£900 Per day
Inside
Hybrid
Edinburgh
Summary: The role of Information Security Consultant (CISO, Divestment) involves providing expert guidance on IT divestments and separation activities within a financial services context in Edinburgh. The ideal candidate will have extensive experience in information security, particularly in managing risks associated with M&A activities. This position requires hands-on involvement in technical security decisions and the ability to translate complex security risks into actionable advice for project teams. Candidates must engage via an FCSA accredited Umbrella company and work on-site approximately two days per week.
Key Responsibilities:
- Advise and guide on a separation & divestment portfolio.
- Assess and challenge technical designs related to security.
- Translate technical security risks into clear advice for project teams.
- Identify, detail, and prioritize real security risks during transitional states.
Key Skills:
- Proven experience as a hands-on Information Security Consultant or Senior Security SME in large enterprises.
- Experience supporting IT divestment, separation, carve-out, or M&A programmes.
- Strong understanding of application segregation and separation.
- Knowledge of identity and access management separation, including Active Directory / Entra ID.
- Understanding of data management and information risk.
- Ability to assess and challenge technical designs.
- Ability to prioritize real security risks in transitional states.
- Strong analytical, communication, and problem-solving skills.
- Hands-on advisory experience across cloud environments, particularly AWS.
- Experience with enterprise applications, including SaaS and hybrid solutions.
- Understanding of privileged access management in separation scenarios.
- Experience drafting risk assessments and security positions.
- Ability to work constructively with delivery teams.
- Experience in UK financial services environments with knowledge of FCA/PRA expectations.
Salary (Rate): £900 per day
City: Edinburgh
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: Senior
Industry: IT
Information Security Consultant (CISO, Divestment) needed for our Financial Services client in Edinburgh. The right candidate must have extensive demonstrable experience as a Senior Information Security Consultant or senior security SME within large enterprise environment along with previous experience supporting IT divestments, separation, carve-out or M&A activities from an Information Security & Risk standpoint.
Candidates must engage via an FCSA accredited Umbrella company and will be required onsite approximately 2 days per week in Edinburgh.
In addition to prior InfoSec divestment experience, candidates should have a broad and deep understanding of application segregation and separation, identity and access management separation (including Active Directory / Entra ID separation) and a strong understanding of data management and information risk (including data classification and handling during migration, data transfer, duplication, decommissioning risks, and data leakage during transition).
The successful candidate will be responsible for helping to advise and guide on a separation & divestment portfolio, assessing & challenging technical designs, translating technical security risk into clear advice for projects teams and identifying, detailing and prioritising real security risks in imperfect transitional states rather than aiming for theoretical target-state purity.
Key Skills:
- Proven experience operating as a hands-on Information Security Consultant or Senior Security SME within large enterprise environments
- Proven experience supporting IT divestment, separation, carve-out or M&A programmes, with direct involvement in technical and architectural security decisions
- Strong, practical understanding of application segregation and separation, including access control models, authentication and authorisation separation, data boundary definition, and transitional/shared service risks
- Strong, practical understanding of identity and access management separation, including Active Directory / Entra ID separation, tenant and domain separation, and identity lifecycle and residual access risks
- Strong understanding of data management and information risk, including data classification and handling during migration, data transfer, duplication, decommissioning risks, and data leakage during transition
- Ability to assess and challenge technical designs produced by architects and engineers, not just review them at a high level
- Ability to identify, describe, and prioritise real security risks in imperfect transitional states rather than aiming for theoretical target-state purity
- Ability to translate technical security risk into clear, actionable advice for programme and project teams
- Strong analytical, communication, and problem-solving skills
- Hands-on advisory experience across cloud environments, particularly AWS accounts, IAM, network and trust boundary separation, and shared services
- Experience engaging directly with enterprise applications, including SaaS, on-prem, and hybrid solutions
- Practical understanding of privileged access management in separation scenarios
- Experience contributing to or drafting risk assessments, security positions, and exception recommendations
- Ability to work constructively with delivery teams
- Practical experience working within UK financial services environments, with awareness of FCA/PRA expectations and regulator-defensible security outcomes
If interested, immediately available and able to work in Edinburgh 2 days per week and available, please Apply Immediately!
Head Resourcing is committed to being an inclusive business where diversity is valued and celebrated. Diversity to us, includes but is not limited to educational background, socio-economic background, neurodiversity, age, marriage and civil partnership status, veteran status, gender, gender identity, gender reassignment, sexual orientation, disability, religion or belief, race, and ethnicity. As such we welcome enquiries and applications from everyone. We will be happy discuss with you any workplace adjustments you need in order to be at your best during the recruitment process.