber Security risk management programme , driving best-in-class governance and compliance. Develop and maintain cybersecurity policies, standards, and procedures aligned with regulatory requirements and business … evaluations, and oversee treatment planning. Embed cyber risk into enterprise risk frameworks through collaboration with global teams. Oversee vendor risk management and ensure third-party compliance. Chair and lead the Cyber Security Digital Resilience Forum . Support the NIST maturity uplift programme and alignment with ISO 27001:2022 . Ensure compliance More ❯

McFall Recruitment are partnering with a Financial Services company seeking a pragmatic and experienced Head of Cyber Security Governance, Risk & Compliance to lead and evolve our global Information Security control framework. This pivotal role will shape the resilience, responsiveness, and maturity of our Information Security function across all regions and business units. Reporting directly to the Chief … you’ll play a key leadership role in transforming Cyber Security —enhancing people, processes, and technology to protect the business and maintain operational resilience. What you’ll do Lead the global Cyber Security risk management programme , driving best-in-class governance and compliance. Develop and maintain cybersecurity policies, standards, and procedures aligned with regulatory requirements and business … evaluations, and oversee treatment planning. Embed cyber risk into enterprise risk frameworks through collaboration with global teams. Oversee vendor risk management and ensure third-party compliance. Chair and lead the Cyber Security Digital Resilience Forum . Support the NIST maturity uplift programme and alignment with ISO 27001:2022 . Ensure compliance More ❯

organisation on a Head of Cyber Governance, Risk & Compliance (GRC) 📍 London or Edinburgh | Hybrid We’re looking for an experienced Head of Cyber Governance, Risk & Compliance (GRC) to lead a global team responsible for strengthening and harmonising the organisation’s cybersecurity control framework. Reporting directly to the CISO, you’ll manage a team of six covering governance … and maturity across global operations. This is a key leadership role for a strategic yet hands-on cyber risk professional with strong knowledge of frameworks such as NIST, ISO 27001, CPMI-IOSCO, and the CRI Cyber Risk Profile. What you’ll do Lead and develop a global GRC team, ensuring effective … global jurisdictions (US, UK, EU, Japan). Excellent communication skills — able to simplify complexity for executive audiences. Highly organised, documentation-focused, and detail-oriented. Certifications: CISM (essential), CRISC, ISO 27001 Lead Implementer / Auditor, CISSP or CGEIT (advantageous), DORA / NIST CSF training desirable. Join a forward-thinking More ❯

organisation on a Head of Cyber Governance, Risk & Compliance (GRC) 📍 London or Edinburgh | Hybrid We’re looking for an experienced Head of Cyber Governance, Risk & Compliance (GRC) to lead a global team responsible for strengthening and harmonising the organisation’s cybersecurity control framework. Reporting directly to the CISO, you’ll manage a team of six covering governance … and maturity across global operations. This is a key leadership role for a strategic yet hands-on cyber risk professional with strong knowledge of frameworks such as NIST, ISO 27001, CPMI-IOSCO, and the CRI Cyber Risk Profile. What you’ll do Lead and develop a global GRC team, ensuring effective … global jurisdictions (US, UK, EU, Japan). Excellent communication skills — able to simplify complexity for executive audiences. Highly organised, documentation-focused, and detail-oriented. Certifications: CISM (essential), CRISC, ISO 27001 Lead Implementer / Auditor, CISSP or CGEIT (advantageous), DORA / NIST CSF training desirable. Join a forward-thinking More ❯

organisation on a Head of Cyber Governance, Risk & Compliance (GRC) 📍 London or Edinburgh | Hybrid We’re looking for an experienced Head of Cyber Governance, Risk & Compliance (GRC) to lead a global team responsible for strengthening and harmonising the organisation’s cybersecurity control framework. Reporting directly to the CISO, you’ll manage a team of six covering governance … and maturity across global operations. This is a key leadership role for a strategic yet hands-on cyber risk professional with strong knowledge of frameworks such as NIST, ISO 27001, CPMI-IOSCO, and the CRI Cyber Risk Profile. What you’ll do Lead and develop a global GRC team, ensuring effective … global jurisdictions (US, UK, EU, Japan). Excellent communication skills — able to simplify complexity for executive audiences. Highly organised, documentation-focused, and detail-oriented. Certifications: CISM (essential), CRISC, ISO 27001 Lead Implementer / Auditor, CISSP or CGEIT (advantageous), DORA / NIST CSF training desirable. Join a forward-thinking More ❯