We have an exciting, permanent opportunity for a Senior Risk &Resilience Consultant / Information Security Consultant to join any of our 11 UK offices (hybrid working) as we continue to grow following the Howden acquisition.
We are looking for an experienced Information Security Consultant to support our clients in improving their security posture and achieving recognised certifications. This role is hands-on and client-facing.
You will guide organisations through the implementation and internal audit of ISO/IEC 27001, lead them through the Cyber Essentials certification process, and help build security awareness across the business. You will also support clients in understanding and managing third-party security risks, responding to assurance requests, and making informed decisions about risk. A key part of the role is the ability to explain information security risks in a meaningful way that relates directly to business impact, enabling stakeholders to make clear, informed decisions.
A snapshot of your day:
Lead and support clients through the implementation of ISO/IEC 27001, from gap analysis to readiness for certification
Plan and conduct internal audits against ISO/IEC 27001, including reporting findings and recommending improvements
Guide organisations through the Cyber Essentials and Cyber Essentials Plus certification process
Design, review, and improve information security policies, processes, and controls that are proportionate and practical
Explain information security risks to stakeholders in clear, business-focused terms, linking technical issues to business impact such as operational disruption, financial loss, regulatory exposure, or reputational damage
Deliver information security training and awareness sessions to staff at different levels of the organisation
Tailor training content to suit technical and non-technical audiences
Support and guide clients in the event of an information security incident, helping them understand next steps, containment, and reporting obligations
Support clients with third-party security assessments, including responding to customer security questionnaires; Assessing supplier security posture and risks; Advising on proportionate assurance and risk treatment approaches
Manage security projects, including planning, tracking progress, managing risks, and meeting deadlines
Act as a trusted advisor, translating security requirements into clear business actions
Facilitate workshops and meetings with stakeholders ranging from operational teams to senior leadership
Produce clear, well-structured documentation and reports suitable for both technical and non-technical audiences
Support continuous improvement of clients’ information security management practices
We would love to hear from you if you have:
Proven experience implementing ISO/IEC 27001 within an organisation or as a consultant and performing or supporting internal audits against ISO/IEC 27001
Practical experience guiding organisations through the Cyber Essentials certification process
Experience delivering information security training or awareness sessions
Experience supporting or responding to third-party security assessments or questionnaires
Demonstrated ability to communicate information security risks in business terms, not just technical language
Excellent understanding of information security risk management and controls
Experience managing projects, including timelines, dependencies, and stakeholder expectations
Excellent communication skills, both written and verbal with confidence engaging with people at all levels of an organisation, including senior management
Desirable
Experience with data protection and privacy, such as UK GDPR or EU GDPR
Experience supporting organisations during security incidents or data breaches
Experience assessing supplier risk or working with vendor risk management processes
Experience with supporting organisations with Business Continuity planning (ISO 22301)
Relevant certifications (e.g. ISO 27001 Lead Implementer, Lead Auditor, Cyber Essentials Assessor, CISM, CISSP)
Previous consultancy or client-facing experience
What's in it for you:
Competitive discretionary annual bonus.
Core benefits paid for by BW including life assurance, group income protection, private medical cover and 25 days holiday per year with holiday trading.
A generous pension scheme where we contribute 8% of your salary from day one of your employment.
Employee Assistance Programme to support you and your family through any concerns or challenges you may experience.
A comprehensive range of voluntary benefits to suit you (and your family) including an electric car leasing scheme, tech scheme, cycle to work scheme, dental cover, healthcare cash plan, health assessments, critical illness cover, extension of private medical cover or life assurance to family members, Sports Allowance – we pay up to 50% of your gym/sports membership (up to 50 pm), travel insurance, paid volunteering, and a broad range of discounts at hundreds of retailers including supermarkets, fitness centres, travel and leisure companies.
Responsibilities
The Senior Risk & Resilience Consultant will be responsible for advising clients on information security risks and developing resilience strategies. This role involves assessing current security measures and recommending improvements to enhance overall security posture.
Linked-in
Google