Information Security Consultant
Posted Today by La Fosse
£650 Per day
Inside
Hybrid
London Area, United Kingdom
Summary: The role of Information Security Consultant involves joining a global law firm to manage security risks associated with cloud and AI projects. The consultant will leverage their technical and governance, risk, and compliance (GRC) expertise to assess vulnerabilities, support vendor risk assessments, and ensure compliance with security policies. Strong stakeholder communication and project support experience are essential for success in this position. The role is hybrid, based in London, with a pay rate of £550-650 inside IR35 for a duration of 6 months.
Key Responsibilities:
- Assess security risks across internal projects and third-party vendors, identifying vulnerabilities and recommending mitigation or acceptance.
- Lead and support vendor risk assessments, ensuring alignment with ISMS, governance frameworks, and established methodologies.
- Ensure project and vendor activities comply with security policies, standards, and regulatory requirements.
- Maintain and apply security assessment frameworks, staying updated on emerging threats and contributing to incident response when required.
- Work with procurement and stakeholders to evaluate vendor security posture and ensure alignment to mandatory requirements.
- Apply risk management principles to prioritise risks, propose mitigation strategies, and track remediation plans.
- Support compliance and audit activities (e.g., ISO27001, CE+), contribute to policy development, and provide security awareness guidance.
Key Skills:
- Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST CE+).
- Solid technical security background/experience.
- Experience in co-ordinating and participating in Security audits.
- Experience in supporting projects from inception through to completion.
- Experience in stakeholder engagement, supporting ISMS governance and implementation across multiple projects or programs of work.
- Experience in conducting project security risk and vendor risk assessments.
- Knowledge of regulatory requirements related to data privacy and protection (e.g., GDPR, CCPA) is a plus.
Salary (Rate): £650 daily
City: London
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
We're looking for an experienced Information Security Consultant, that has a well-rounded Technical and GRC background. You'll be joining a global law firm and will be involved in a number of cloud (Azure) and AI related projects.
Location: London (Hybrid)
Pay Rate: £550-650 Inside IR35
Duration: 6-Month Rolling
Business relationships skills will be a massive part of this role, so you'll need strong stakeholder communication and clear experience in project support and engagement.
Key Responsibilities:
- Assess security risks across internal projects and third-party vendors, identifying vulnerabilities and recommending mitigation or acceptance.
- Lead and support vendor risk assessments, ensuring alignment with ISMS, governance frameworks, and established methodologies.
- Ensure project and vendor activities comply with security policies, standards, and regulatory requirements.
- Maintain and apply security assessment frameworks, staying updated on emerging threats and contributing to incident response when required.
- Work with procurement and stakeholders to evaluate vendor security posture and ensure alignment to mandatory requirements.
- Apply risk management principles to prioritise risks, propose mitigation strategies, and track remediation plans.
- Support compliance and audit activities (e.g., ISO27001, CE+), contribute to policy development, and provide security awareness guidance.
Ideally you'll have:
- Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST CE+).
- Solid technical security background/experience.
- Experience in co-ordinating and participating in Security audits.
- Experience in supporting projects from inception through to completion
- Experience in stakeholder engagement, supporting ISMS governance and implementation across multiple projects or programs of work
- Experience in conducting project security risk and vendor risk assessments.
- Knowledge of regulatory requirements related to data privacy and protection (e.g., GDPR, CCPA) is a plus.
This is an exciting and dynamic environment that will need someone who is confident and precise in themself and the advice they provide. Sound like you? Please apply directly for more detail!