Cyber Security Consultant

Location: Leeds or Manchester (Hybrid, 1 day on site/week)

Type: Permanent, Full-Time

Summary:

We are working with a UK cyber security consultancy to bring in Cyber Risk & Compliance Consultants into their advisory practice. The team supports a varied client portfolio across regulated and non-regulated sectors, with a strong focus on helping clients evidence security maturity, manage regulatory exposure, and improve control environments in practical, defensible ways.

The role is broad. One week you might be running a controls gap assessment against ISO 27001; the next, supporting a client through a regulatory submission, building out a risk register, or working through third‑party risk on a critical supplier. You'll be working alongside senior consultants on live engagements from the start, with structured support to grow into more independent delivery.

Key Responsibilities:

• Cyber risk assessments, controls gap analyses and maturity reviews against ISO 27001, NIST Framework, GDPR etc.
• Supporting clients through certification and audit cycles - evidence, control mapping, remediation.
• Producing risk registers, treatment plans and improvement roadmaps clients can actually execute.
• Cloud and SaaS security reviews, translating findings into pragmatic recommendations.
• Third‑party and supply chain risk assessments.
• Drafting and reviewing policies, standards and procedures calibrated to client risk appetite.
• Clear reporting and stakeholder communication, from technical teams to board level.

Requirements:

• 3–7 years in cyber risk, information security, compliance or audit.
• Working knowledge of ISO 27001, NIST, GDPR.
• Certifications:
  
  ISO 27001 LI/LA, CISA, CRISC, CISM, CISSP.
• Cloud security review experience (AWS, Azure, M365).
• Strong written and verbal communication across technical and executive audiences.
• Clear career progression pathway

Role: Cyber Security Consultant