2,868 Junior Security Consultant jobs in the United Kingdom

• Conduct comprehensive information security risk assessments and gap analyses.
• Develop and implement tailored information security strategies and roadmaps.
• Advise clients on cybersecurity best practices, including data protection and privacy.
• Assist clients in achieving and maintaining compliance with relevant regulations (e.g., GDPR, ISO 27001).
• Design and recommend security controls and solutions across various technology stacks.
• Provide expert guidance on cloud security, network security, and application security.
• Develop and deliver security awareness training programs.
• Support clients during security audits and penetration testing engagements.
• Create and review security policies, procedures, and guidelines.
• Manage security projects from inception to completion.
• Stay current with evolving threats, vulnerabilities, and security technologies.

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Significant experience in information security consulting or a similar advisory role.
• In-depth knowledge of cybersecurity frameworks and best practices (e.g., ISO 27001, NIST, CIS Controls).
• Experience with risk management methodologies and security assessment tools.
• Strong understanding of various security domains: network, application, cloud, endpoint, GRC.
• Excellent communication, presentation, and stakeholder management skills.
• Experience with data privacy regulations (e.g., GDPR).
• Professional security certifications (e.g., CISSP, CISM, CRISC) are highly desirable.

• Conduct comprehensive information security risk assessments and audits.
• Develop and implement security policies, procedures, and guidelines.
• Advise on and ensure compliance with relevant security standards and regulations (e.g., ISO 27001, GDPR, NIST).
• Evaluate the effectiveness of existing security controls and identify areas for improvement.
• Assist in the development and execution of incident response plans.
• Provide expert advice on cybersecurity best practices and emerging threats.
• Conduct security awareness training for staff.
• Review and assess third-party vendor security.
• Contribute to the development of business continuity and disaster recovery plans.
• Collaborate with IT and business units to integrate security into all aspects of operations.
• Stay up-to-date with the latest security threats, vulnerabilities, and technologies.

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Minimum of 5 years of experience in information security consulting or a similar role.
• Proven expertise in information security risk management and compliance.
• Strong knowledge of cybersecurity frameworks and standards (ISO 27001, NIST, SOC 2).
• Experience with security assessment methodologies and tools.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong understanding of network security, application security, and data protection.
• Excellent written and verbal communication skills, with the ability to present complex information clearly.
• Relevant certifications such as CISSP, CISM, CISA, or CRISC are highly desirable.
• Ability to work independently and manage project deliverables effectively.

• Conducting comprehensive information security risk assessments and vulnerability analyses for clients.
• Developing and implementing tailored security strategies, policies, and procedures to meet client needs.
• Advising clients on compliance requirements (e.g., GDPR, ISO 27001) and best practices.
• Designing and recommending security architectures and solutions, including network security, endpoint protection, and data security measures.
• Assisting clients with security incident response planning and execution.
• Performing penetration testing and security audits.
• Providing expert guidance on security awareness training and best practices for end-users.
• Collaborating with client IT teams to ensure effective implementation of security controls.
• Staying abreast of the latest cybersecurity threats, vulnerabilities, and industry trends.
• Preparing detailed reports and presentations for clients, outlining findings and recommendations.
• Managing client relationships and ensuring high levels of satisfaction.
• Contributing to the development of the firm's security consulting services.

Intaso is representing a leading independent cyber security consultancy dedicated to helping UK businesses navigate the complex world of digital risk. They are recognised as a trusted partner to a growing portfolio of mid-market commercial clients, providing pragmatic, risk-based security advice that goes beyond simple box-ticking.

The Role

This is a unique and exciting opportunity for a seasoned PCI DSS expert to take ownership of and drive the growth of the Payment Card Industry (PCI) service line. This role is a perfect blend of deep technical consulting, strategic client advisory, and sophisticated business development.

You will act as the lead subject matter expert, guiding mid-market clients through the complexities of achieving and maintaining PCI DSS compliance. You will also contribute and share in the rewards for the commercial success of the practice, identifying and winning new business with both existing and prospective customers by acting as a trusted, credible advisor.

Key Responsibilities

Consulting & Delivery (approx. 80%)

• Lead and deliver a range of PCI DSS compliance services, including Gap Analyses, Scoping Workshops, Remediation Advisory, and formal assessments (Report on Compliance (RoC) and Self-Assessment Questionnaires (SAQ)).
• Act as a virtual CISO or trusted security advisor to key clients, providing ongoing strategic guidance on their compliance programmes.
• Translate complex technical PCI DSS requirements and security findings into clear, business-oriented language for senior stakeholders, including C-level executives.
• Develop pragmatic and cost-effective remediation roadmaps to help clients address compliance gaps.
• Stay at the forefront of the PCI DSS standard, including all updates (e.g., PCI DSS v4.0) and their implications for clients.
• Produce high-quality, professional reports and deliverables for clients.

Business Development & Practice Growth (approx. 20%)

• Develop and execute the commercial strategy for the PCI DSS service line.
• Proactively identify and cultivate new business opportunities within the existing client base and with new prospects.
• Build and maintain a strong network of contacts and potential clients within the UK mid-market.
• Lead pre-sales activities, including initial client conversations, requirements gathering, solution scoping, and the creation of compelling proposals and Statements of Work (SoW).
• Confidently present capabilities and value proposition to potential clients.
• Collaborate with the marketing team to develop collateral, thought leadership (blogs, whitepapers), and campaigns to promote the PCI service line.
• Represent the business at industry events, webinars, and conferences.

Required Skills & Experience

• Extensive, hands-on experience leading and delivering PCI DSS assessments and advisory projects for a reputable consultancy or QSA company.
• Proven track record in a client-facing, highly consultative role with the ability to build strong, trust-based relationships.
• Demonstrable commercial acumen and experience in identifying, nurturing, and closing business opportunities in a sophisticated, value-led manner.
• Excellent communication and interpersonal skills, with the ability to engage credibly with technical teams, business managers, and C-level executives.
• Strong understanding of the UK mid-market commercial landscape.
• Broad knowledge of complementary security domains and standards (e.g., ISO 27001, Cyber Essentials, cloud security, risk management).
• Self-motivated, proactive, and able to work with a high degree of autonomy.
• Full UK driving licence and willingness to travel to client sites.

Desirable Attributes

• Ideally should be a current and active PCI DSS Qualified Security Assessor (QSA).
• Additional industry certifications such as CISSP, CISM, or CISA.
• Experience in mentoring junior consultants.
• Experience in developing or refining consulting methodologies and service offerings.
• Established network of contacts in the retail, hospitality, or e-commerce sectors.

What We Offer

• A competitive salary and a generous performance-related bonus structure directly linked to the success of the service line.
• The opportunity to build and shape a key practice area with a significant degree of autonomy.
• A clear path for career progression in a growing consultancy.
• A dedicated budget for training, professional development, and certifications.
• Flexible and hybrid working arrangements.
• Contributory pension scheme and private health insurance.
• A collaborative and supportive team environment where your contribution is valued and has a direct impact on the company's success.

• Conduct comprehensive security risk assessments and gap analyses for clients.
• Develop and implement tailored information security strategies and roadmaps.
• Advise clients on achieving and maintaining compliance with relevant regulations and standards (e.g., GDPR, PCI DSS, ISO 27001).
• Design and oversee the implementation of security architectures and controls.
• Lead incident response planning and execution for client organizations.
• Provide expert guidance on security best practices, threat intelligence, and emerging risks.
• Develop and deliver security awareness training programs.
• Manage client relationships and act as a trusted advisor on security matters.
• Prepare and present detailed security reports and recommendations to senior management.
• Collaborate with internal teams to develop service offerings and proposals.

• Master's degree in Information Security, Computer Science, or a related discipline.
• Minimum of 7 years of experience in information security, consulting, or a related field.
• In-depth knowledge of cybersecurity frameworks, regulations, and best practices.
• Proven experience in risk management, compliance auditing, and security architecture design.
• Excellent understanding of security technologies (e.g., firewalls, IDS/IPS, SIEM, DLP).
• Exceptional analytical, problem-solving, and strategic thinking skills.
• Strong leadership, interpersonal, and client-facing communication skills.
• Ability to manage multiple complex projects and demanding client expectations.
• Relevant certifications such as CISSP, CISM, CISA, CRISC are highly desirable.
• Experience in specific industry sectors (e.g., finance, healthcare) is a plus.

My client is looking for a Senior Information Security Consultant - GRC to deliver governance, risk, and compliance services to clients across Europe. This role focuses on strengthening client security posture through risk management, policy development, compliance assessments, and training. You will also support internal initiatives, mentor junior colleagues, and contribute to my client’s wider security leadership.

Key Responsibilities

• Lead delivery of GRC and information security services to clients, including risk identification, remediation, and compliance with regulatory and data protection standards.
• Develop, implement, and review security and governance policies, frameworks, and operational procedures.
• Conduct ISMS assessments, internal audits, and compliance gap analyses against recognised standards.
• Advise on secure tool deployment, incident response procedures, and overall security posture enhancement.
• Define and implement tailored security tools, processes, and controls.
• Deliver training, awareness sessions, and security simulations to client teams.
• Produce executive-level reports and technical briefs for clients.
• Build and maintain strong client relationships, ensuring high-quality service delivery and long-term trust.
• Mentor and train junior colleagues, including providing line management support where required.
• Contribute to recruitment, staff development, and internal knowledge-building initiatives.
• Escalate operational issues, support continuous service improvement, and assist with team development planning.

Essential

• Relevant cybersecurity and GRC certifications (e.g., CISSP, CISA, CEH, Security+, CCNA, Network+, ISO 27001 Lead Implementer / Lead Auditor ).
• Minimum 3 years’ experience in cybersecurity, information security, or GRC roles.
• At least 3 years of client-facing or managed services experience.
• Minimum 2 years in a leadership, management, or mentoring role.
• Proven experience delivering and managing multiple GRC or security projects independently.
• Experience maintaining compliance documentation and ISMS records.

Preferred

• Experience leading implementation projects with cross-functional teams.
• Strong knowledge of scaling GRC frameworks across varied organisations.
• Solid understanding of risk management, ISO standards, and industry best practices.
• Experience in staff development, internal training, and supporting recruitment activities.

3B Data Security, ( a UBDS Group company) is seeking an experienced and highly motivated Senior Information Security Consultant with active PCI Qualified Security Assessor (QSA) status. The successful candidate will play a critical role in delivering high-quality information security consulting services to clients, encompassing PCI DSS (Payment Card Industry Data Security Standard) compliance, ISO 27001 implementation, Virtual Chief Information Security Officer (vCISO) engagements, and broader governance, risk, and compliance (GRC) support.

As a senior member of the consulting team, you will lead on complex projects, act as a subject matter expert, support business development, and contribute to the strategic growth of the organisation. You will have the opportunity to engage across diverse information security domains and help shape the direction of a growing and dynamic business.

• Deliver high-quality PCI DSS assessments, including Report on Compliance (RoC) production for Merchants and Service Providers
• Lead and deliver a variety of consultancy engagements including ISO 27001 audits and implementations, GDPR assessments, risk assessments, policy development, and vCISO support.
• Act as a trusted advisor to clients, ensuring pragmatic and tailored guidance aligned with regulatory requirements and business needs.
• Mentor junior consultants, providing technical oversight, guidance, and quality assurance on engagements.
• Contribute to the development and delivery of internal training materials and client-facing information security training courses.
• Support the Leadership Team in identifying and developing new business opportunities.
• Lead on the scoping and conversion of new client engagements, contributing to bid writing and client proposals.
• Provide escalation support for complex security queries and technical decision-making.
• Maintain and enhance knowledge of PCI-related standards (e.g., PCI P2PE, PCI PIN) and other emerging areas such as cyber resilience, digital forensics, and incident response.

Requirements

Essential

• Current PCI QSA (Qualified Security Assessor) certification.
• A minimum of 5 years’ experience in an information security consultancy role, including significant experience with PCI DSS and ISO 27001.
• Demonstrable experience in producing high-quality RoC documentation and conducting complex PCI DSS assessments.
• Strong understanding of broader security standards and frameworks, including Cyber Essentials, DPA 2018, GDPR, NIST, and SOX.
• ISO 27001 Lead Auditor or Implementor certification.
• Excellent communication and stakeholder engagement skills with a client-focused approach.
• Proven ability to manage multiple concurrent engagements and operate autonomously.
• Full UK working rights and flexibility to travel both nationally and internationally as required.

Desirable

• CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) certification.
• Experience with Cyber Essentials Plus assessments, vulnerability assessments, or Cyber Advisor schemes.
• Familiarity or interest in adjacent domains such as PCI P2PE, PCI PIN, automotive security, digital forensics, and penetration testing.

Benefits

Why people choose to grow their careers at UBDS Group

Professionals choose to grow their careers at UBDS Group for its reputation as a dynamic and forward-thinking organisation that is deeply committed to both innovation and employee development. At UBDS Group, employees are given unique opportunities to work on cutting-edge projects across a diverse range of industries, exposing them to new challenges and learning opportunities that are pivotal for professional growth. The Group’s culture emphasises continuous improvement, offering ample training programs, mentorship, and the chance to gain certifications that enhance their skills and marketability.

UBDS Group fosters a collaborative environment where creativity and innovation are encouraged, allowing employees to contribute ideas and solutions that have a tangible impact on the company and its clients. This combination of professional development, a culture of innovation, and the opportunity to make meaningful contributions makes UBDS Group an attractive place for those looking to advance their careers and be at the forefront of technological and operational excellence.

Employee Benefits

• Training – All team members are offered a number of options in terms of personal development, whether it is technical led, business acumen or methodologies. We want you to grow with us and to help us achieve more
• Private medical cover for you and your spouse/partner, offered via Vitality
• Discretionary bonus based on a blend of personal and company performance
• Holiday – You will receive 25 Days holiday, plus 1 day for Birthday and 1 day for your work anniversary in addition to UK bank holidays
• Electric Vehicle leasing with salary sacrifice
• Contributed Pension Scheme
• Death in service cover

About UBDS Group

At UBDS Group our mission is to support entrepreneurs who are setting new standards with technology solutions across cloud services, cybersecurity, data and AI, ensuring that every investment advances our commitment to innovation, making a difference, and creating impactful solutions for organisations and society.

Equal Opportunities

We are an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.