Location: Remote, occasional travel as required to meet client/business needs
Department: Private Sector Cyber Consultancy
Contract Type: Full-time
Salary: Competitive + Benefits
At Cyberfort, we’re securing the digital future. As a leading UK provider of cybersecurity solutions, we deliver cutting-edge services in Managed Detection & Response (MDR), Penetration Testing, Security Operations, and Strategic Consulting.
We’re large enough to offer exciting opportunities, yet agile enough to ensure every voice is heard. At Cyberfort, you’re not just joining a company, you’re becoming part of a mission-driven team.
As a Senior Information Security Consultant, you will lead and deliver client engagements across a broad range of security, risk, compliance and assurance programmes. You will work with organisations to assess, improve and evidence their security posture while supporting complex transformation, audit and governance initiatives.
This is a senior consulting role requiring strong stakeholder management skills, broad experience across information security frameworks, and the ability to apply pragmatic security solutions in diverse client environments. You will be framework agnostic in your approach, focusing on business outcomes and risk reduction rather than compliance for compliance’s sake.
The role combines strategic advisory services with hands-on technical and assurance delivery. You will work with clients across multiple sectors, helping them navigate evolving regulatory requirements, AI governance challenges, technical control assessments and security maturity improvement programmes.
Lead delivery of security assessments, assurance reviews and improvement programmes across frameworks including ISO 27001, NIST CSF, CAF, Cyber Essentials, DSPT, ISO 42001, CSA CCM and other industry-recognised standards
Conduct complex gap analyses aligned to client risk appetite, regulatory obligations and business objectives
Provide expert guidance on security governance, risk management and control frameworks, applying a framework agnostic approach to client challenges
Assess, design and enhance technical, administrative and physical controls across cloud, on-premise and hybrid environments
Review and optimise Microsoft 365 security controls, ensuring organisations achieve effective and proportionate security outcomes
Lead risk assessments using recognised methodologies such as ISO 27005, NIST RMF, FAIR and equivalent approaches
Deliver DSPT assessments, assurance activities and remediation programmes within healthcare and regulated environments
Support organisations in developing governance and assurance models for AI adoption, including AI risk assessments, control reviews and compliance with emerging AI standards
Develop, review and maintain security policies, standards, procedures and guidance documentation
Lead internal audits, external audit preparation, certification readiness activities and compliance assessments
Present findings, recommendations and remediation plans to senior stakeholders, technical teams and executive leadership
Facilitate workshops, tabletop exercises and stakeholder engagement sessions to support security maturity improvement
Mentor junior consultants and contribute to the development of Cyberfort's consulting capability
Proven experience operating as a Senior Information Security Consultant, Information Security Manager, Security Assurance Consultant or similar role
Strong experience across multiple information security and assurance frameworks including ISO 27001, NIST CSF, CAF, Cyber Essentials, DSPT, CSA CCM and related standards
Demonstrable ability to work in a framework agnostic manner, selecting and applying the most appropriate controls and approaches for specific client requirements
Strong understanding of security governance, risk management, assurance, compliance and audit principles
Hands-on experience assessing and implementing technical security controls across enterprise environments
Experience reviewing and enhancing Microsoft 365 security configurations and controls
Experience supporting AI governance, AI risk management and assurance activities, including exposure to standards such as NIST AI RMF and ISO 42001
Experience leading security audits, compliance reviews and control effectiveness assessments
Strong understanding of technical security domains including identity and access management, endpoint security, cloud security, data protection and security monitoring
Excellent written and verbal communication skills with the ability to influence stakeholders at all levels
Experience producing high-quality client deliverables, reports and executive presentations
Strong MS Office skills, particularly Word, Excel and PowerPoint
Experience working with GRC and compliance platforms such as OneTrust, Vanta or similar solutions
CISSP
CISM
ISO 27001 Lead Auditor
ISO 27001 Lead Implementer
CRISC
ISO 42001 Lead Implementer or Auditor
Microsoft Security certifications
Inclusive Hiring
We understand that one size doesn’t fit all. If you need adjustments during the recruitment process, we’re here to support you. Cyberfort is proud to be a Disability Confident Employer, a CyberFirst partner, and a signatory of the Armed Forces Covenant.
Purpose-Driven Work – Help protect businesses and communities from evolving cyber threats.
Growth & Development – Access mentoring, apprenticeships, graduate schemes, and continuous learning platforms.
Inclusive Culture – We champion diversity through our Women’s Network, Neurodiversity Awareness, and Inclusion Committee.
Flexible Working – Hybrid and remote options to support work-life balance.
Top-Tier Benefits – Competitive salary, private healthcare, wellbeing support, generous holiday allowance, and more.
If you’re passionate about cybersecurity and want to make a real impact, we’d love to hear from you.
Cyberfort Careers Page: https://careers.cyberfortgroup.com/
Working at Cyberfort: https://cyberfortgroup.com/about-us/careers-working-at-cyberfort/

At Cyberfort we are passionate about the cyber security services we deliver for our customers which keeps their people, data, systems and technology infrastructure secure, resilient and compliant.
Our business offers National Cyber Security Centre assured Consultancy services, Identification and Protection against cyber-attacks, proactive Detection and Response to security incidents through our security operations centre and a Secure and Recover set of Cloud solutions which keeps data safely stored, managed and available 24/7/365.
Over the past 20 years we have combined our market leading accreditations, peerless cyber security expertise, strong technology partnerships, investment in our future cyber professionals and secure locations to deliver a cyber security experience for customers which enables them to achieve their business and technology goals in an ever-changing digital world.