46 Information Security Consultant jobs in the United Kingdom

Information Security Consultant – Based Leeds, LS18 - (On-Site)
 
We’re partnering with a global professional services organisation to find a skilled Information Security Consultant for their growing IT Security team based in Leeds.
With over 20,000 employees in more than 100 locations worldwide, this is a fantastic opportunity to join a respected organisation known for its people-first culture, commitment to innovation, and high-quality service delivery.
 
The Role
 
As an Information Security Consultant , you’ll play a key role in enhancing the organisation’s cyber resilience. You'll provide expert support across Microsoft 365 and Azure environments, ensuring effective security controls, proactive risk management and compliance with global standards.
 
This position is ideal for someone with a deep technical understanding of Microsoft 365 Security and the Azure Security stack , including tools such as Microsoft Defender , Azure AD , Microsoft Sentinel , and Purview .
 
Key Responsibilities:

•  Assist with security incident management and response activities
• General day-to-day support on managing and responding to security alerts from systems and end users
• Perform daily, weekly, and monthly security checks, reconciliation and compliance checks and investigate exceptions
• Completing client security requirement questionnaires and support the bidding process
• Identify and raise awareness of security risks
• Develop and enhance security policies, processes, procedures, and technical controls to strengthen the company’s security capabilities and resilience to cyber threats
• Take a proactive role in identifying security risks, mitigations, and opportunities to strengthen the company’s resilience to cyber-attacks and security incidents
• Participate in the design and implementation of systems and applications
• Develop user and technical training guides
• Maintain and manage the IT Risk register
• Test DR plans and capabilities to ensure they work as designed, identifying gaps and lessons learnt and work with the business to drive continual development and enhancement.

What We're Looking For

• Proven experience in a hands-on Information Security Consultant or similar role.
• Strong technical knowledge of Microsoft 365 Security Suite  (including Defender for Office 365, Purview, Secure Score, DLP and compliance tools) and Azure Security Stack  (including Microsoft Defender for Cloud, Microsoft Sentinel, Azure AD etc). 
• Solid understanding of security frameworks (e.g., ISO 27001, Cyber Essentials, NIST, GDPR etc).
• Experience with vulnerability scanning, risk assessment, and remediation planning.
• Strong communication skills with the ability to work with both technical and non-technical teams.
• A proactive approach to identifying and addressing security risks.

What's on Offer

• Competitive salary c£50,000 – £60,000 (DOE)
• Full-time, on-site role based in Leeds (LS18)
• Opportunity to join a global organisation with excellent career development potential

Apply now or contact Sally or Sam at Headway Recruitment for more details.

Information Security Consultant – Based Leeds, LS18 - (On-Site)
 
We’re partnering with a global professional services organisation to find a skilled Information Security Consultant for their growing IT Security team based in Leeds.
With over 20,000 employees in more than 100 locations worldwide, this is a fantastic opportunity to join a respected organisation known for its people-first culture, commitment to innovation, and high-quality service delivery.
 
The Role
 
As an Information Security Consultant , you’ll play a key role in enhancing the organisation’s cyber resilience. You'll provide expert support across Microsoft 365 and Azure environments, ensuring effective security controls, proactive risk management and compliance with global standards.
 
This position is ideal for someone with a deep technical understanding of Microsoft 365 Security and the Azure Security stack , including tools such as Microsoft Defender , Azure AD , Microsoft Sentinel , and Purview .
 
Key Responsibilities:

•  Assist with security incident management and response activities
• General day-to-day support on managing and responding to security alerts from systems and end users
• Perform daily, weekly, and monthly security checks, reconciliation and compliance checks and investigate exceptions
• Completing client security requirement questionnaires and support the bidding process
• Identify and raise awareness of security risks
• Develop and enhance security policies, processes, procedures, and technical controls to strengthen the company’s security capabilities and resilience to cyber threats
• Take a proactive role in identifying security risks, mitigations, and opportunities to strengthen the company’s resilience to cyber-attacks and security incidents
• Participate in the design and implementation of systems and applications
• Develop user and technical training guides
• Maintain and manage the IT Risk register
• Test DR plans and capabilities to ensure they work as designed, identifying gaps and lessons learnt and work with the business to drive continual development and enhancement.

What We're Looking For

• Proven experience in a hands-on Information Security Consultant or similar role.
• Strong technical knowledge of Microsoft 365 Security Suite  (including Defender for Office 365, Purview, Secure Score, DLP and compliance tools) and Azure Security Stack  (including Microsoft Defender for Cloud, Microsoft Sentinel, Azure AD etc). 
• Solid understanding of security frameworks (e.g., ISO 27001, Cyber Essentials, NIST, GDPR etc).
• Experience with vulnerability scanning, risk assessment, and remediation planning.
• Strong communication skills with the ability to work with both technical and non-technical teams.
• A proactive approach to identifying and addressing security risks.

What's on Offer

• Competitive salary c£50,000 – £60,000 (DOE)
• Full-time, on-site role based in Leeds (LS18)
• Opportunity to join a global organisation with excellent career development potential

Apply now or contact Sally or Sam at Headway Recruitment for more details.

Principal Information Security Consultant — PCI-DSS Service Line

Are you a cybersecurity leader passionate about building impactful solutions from the ground up? We’re seeking a Principal Information Security Consultant to spearhead the development of a new service line focused on helping clients navigate PCI-DSS compliance challenges in today’s digital ecosystem.

This established practice provides a portfolio of services designed to help organizations proactively manage technology risk, defend against cyber threats, and achieve regulatory compliance. We partner with clients across sectors to understand their business context, identify vulnerabilities, and implement tailored strategies that address information security, privacy, and resilience needs.

The collaborative approach of the UK team is focused on achieving meaningful outcomes, empowering organizations to protect valuable data, and sustain trust with stakeholders.

Key Duties and Responsibilities

• Architect and deliver a market-leading PCI-DSS advisory service, including go-to-market strategy and solution offerings.
• Engage with clients to assess their payment ecosystem, map out PCI-DSS obligations, and design tailored roadmaps for ongoing compliance and risk mitigation.
• Develop innovative methodologies and frameworks that simplify the complexities of PCI-DSS and enable efficient, sustainable compliance.
• Lead and mentor a team of consultants, shaping their technical growth and project delivery standards.
• Keep abreast of evolving payment security standards, regulatory developments, and emerging threats, advising both clients and internal teams proactively.
• Support business development efforts by contributing to proposals, refining the value proposition, and representing the service line with authority in client meetings and industry events.

Required Skills and Behaviours

• Demonstrated expertise in PCI-DSS and payment card security, with deep understanding of both technical and business implications.
• Proven experience leading complex security consulting engagements and developing new service offerings.
• Strong analytical, communication, and stakeholder management skills—able to translate intricate requirements into actionable guidance.
• Ability to inspire and mentor others, fostering a collaborative and high-performance team environment.
• Commercial acumen with the ability to identify client challenges and translate them into successful offerings.
• A track record of professional integrity and commitment to best-in-class client outcomes.

What Next?

If you thrive on challenge, innovation, and making a tangible difference for clients grappling with payment security requirements, this is the opportunity to shape a critical new service line—and your own career trajectory. We welcome applications from exceptional consultants ready to lead, influence, and deliver lasting impact.

Apply now to start building something transformative.

Information Security Consultant – Based Leeds, LS18 - (On-Site)

We're partnering with a global professional services organisation to find a skilled Information Security Consultant for their growing IT Security team based in Leeds.
With over 20,000 employees in more than 100 locations worldwide, this is a fantastic opportunity to join a respected organisation known for its people-first culture, co.

WHJS1_UKTJ

We are looking for a highly skilled Information Security and Supplier Assurance Consultant to join our Operational Risk Management (ORM) team at the European Bank for Reconstruction and Development (EBRD). This is a unique opportunity to play a vital role in protecting the EBRD's Information Assets and IT Facilities, supporting the delivery of critical projects, and shaping our security and risk governance across the Bank; with a focus on providing Information Security consultancy to the business and performing supplier assurance assessments.

Your Role and Purpose

As an Information Security and Supplier Assurance Consultant, you will support the Head of Information Security in managing Information Security (IS) risks across the Bank. You will be responsible for:

• Providing technical security consultancy and managing risk assessments, including third-party and cybersecurity risks.
• Delivering key IS projects and driving supplier and project security assurance activities.
• Ensuring regulatory compliance and supporting internal/external reviews.
• Enhancing the Bank's Third Party Risk Management (TPRM) framework.

Key Responsibilities

• Conduct Information Security and Cybersecurity assessments and technical risk evaluations.
• Act as the Bank's IS technical consultant on Supplier and Project Assurance activities.
• Oversee the administration of the SureCloud platform and baseline control set maintenance.
• Lead security triaging and approvals of new projects and suppliers.
• Liaise with IT and MSSP teams to identify and remediate security risks/incidents.
• Draft reports, risk register updates, and maintain documentation aligned with best practice (ISO 27001, NIST CSF).
• Track and advise on industry security trends and their implications.
• Contribute to social engineering assessments, BAU risk mitigation, and business process evaluations.
• Influence and support change by aligning policy updates with new regulations and business needs.

What We're Looking For

• A Bachelor's or Master's degree (preferably in IT, Security, or Risk).
• At least one recognised IS qualification (CISM, CISA, CISSM, ISO 27001 Lead Auditor/Implementer, CIPP/E).
• Proven experience in delivering project and supplier assurance activities in the IS domain.
• Strong written and verbal communication skills, especially the ability to translate technical details into business-friendly language.
• Effective project management and stakeholder engagement abilities.
• Ability to work independently, manage multiple priorities, and maintain high attention to detail.
• A collaborative mindset with strong influencing and problem-solving capabilities.

Why Join EBRD?

Working with us means contributing to projects that promote economic transition and sustainable growth. You'll be part of a diverse, mission-driven team with a real-world impact across the EBRD's regions. In this role, you'll be at the heart of strengthening our cybersecurity and information resilience in a dynamic, international environment.

What is it like to work at the EBRD?

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.

The EBRD environment provides you with:

• Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
• A working culture that embraces inclusion and celebrates diversity;
• An environment that places sustainability, equality and digital transformation at the heart of what we do.

Diversity is one of the Bank's core values which are at the heart of everything it does. A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities. As an inclusive employer, we promote flexible working and expecting our employee to attend the office 50% of their working time.

Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).

Job Segment: Information Security, Sustainability, Risk Management, Bank, Banking, Technology, Energy, Finance

**The team you'll be working with:**
**Security Consulting Delivery Manager**
**Location: London - Hybrid Variable**
**Overview of role:**
We are seeking a highly skilled and experienced Security Consulting Delivery Manager to join our team. The successful candidate will be responsible for managing the delivery of security consulting services to our clients, ensuring the highest standards of quality and customer satisfaction. This role requires a deep understanding of security principles, excellent project management skills, and the ability to lead and mentor a team of security consultants.
**What you'll be doing:**
**What you'll be doing:**
+ Project Management: Oversee the planning, execution, and delivery of security consulting projects, ensuring they are completed on time, within scope, and within budget.
+ Client Engagement: Act as the primary point of contact for clients, building strong relationships, ensuring their needs are met, and supporting fair and robust dialogue.
+ Team Leadership: Lead, mentor, and develop a team of security consultants, fostering a collaborative and high-performance culture.
+ Quality Assurance: Ensure the delivery of high-quality security consulting services by implementing best practices and continuous improvement processes.
+ Risk Management: Identify and mitigate risks associated with security consulting projects, ensuring compliance with relevant regulations and standards.
+ Reporting: Provide regular updates to senior management on project status, financial performance, and client satisfaction.
+ Business Development: Support business development activities by identifying new opportunities, preparing proposals, and participating in client presentations.
+ Schedule Management: Develop and manage complex security schedules and managed security service schedules, ensuring they align with client requirements and project timelines.
+ Change Management: Implement and oversee change management processes to ensure smooth transitions and minimal disruption to ongoing projects.
+ Scope Management: Define and manage project scope, ensuring all deliverables are clearly outlined and agreed upon with clients.
+ Contractual Negotiations: Lead contractual negotiations with clients, ensuring favourable terms and conditions for both parties.
**What experience you'll bring:**
**What you'll bring:**
+ Education: Bachelor's degree in Information Security, Computer Science, or a related field. A Master's degree is preferred.
+ Experience: Minimum of 5 years of experience in security consulting, with at least 2 years in a managerial role. Experience in writing complex security schedules and managed security service schedules is essential. Must have managed at least 2 multi-million, multi-year security transformation programmes.
+ Certifications: Relevant certifications such as CISSP, CISM, or PMP are highly desirable.
+ Skills:
+ Strong understanding of security principles, practices, and technologies.
+ Excellent project management skills, with a proven track record of delivering complex projects.
+ Exceptional communication and interpersonal skills.
+ Ability to lead and motivate a team.
+ Strong problem-solving and analytical skills.
+ Ability to work under pressure and manage multiple priorities.
+ Strong change management, scope management, and contractual negotiation skills.
+ Ability to obtain UK SC clearance.
**Who we are:**
We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA ( we'll offer you:**
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here: are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
Back to search Email to a friend Apply now

**Job Description Summary**
We are seeking a seasoned Cyber Security Consulting Engineer to lead the development and integration of secure architectures for critical Transmission & Distribution (T&D) systems.
As a recognized technical authority, you will define cybersecurity strategy across hardware, embedded systems, and software-defined platforms in modern electric grids-spanning protection, control, and energy management technologies for Grid Automation business unit.
You will embed Security by Design and Cyber-Informed Engineering (CIE) principles throughout the product lifecycle, operating at the intersection of operational technology (OT) and information technology (IT). Your work will help drive regulatory compliance, product security, and support both R&D teams and utility customers in securing mission-critical infrastructure.
**Job Description**
**Key Responsibilities:**
+ Act as the cybersecurity design authority for T&D products, defining end-to-end architectures across hardware, firmware, and cloud-connected systems, advising on secure protocols, cryptography, authentication, and network hardening.
+ Translate and implement global regulatory standards (IEC 62443, IEC 61850, IEC 62351, NERC CIP) into product requirements, and lead technical strategy planning, architecture reviews, and security certification efforts.
+ Guide engineering teams through threat modeling, secure coding, SDLC best practices, and CIE adoption to mitigate cyber-physical risks affecting safety, reliability, or operations.
+ Define and support embedded and software-based security features using C/C++, Python, and modern toolchains, while collaborating on penetration testing, fuzz testing, code reviews, and security simulations.
+ Lead cross-functional initiatives with PSL, product management, compliance, field operations, and R&D to align cybersecurity objectives and ensure systems meet resilience and compliance expectations.
+ Monitor cybersecurity trends, ICS/OT threat landscapes, and emerging technologies, recommending tools and methods to enhance product security posture.
+ Partner with PSL, incident response and product security teams to support vulnerability remediation, post-incident analysis, and contribute to the creation of security documentation, including architecture specs, procedures, and training materials.
+ Represent the company in industry forums, standards bodies, and technical panels, and contribute to white papers, patents, and technical publications supporting innovation and thought leadership for Grid Automation.
**Required Qualifications:**
+ Bachelor's degree in engineering, Computer Science, Cybersecurity, or a related field.
+ Minimum of 8 years of engineering experience, with 5 years focused on cybersecurity for embedded or software-defined systems.
**Desired Characteristics:**
+ Professional certifications such as CISSP, GIAC (GPEN/GXPN), CEH, or ISA/IEC 62443 preferred.
+ Proven ability to secure OT/ICS environments, preferably within the energy or utilities sector.
+ Deep familiarity with industrial protocols (e.g., IEC 61850, DNP3, Modbus, IEEE 2030.5) and relevant cybersecurity standards.
+ Experience in embedded system development (C/C++, RTOS), as well as Linux/Windows platforms.
+ Strong hands-on background in PKI, identity management, network security appliances, and security monitoring.
+ Proficient in threat modeling, risk/vulnerability assessment, and using forensic/security analysis tools.
+ Excellent communication and stakeholder engagement skills, able to translate technical content for non-technical audiences.
+ Exposure to quality improvement methodologies (e.g., Lean, Six Sigma) is a plus.
+ Recognized as a thought leader through publications, patents, or industry involvement.
+ Willingness to travel for customer engagements, conferences, and global collaboration.
**For US Based Candidates -
The base pay range for this position is 152,400.00 - 190,000.00 USD Annual. The specific pay offered may be influenced by a variety of factors, including the candidate's experience, education, and skill set. This position is also eligible for a 15% variable incentive bonus annually. This posting is expected to close on _9/8/25._
*The Company pays a geographic differential of 110%, 120% or 130% of salary in certain areas.
Healthcare benefits include medical, dental, vision, and prescription drug coverage; access to a Health Coach, a 24/7 nurse-based resource; and access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services. Retirement benefits include the GE Retirement Savings Plan, a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and planning consultants. Other benefits include tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, and paid time-off for vacation or illness.
General Electric Company, Ropcor, Inc., their successors, and in some cases their affiliates, each sponsor certain employee benefit plans or programs (i.e., is a "Sponsor"). Each Sponsor reserves the right to terminate, amend, suspend, replace, or modify its benefit plans and programs at any time and for any reason, in its sole discretion. No individual has a vested right to any benefit under a Sponsor's welfare benefit plan or program. This document does not create a contract of employment with any individual.
**Additional Information**
**Relocation Assistance Provided:** No
#LI-Remote - This is a remote position
GE Vernova is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

Information Security Manager

70,000- 75,000 PA

Central London

Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years.

The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements.

Responsibilities:

• Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business
• Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments
• Actively contribute to ISO processes, strategies and problem-solving
• Use prior ISO experience to support certification readiness
• Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap
• Handle varied and complex security challenges, from system reviews to high-level risk assessments
• Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing

Requirements:

• Experience with ISO 27001 is essential
• Strong background in cyber security management
• Proven experience in identifying and mitigating security risks#
• Ability to make actionable recommendations for security improvements
• Experience with GDPR and data protection, together with knowledge of IS standards
• Security assessment frameworks (threat modelling, controls assessment, risk assessment)
• Relevant qualifications; CISSP, CISM or similar would be beneficial.

Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation.