ISO 27001 & Defence Cyber Certification Implementation Consultant

As ISO 27001 & Defence Cyber Certification Implementation Consultant, you will play a central role in helping KEYSIGMA develop, enhance and evidence the internal systems, controls, policies, procedures and assurance mechanisms required to support our ISO 27001 certification and Defence Cyber Certification ambitions.

You will work under the strategic direction of the Managing Director, who is a Chartered Cyber Security Professional and Defence Cyber Certification assessor. However, this is not a role where you will be given step-by-step instructions every day. You will need to be confident taking ownership, working independently, identifying what needs to be done and driving the programme forward.

You will not be expected to deliver every technical task alone. You will be supported by apprentices, consultants and other members of the team who can assist with technical implementation, documentation, evidence gathering and operational improvements. A key part of the role will be breaking the required work into clear work packages, allocating tasks appropriately, coordinating delivery and ensuring actions are followed through to completion.

The Managing Director will provide direction, technical context and strategic oversight, but you will be expected to bring structure, momentum and practical delivery to the programme. You will help turn strategic objectives and certification requirements into organised, achievable pieces of work that can be delivered by the wider team.

The first phase of the role will focus on strengthening and expanding KEYSIGMA's internal control environment, enhancing the systems we need to operate as a Defence Cyber Certification body and achieve ISO 27001 certification.

Once these internal systems are in place, the role will develop into a broader consultancy and assurance position. You will support our Defence Cyber Certification and ISO 27001 services, helping clients understand, implement and evidence the controls required for certification. You will work alongside experienced senior assessors and cyber assurance professionals, gaining exposure to a specialist and growing area of the market., ISO 27001 and ISMS development

• Supporting the development, enhancement and maintenance of the internal systems required to achieve and maintain ISO 27001 certification.
• Helping strengthen KEYSIGMA's Information Security Management System by creating, reviewing and improving practical policies, processes, procedures and records that are effective, proportionate and aligned to the way the business operates.
• Supporting risk assessment, risk treatment planning, control alignment and evidence management to ensure ISO 27001 requirements are embedded practically into business operations and supported by clear evidence for certification, audit and ongoing assurance activity.
• Supporting internal audits, management reviews, corrective actions and continual improvement activity.

Defence Cyber Certification readiness

• Supporting KEYSIGMA's progression towards Defence Cyber Certification Level 2 by helping translate the standard's requirements into a clear internal delivery plan.
• Reviewing Defence Cyber Certification requirements, mapping them against KEYSIGMA's existing controls, processes and evidence, and identifying areas that need to be strengthened, formalised or further evidenced.
• Coordinating the development of required controls, records, procedures and evidence so that KEYSIGMA can demonstrate readiness against the standard.
• Working with internal stakeholders, apprentices and consultants to allocate actions, track progress and ensure technical and operational work packages are completed.
• Ensuring new or enhanced controls are practical, proportionate and aligned to the way KEYSIGMA operates as a growing cyber security consultancy and certification body.
• Helping create reusable templates, evidence structures and implementation approaches that can support both KEYSIGMA's internal readiness and future client delivery.
• Building knowledge of the Defence Cyber Certification standard over time, with the aim of becoming a specialist contributor to KEYSIGMA's Defence Cyber Certification services.

Work package coordination and delivery management

• Breaking certification and control requirements down into clear, achievable work packages, with defined actions, owners and expected outputs.
• Coordinating apprentices, consultants and other team members who support technical implementation, documentation and evidence gathering.
• Tracking progress across multiple workstreams, maintaining momentum and ensuring actions are completed to the required standard.
• Escalating blockers, risks or resource issues where needed, while ensuring completed work is properly documented, evidenced and aligned to certification requirements.

Future consultancy and client delivery

Once KEYSIGMA has completed its internal certification programme, this role will expand into client-facing consultancy and delivery.

This is a planned growth area for the business. As our Defence Cyber Certification services scale, we expect to build out a dedicated delivery team of senior assessors, consultants and supporting staff. You will play an important role in that growth and help shape how KEYSIGMA delivers Defence Cyber Certification and ISO 27001 services to clients.

In this phase of the role, you will:

• Support clients in understanding ISO 27001 and Defence Cyber Certification requirements.
• Assist clients with preparing evidence, developing appropriate controls and progressing towards certification readiness.
• Contribute to client workshops, gap assessments, implementation projects and assurance activity.
• Work alongside senior Defence Cyber Certification assessors and experienced cyber security consultants.
• Help develop KEYSIGMA's delivery methods, templates, consultancy materials and repeatable implementation approaches.
• Support the growth of a dedicated Defence Cyber Certification delivery team as the service scales.
• Play an active role in building KEYSIGMA's reputation as a trusted provider of ISO 27001 and Defence Cyber Certification services., * Join a specialist cyber security consultancy at an exciting stage of growth.
• Play a key role in achieving ISO 27001 certification and Defence Cyber Certification readiness.
• Build on an already strong internal assurance environment and help shape the next stage of our growth.
• Gain training and hands-on experience in Defence Cyber Certification.
• Work directly with a Chartered Cyber Security Professional and experienced Defence Cyber Certification assessor.
• Be supported by apprentices, consultants and technical colleagues as you coordinate meaningful work packages.
• Help shape the internal systems and controls of a growing certification and consultancy business.
• Develop into a specialist in ISO 27001, cyber assurance and defence cyber certification.
• Move into client-facing consultancy once the internal programme is established.
• Work with experienced senior assessors and cyber security professionals.
• Take on meaningful responsibility from day one.
• Make a visible impact in a business where your work genuinely matters.

Benefits

• Professional development and training
• Flexitime
• Free fitness classes
• On-site parking
• Hybrid working

Ability to Commute

You must be able to reliably commute to our Cheltenham office when required.

Security Clearance

This role may require security clearance due to the nature of our work and our planned expansion into Defence Cyber Certification services.

Applicants must be willing and able to undergo security screening if required. This may include checks relating to identity, employment history, right to work in the UK, criminal record, financial probity and other relevant background checks.

Eligibility for UK security clearance will be an important consideration for this role. Applicants should normally have been resident in the UK for a sufficient period to meet security clearance requirements.

Do you have experience in Surveillance?, You will be an experienced ISO 27001 professional who is confident working across ISMS management, implementation, audit readiness and continual improvement.

You will have practical experience implementing, maintaining, managing or auditing ISO 27001 or an established Information Security Management System. You will understand how to interpret certification requirements, assess existing controls, identify gaps, manage risk treatment activity, prepare evidence and support organisations through certification, surveillance or audit activity.

You will be comfortable turning standards and assurance requirements into practical business systems. This means creating or improving policies, processes, procedures, records and evidence in a way that is structured, proportionate and aligned to how the business operates.

You will also be comfortable bringing structure to complex work. You will be able to break certification and control requirements down into clear work packages, coordinate the work of apprentices, consultants and technical colleagues, track actions through to completion and ensure outputs are delivered to the required standard.

We are not expecting you to arrive with detailed knowledge of Defence Cyber Certification. The standard is new, specialist and still developing as a market. What we are looking for is someone with the drive, curiosity and professional discipline to get up to speed quickly, understand the requirements in depth and become highly capable in applying them.

This is an excellent opportunity for someone who already has strong ISO 27001 capability and wants to expand their skill set into defence cyber assurance, certification, audit and consultancy. You will be supported with training, guidance and access to experienced Defence Cyber Certification assessors, but you will also need to put in the effort required to become genuinely knowledgeable and useful in this area.

You will need to be proactive, organised and confident working independently. This role would suit someone who enjoys taking ownership, solving problems, working with senior stakeholders and helping a growing business build scalable systems without creating unnecessary bureaucracy., * Experience implementing, maintaining, managing or auditing ISO 27001 or an established Information Security Management System.

• A good understanding of information security controls, risk management, risk treatment and assurance processes.
• Experience supporting certification, surveillance, recertification or audit readiness activity.
• Ability to interpret standards, identify requirements and translate them into practical, proportionate business actions.
• Strong documentation skills, with the ability to create clear policies, procedures, records, control documentation and evidence.
• Ability to assess existing controls, identify areas for improvement and support continual improvement activity.
• Ability to break complex certification or control requirements down into clear work packages with defined actions, owners and outputs.
• Confidence coordinating apprentices, consultants or technical colleagues to support implementation, documentation and evidence gathering.
• Ability to track actions, follow up on progress and ensure work is completed to the required standard.
• A proactive and self-starting approach, with the confidence to work independently and drive work forward.
• Good organisational skills, strong attention to detail and the ability to manage multiple workstreams.
• Confidence working with senior stakeholders and technical colleagues.
• A practical leadership style, with the ability to bring structure and momentum without creating unnecessary bureaucracy.
• Interest in expanding your expertise into Defence Cyber Certification, cyber assurance, audit and consultancy.

Desirable

• ISO 27001 Lead Implementer or Lead Auditor certification.
• Experience supporting external certification audits.
• Experience in cyber security consultancy, GRC, compliance or assurance.
• Knowledge of Cyber Essentials, IASME Cyber Assurance or similar certification schemes.
• Experience working in a small business, consultancy or professional services environment.
• Experience developing templates, processes, control frameworks or evidence packs.
• Experience supporting clients with certification, audit readiness or control implementation.
• Relevant cyber security qualifications such as CISMP, Security+, CISM, CISSP or similar., * Are you currently resident in the United Kingdom with the unrestricted right to work in the United Kingdom?
• Do you have experience implementing, maintaining, managing or auditing ISO 27001 or an Information Security Management System?
• Do you have experience coordinating work packages, implementation activity or certification readiness projects?
• Are you willing and able to undergo security clearance or security screening if required?

Important Information

Please note that this role is not eligible for visa sponsorship. Applicants must already have the unrestricted right to work in the UK.

Due to the nature of our work, this role may require security clearance or security screening. Any offer of employment may be subject to satisfactory completion of relevant checks., * Do you have practical experience implementing, maintaining, managing or auditing ISO 27001 or an established Information Security Management System?

• Are you willing and able to undergo security clearance or security screening if required for this role?

Experience:

• ISO 27001, ISMS or GRC: 3 years (preferred)

Licence/Certification:

• ISO 27001 Lead Implementer/Auditor certification (preferred)

Pulled from the full job description

• Flexitime
• Free fitness classes
• Company pension
• Casual dress
• On-site parking, * Casual dress
• Company pension
• Free fitness classes
• On-site parking

KEYSIGMA is a growing cyber security consultancy and certification body at an exciting stage in its development. We are already an established Cyber Essentials certification body, with strong internal processes, mature operational controls, UKAS ISO 9001 certification for quality, and IASME Cyber Assurance Level 2 certification for information security. Our business is well aligned to ISO 27001, and we are now taking the next major step in our growth. KEYSIGMA is moving into the delivery of Defence Cyber Certification services, supporting organisations seeking certification across Levels 0, 1 and 2. To support this, and to meet the requirements placed on a Defence Cyber Certification body, we are further strengthening, formalising and expanding our own internal systems, controls, processes and evidence base. Our plan is to build on our existing security, quality and assurance foundations so that we achieve both ISO 27001 certification and Defence Cyber Certification Level 2 readiness in a coordinated and efficient way. This is where you come in. We are looking for a capable, proactive and technically minded ISO 27001 professional to help us take our existing security and assurance framework to the next level. KEYSIGMA already has strong internal processes, mature operational controls and recognised certifications in place. This role will help us further strengthen, formalise and scale those controls as we expand into Defence Cyber Certification and continue to grow our consultancy services. This is a rare opportunity to join a specialist cyber security consultancy at a key point in its growth, work directly with senior leadership, gain exposure to an important defence cyber assurance standard, and develop into a specialist in both ISO 27001 and Defence Cyber Certification.