At a Glance
- Tasks: Conduct cybersecurity risk assessments and develop business continuity plans for critical initiatives.
- Company: Join a leading consultancy with a focus on information security and resilience.
- Benefits: Competitive daily rate, hybrid working, and opportunities for professional growth.
- Other info: Dynamic role with a chance to work on high-priority strategic initiatives.
- Why this job: Make a real impact in the world of information security during exciting M&A activities.
- Qualifications: Experience in M&A security due diligence and compliance with ISO 27001 and SOC 2.
The predicted salary is between 70000 - 90000 Β£ per year.
We are seeking two highly skilled, hands-on Contract Information Security Resilience Consultants to support several critical, high-priority strategic initiatives. In this dual-role, you will be responsible for executing rigorous security due diligence on upcoming M&A activities, maintaining and maturing our Information Security Management System (ISMS) compliance frameworks, and driving our Business Continuity and Resilience programs.
Key Responsibilities
- M&A Security Due Diligence
- Conduct comprehensive cybersecurity risk assessments and security due diligence on target acquisition companies.
- Review target company security controls, policies, third-party assurance reports (e.g., SOC 2, ISO certifications), and historical security incident logs.
- Identify deal-impacting risks, quantify remediation effort (cost/timeline ranges), and advise on onboarding security priorities.
- Identify risk areas and formulate actionable post-acquisition security integration roadmaps and transition plans.
- Information Security Standards Compliance (ISO 27001 SOC 2)
- Assess, maintain, and mature existing security frameworks aligned with ISO/IEC 27001 and SOC 2 Type II.
- Develop and maintain information security policies, standards, and procedures aligned to these standards and business objectives.
- Run security risk assessments, update risk registers, and drive risk treatment/remediation plans.
- Identify control gaps, collaborate with internal system owners to implement remediation plans, and collect audit-ready evidence.
- Assist in preparing the business, staff, and control owners for upcoming external surveillance and compliance audits.
- Business Continuity
- Lead the review and update of Business Continuity Plans (BCPs) across key business departments.
- Facilitate Business Impact Analyses (BIAs) to identify critical business processes, evaluate upstream/downstream dependencies, and define Recovery Time Objectives (RTOs).
- Design and execute tabletop exercises and simulation tests to validate recovery strategy effectiveness.
- Third-Party Supplier Security
- Perform vendor risk assessments, review security clauses, and ensure suppliers meet security and business continuity requirements.
- Manage the relationship with our outsourced managed IT and information security suppliers.
- Security Awareness Stakeholder Management
- Deliver security awareness initiatives and provide advisory support to projects and teams.
- Communicate risks and recommendations clearly to leadership and non-technical stakeholders.
Required Skills Experience
- M&A Security Expertise: Proven track record of executing security due diligence on target entities during corporate acquisitions.
- Compliance Mastery: Deep, hands-on experience implementing, auditing, or managing ISO 27001 and SOC 2 compliance programs.
- Business Continuity Planning: Experience designing, updating, and testing Business Continuity frameworks (experience aligning with ISO 22301 is a plus).
- Consultative Approach: Outstanding stakeholder management skills, with the ability to communicate complex security risks to business leads and M&A deal teams.
Contact Details:
Advanced Resource Managers Limited Recruitment Team
We think you need these skills to ace Information Security & Resilience Consultant
Cybersecurity Risk Assessments
Security Due Diligence
Control Evaluation
ISO 27001 Compliance
SOC 2 Compliance
Information Security Management System (ISMS)
Business Continuity Planning