Security Consultant

Security Specialist

This role is outside IR35

We are seeking an experienced hands-on Senior Cybersecurity Consultant to support a major enterprise customer in delivering a Cybersecurity Assessment & Resilience Programme.

This full-time, 6+ month project, combines senior-level customer engagement and leadership with practical, day-to-day delivery.

You will define strategy and also actively conduct assessments, produce security artefacts, support remediation activities, and work alongside customer teams to implement improvements.

The successful candidate will be comfortable operating both at the whiteboard and in the detail, acting as a trusted advisor while remaining directly accountable for tangible security outcomes.

The support will include:

Ongoing cybersecurity assessments and reviews of policies, procedures, controls, and governance
Identification, analysis, and prioritisation of cyber risks and vulnerabilities across on-prem, cloud, and third-party environments
Advisory support for incident response planning, crisis management exercises, and resilience improvements
Support to SOC operations, including process improvement and escalation protocols
Supplier and third-party security assessments, working closely with Procurement, Supplier Management, Bid and Sales teams
Contribution to security governance forums, risk reviews, and senior stakeholder briefings
Development and maintenance of security documentation, reports, and recommendations
Delivery of targeted security awareness and training initiatives
Provision of regular status updates, monthly progress reports, and end-of-phase summary reporting Experience requirements:

Must have extensive experience operating at CISO, Deputy CISO, or Senior Security Leadership level within complex enterprise environments
Strong hands-on background in cybersecurity governance, risk management, and security operations
Proven experience delivering cybersecurity assessments, audits, and improvement programmes
Demonstrable experience with incident response, crisis management, and cyber resilience planning
Experience assessing supplier and third-party cybersecurity risk across the supply chain
Strong understanding of recognised security frameworks and standards (e.g. ISO 27001, NIST, NIS2, TISAX, Cyber Essentials)
Ability to engage confidently with senior executives and technical teams, providing clear, pragmatic security advice
Excellent written and verbal communication skills, with experience producing executive-level reports and presentations
Ability to manage priorities, deliver to agreed timelines, and operate effectively in a customer-facing delivery role Desirable:

Relevant security certifications (e.g. CISSP, CISM, CCISO, CRISC, ISO 27001 Lead Auditor)
Experience working across regulated industries and/or multinational environments
Previous experience operating as an embedded / virtual CISO or security delivery lead