2,769 Cybersecurity Consultant jobs in the United Kingdom

• Conduct comprehensive cybersecurity risk assessments for clients, identifying potential threats and vulnerabilities across their IT infrastructure and business processes.
• Develop and implement tailored cybersecurity risk management strategies and frameworks.
• Advise clients on compliance with relevant regulations and standards (e.g., GDPR, ISO 27001, NIST).
• Perform security audits and gap analyses to evaluate the effectiveness of existing security controls.
• Develop and deliver clear, concise, and actionable recommendations for risk mitigation.
• Engage with clients to understand their business objectives and integrate cybersecurity risk management into their overall strategy.
• Create detailed reports and presentations for senior management on risk posture and mitigation plans.
• Stay current with emerging cybersecurity threats, vulnerabilities, and risk management best practices.
• Collaborate with internal technical teams to support the implementation of security controls.
• Mentor junior consultants and contribute to the firm's knowledge base.

• Bachelor's or Master's degree in Computer Science, Information Security, Risk Management, or a related field.
• Minimum of 6 years of experience in cybersecurity, with a significant focus on risk assessment, management, and compliance.
• In-depth knowledge of risk assessment methodologies (e.g., qualitative, quantitative) and frameworks (e.g., NIST RMF, ISO 31000).
• Experience with compliance requirements such as GDPR, ISO 27001, PCI DSS, HIPAA.
• Strong understanding of various IT security domains, including network security, application security, and cloud security.
• Excellent analytical, problem-solving, and critical thinking skills.
• Exceptional written and verbal communication skills, with the ability to articulate complex technical concepts to diverse audiences.
• Proficiency in using risk management tools and GRC platforms.
• Relevant certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Auditor are highly desirable.
• Ability to work both independently and collaboratively in a client-facing environment.

Information Security Consultant - Virtual CISO (vCISO)

Up to £80,000 | Fully Remote (with occasional client travel)

My client is seeking an experienced cyber security professional to step into a Virtual CISO (vCISO) role, acting as a trusted advisor to a diverse portfolio of organisations. This is an opportunity to directly influence and shape cyber security strategies at board level while embedding yourself as a valued extension of your clients’ security teams.

Key Responsibilities

• Serve as a strategic security partner, helping clients to define, develop, and mature their cyber security roadmap.
• Build strong, long-term relationships with stakeholders and establish yourself as a core member of their security function.
• Take ownership of client-specific Security Improvement Plans, ensuring risks are reduced and resilience is increased.
• Lead governance and oversight activities, including risk reviews, board-level reporting, and mentoring client teams.
• Carry out security reviews across cloud, hybrid, and on-premises environments, identifying vulnerabilities and improvement areas.
• Work closely with SOC teams to review threat hunting outcomes and ensure remediation of poor practices.
• Provide guidance on compliance and frameworks such as ISO 27001, Cyber Assessment Framework (CAF), and Cyber Essentials.
• Contribute to incident readiness and response as part of the Cyber Security Incident Response Team (CSIRT).
• Actively contribute to the internal growth and knowledge-sharing within the wider team, suggesting improvements and supporting colleagues.
• Ensure compliance with internal security and governance standards.

About You:

• Proven experience as a CISO, vCISO, or senior cyber security advisor.
• Strong knowledge of security frameworks, governance, risk management, and compliance.
• Excellent communication and stakeholder engagement skills, with the ability to influence at board level.
• Hands-on experience with cloud and hybrid architectures, audits, and security assessments.
• Incident response and crisis management experience is a plus.
• Holding CISSP/CISM
• ISO27001 Lead implementer

What’s on Offer

• Salary up to £80,000
• Fully remote role with flexibility to travel to client sites when required
• Opportunity to work across varied industries, influencing security at the highest levels

If you’re looking for a role where you can combine strategic influence with hands-on expertise, and you thrive on building trusted client relationships, this could be your next career move.

• Conduct comprehensive information security risk assessments and gap analyses.
• Develop and implement tailored information security strategies and roadmaps.
• Advise clients on cybersecurity best practices, including data protection and privacy.
• Assist clients in achieving and maintaining compliance with relevant regulations (e.g., GDPR, ISO 27001).
• Design and recommend security controls and solutions across various technology stacks.
• Provide expert guidance on cloud security, network security, and application security.
• Develop and deliver security awareness training programs.
• Support clients during security audits and penetration testing engagements.
• Create and review security policies, procedures, and guidelines.
• Manage security projects from inception to completion.
• Stay current with evolving threats, vulnerabilities, and security technologies.

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Significant experience in information security consulting or a similar advisory role.
• In-depth knowledge of cybersecurity frameworks and best practices (e.g., ISO 27001, NIST, CIS Controls).
• Experience with risk management methodologies and security assessment tools.
• Strong understanding of various security domains: network, application, cloud, endpoint, GRC.
• Excellent communication, presentation, and stakeholder management skills.
• Experience with data privacy regulations (e.g., GDPR).
• Professional security certifications (e.g., CISSP, CISM, CRISC) are highly desirable.

• Conduct comprehensive information security risk assessments and audits.
• Develop and implement security policies, procedures, and guidelines.
• Advise on and ensure compliance with relevant security standards and regulations (e.g., ISO 27001, GDPR, NIST).
• Evaluate the effectiveness of existing security controls and identify areas for improvement.
• Assist in the development and execution of incident response plans.
• Provide expert advice on cybersecurity best practices and emerging threats.
• Conduct security awareness training for staff.
• Review and assess third-party vendor security.
• Contribute to the development of business continuity and disaster recovery plans.
• Collaborate with IT and business units to integrate security into all aspects of operations.
• Stay up-to-date with the latest security threats, vulnerabilities, and technologies.

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Minimum of 5 years of experience in information security consulting or a similar role.
• Proven expertise in information security risk management and compliance.
• Strong knowledge of cybersecurity frameworks and standards (ISO 27001, NIST, SOC 2).
• Experience with security assessment methodologies and tools.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong understanding of network security, application security, and data protection.
• Excellent written and verbal communication skills, with the ability to present complex information clearly.
• Relevant certifications such as CISSP, CISM, CISA, or CRISC are highly desirable.
• Ability to work independently and manage project deliverables effectively.

• Conducting comprehensive information security risk assessments and vulnerability analyses for clients.
• Developing and implementing tailored security strategies, policies, and procedures to meet client needs.
• Advising clients on compliance requirements (e.g., GDPR, ISO 27001) and best practices.
• Designing and recommending security architectures and solutions, including network security, endpoint protection, and data security measures.
• Assisting clients with security incident response planning and execution.
• Performing penetration testing and security audits.
• Providing expert guidance on security awareness training and best practices for end-users.
• Collaborating with client IT teams to ensure effective implementation of security controls.
• Staying abreast of the latest cybersecurity threats, vulnerabilities, and industry trends.
• Preparing detailed reports and presentations for clients, outlining findings and recommendations.
• Managing client relationships and ensuring high levels of satisfaction.
• Contributing to the development of the firm's security consulting services.

Intaso is representing a leading independent cyber security consultancy dedicated to helping UK businesses navigate the complex world of digital risk. They are recognised as a trusted partner to a growing portfolio of mid-market commercial clients, providing pragmatic, risk-based security advice that goes beyond simple box-ticking.

The Role

This is a unique and exciting opportunity for a seasoned PCI DSS expert to take ownership of and drive the growth of the Payment Card Industry (PCI) service line. This role is a perfect blend of deep technical consulting, strategic client advisory, and sophisticated business development.

You will act as the lead subject matter expert, guiding mid-market clients through the complexities of achieving and maintaining PCI DSS compliance. You will also contribute and share in the rewards for the commercial success of the practice, identifying and winning new business with both existing and prospective customers by acting as a trusted, credible advisor.

Key Responsibilities

Consulting & Delivery (approx. 80%)

• Lead and deliver a range of PCI DSS compliance services, including Gap Analyses, Scoping Workshops, Remediation Advisory, and formal assessments (Report on Compliance (RoC) and Self-Assessment Questionnaires (SAQ)).
• Act as a virtual CISO or trusted security advisor to key clients, providing ongoing strategic guidance on their compliance programmes.
• Translate complex technical PCI DSS requirements and security findings into clear, business-oriented language for senior stakeholders, including C-level executives.
• Develop pragmatic and cost-effective remediation roadmaps to help clients address compliance gaps.
• Stay at the forefront of the PCI DSS standard, including all updates (e.g., PCI DSS v4.0) and their implications for clients.
• Produce high-quality, professional reports and deliverables for clients.

Business Development & Practice Growth (approx. 20%)

• Develop and execute the commercial strategy for the PCI DSS service line.
• Proactively identify and cultivate new business opportunities within the existing client base and with new prospects.
• Build and maintain a strong network of contacts and potential clients within the UK mid-market.
• Lead pre-sales activities, including initial client conversations, requirements gathering, solution scoping, and the creation of compelling proposals and Statements of Work (SoW).
• Confidently present capabilities and value proposition to potential clients.
• Collaborate with the marketing team to develop collateral, thought leadership (blogs, whitepapers), and campaigns to promote the PCI service line.
• Represent the business at industry events, webinars, and conferences.

Required Skills & Experience

• Extensive, hands-on experience leading and delivering PCI DSS assessments and advisory projects for a reputable consultancy or QSA company.
• Proven track record in a client-facing, highly consultative role with the ability to build strong, trust-based relationships.
• Demonstrable commercial acumen and experience in identifying, nurturing, and closing business opportunities in a sophisticated, value-led manner.
• Excellent communication and interpersonal skills, with the ability to engage credibly with technical teams, business managers, and C-level executives.
• Strong understanding of the UK mid-market commercial landscape.
• Broad knowledge of complementary security domains and standards (e.g., ISO 27001, Cyber Essentials, cloud security, risk management).
• Self-motivated, proactive, and able to work with a high degree of autonomy.
• Full UK driving licence and willingness to travel to client sites.

Desirable Attributes

• Ideally should be a current and active PCI DSS Qualified Security Assessor (QSA).
• Additional industry certifications such as CISSP, CISM, or CISA.
• Experience in mentoring junior consultants.
• Experience in developing or refining consulting methodologies and service offerings.
• Established network of contacts in the retail, hospitality, or e-commerce sectors.

What We Offer

• A competitive salary and a generous performance-related bonus structure directly linked to the success of the service line.
• The opportunity to build and shape a key practice area with a significant degree of autonomy.
• A clear path for career progression in a growing consultancy.
• A dedicated budget for training, professional development, and certifications.
• Flexible and hybrid working arrangements.
• Contributory pension scheme and private health insurance.
• A collaborative and supportive team environment where your contribution is valued and has a direct impact on the company's success.

• Conduct comprehensive security risk assessments and gap analyses for clients.
• Develop and implement tailored information security strategies and roadmaps.
• Advise clients on achieving and maintaining compliance with relevant regulations and standards (e.g., GDPR, PCI DSS, ISO 27001).
• Design and oversee the implementation of security architectures and controls.
• Lead incident response planning and execution for client organizations.
• Provide expert guidance on security best practices, threat intelligence, and emerging risks.
• Develop and deliver security awareness training programs.
• Manage client relationships and act as a trusted advisor on security matters.
• Prepare and present detailed security reports and recommendations to senior management.
• Collaborate with internal teams to develop service offerings and proposals.

• Master's degree in Information Security, Computer Science, or a related discipline.
• Minimum of 7 years of experience in information security, consulting, or a related field.
• In-depth knowledge of cybersecurity frameworks, regulations, and best practices.
• Proven experience in risk management, compliance auditing, and security architecture design.
• Excellent understanding of security technologies (e.g., firewalls, IDS/IPS, SIEM, DLP).
• Exceptional analytical, problem-solving, and strategic thinking skills.
• Strong leadership, interpersonal, and client-facing communication skills.
• Ability to manage multiple complex projects and demanding client expectations.
• Relevant certifications such as CISSP, CISM, CISA, CRISC are highly desirable.
• Experience in specific industry sectors (e.g., finance, healthcare) is a plus.