IT Security Lead

Overview

Job Title: IT Security Lead – 6 Month Fixed Term Contract

Location: Mayfair – Hybrid

Type: Permanent

Unity Advisory is a challenger advisory firm.

Built for the AI-enabled world, we operate a lean, conflict-free, and client-centric model that embeds AI across all work streams.

With no audit practice, we do not have the audit-related conflicts which allows us to focus entirely on delivering value to clients with agility and innovative, outcome-based commercial models. Our culture is highly collaborative and flat-structured and free of traditional partner P&L silos – pursuing the best outcomes for our clients.

We are now looking for an IT Security Lead to join our growing team.

The Security Lead (Fixed Term Contractor) will play a pivotal role in strengthening Unity Advisory’s security posture by working across technical, governance, and operational domains. Acting as the primary liaison between Unity Advisory and its Managed SOC provider, this role will lead the implementation of Cyber Essentials certification and alignment with ISO 27001 standards. The contractor will establish, ope rationalise, and embed sustainable security practices while building organisational readiness for formal audit and certification.

They will also lead on operational Information Security practices including identity management and vulnerability management.

This is both a strategic and hands-on role that requires the ability to bridge governance, technology, and stakeholder engagement, ensuring Unity Advisory’s security maturity evolves in line with regulatory and business objectives.

• Lead the development and rollout of a security governance framework aligned with ISO 27001 controls and Cyber Essentials requirements.
• Conduct gap analyses and implement corrective action plans to achieve compliance milestones.
• Draft and maintain security policies, standards, and procedures.

• Act as the central point of contact with the Managed Security Operations Centre (SOC), ensuring effective triage, response, and reporting of security incidents.
• Oversee configuration and optimisation of SIEM/SOAR tools to ensure actionable alerting.
• Run periodic tabletop exercises and incident simulations to validate response capability.
• Ensure Vulnerability Management activities are carried out, in conjunction with the wider team and managed services function.

• Coordinate the technical and procedural controls required to meet Cyber Essentials Plus certification.
• Liaise with external assessors, IT operations, and third-party providers to ensure readiness for audit.

• Build an Information Security Management System (ISMS) tailored to Unity Advisory’s business model.
• Map existing processes and documentation to ISO 27001 Annex A controls.
• Prepare the organisation for internal and external audits, including documentation, risk treatment plans, and asset registers.

• Conduct and maintain an enterprise-wide information security risk register.
• Support Data Protection Impact Assessments (DPIAs) and privacy alignment activities in collaboration with the CPO.
• Support contractual security clauses and third-party vendor due diligence.

• Deliver a targeted security awareness programme, including phishing simulations, staff training, and policy communications.
• Foster a culture of shared security responsibility across departments.

• Strong knowledge of information security frameworks including ISO 27001, Cyber Essentials, NIST CSF, and CIS Controls.
• Experience liaising with SOCs, managing SIEM/SOAR tools, and handling incident response workflows.
• Proven experience leading security maturity assessments and implementing ISO 27001-aligned controls.
• Understanding of risk-based security management, policy design, and compliance reporting.
• Excellent communication and stakeholder management skills—able to engage both technical and non-technical audiences.
• Experience in cloud and SaaS security, ideally within Microsoft 365 and Azure environments.
• Familiarity with third-party risk…