Information Security Consultant

Fully Remote (UK-based) Up to £75,000 per annum + benefits

We are seeking an experienced and proactive Information Security Consultant to join our client's team. This is a fully remote position offering the opportunity to work with a diverse portfolio of clients, helping them strengthen their security posture and manage risk in an evolving threat landscape.

You will play a key role in delivering security advisory services, conducting assessments, and supporting organisations in aligning with industry standards and best practices. The role will also involve supporting clients with modern security challenges including threat modelling, secure-by-design practices, and emerging AI security considerations.

Key Responsibilities

• Provide expert guidance on information security strategies, frameworks, and best practices
• Conduct security risk assessments, gap analyses, and audits
• Support clients in achieving and maintaining compliance (e.g. ISO 27001, NIST, GDPR)
• Develop and review security policies, procedures, and documentation
• Perform vulnerability assessments and coordinate remediation efforts
• Deliver threat modelling workshops and support secure solution design activities
• Advise on AI security risks, governance, and secure adoption of AI technologies
• Deliver security awareness training and workshops
• Assist in incident response planning and post-incident reviews
• Collaborate with technical and non-technical stakeholders to embed security into business processes

Required Skills & Experience

• Proven experience in an Information Security Consultant or similar role
• Strong understanding of security frameworks (ISO 27001, NIST, CIS Controls)
• Experience conducting threat modelling exercises and risk-based security assessments
• Knowledge of AI security principles, AI governance, or securing AI-enabled solutions
• Knowledge of risk management methodologies
• Experience with vulnerability management tools and techniques
• Familiarity with cloud security (AWS, Azure, or GCP)
• Understanding of networking, systems architecture, and common attack vectors
• Excellent communication and stakeholder management skills
• Ability to work independently in a fully remote environment

Desirable Qualifications

• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor
• Experience in consultancy or client-facing roles
• Exposure to penetration testing or security engineering
• Knowledge of secure software development practices and DevSecOps

What We Offer

• Competitive salary up to £75,000
• Fully remote working with flexible hours
• Generous holiday allowance
• Professional development and certification support
• Pension scheme and additional benefits