Information Security Consultant

You will operate as a hands-on consultant embedded within a leading London law firm, supporting numerous parallel security initiatives and driving improvements across their security posture., End-to-End Security Consultancy (Multi-Project Delivery)

• Deliver expert security consulting across multiple concurrent projects, adapting quickly to new environments, technologies, and stakeholder needs.
• Provide pragmatic, risk-based advice and actionable recommendations to technical and non-technical teams.
• Engage directly with senior stakeholders, project teams, and external partners as a trusted security advisor.

Governance, Standards & ISMS Enhancement

• Own and improve key elements of the information security governance framework.
• Develop, review, and update security policies, standards, processes, and playbooks.
• Strengthen and maintain ISMS controls, ensuring ongoing alignment with ISO 27001 and related standards.

Third-Party & Client Assurance

• Conduct supplier security assessments, audits, and due diligence for a broad range of third parties.
• Work with vendors on remediation planning, tracking, and validation.
• Lead responses to client assurance requests and questionnaires, identifying gaps and proposing mitigation strategies.

Risk Management & Security Assurance

• Perform comprehensive information security risk assessments across systems, projects, and processes.
• Define mitigation controls and develop robust treatment plans aligned with best practice frameworks.
• Coordinate and validate penetration testing activities, supporting the close-out of remediation actions.

Incident Response & Security Operations Support

• Lead investigations into security incidents, ensuring accurate scoping, containment, remediation, and post-incident reporting.
• Act as an escalation point for complex cyber issues requiring expert judgement.

Cyber Awareness & Training

• Shape and deliver engaging cyber awareness activities for staff and third parties.
• Support cultural change by embedding good security practices across the firm.

• Strong working knowledge of ISO 27001/27002 and experience implementing and assessing associated controls.
• Industry certifications such as CISSP, CISM, CRISC (or equivalent).
• Cloud security expertise, ideally with AWS and/or Azure certifications.
• Familiarity with ISO 27005 risk management or NIST RMF.
• Understanding of global Data Protection and Privacy regulations.
• Proven ability to interpret and respond to client requirements.
• Strong written and verbal communication skills, with the ability to engage across all business functions.
• Self-sufficient and proactive, able to work independently or as part of a project team.