At a Glance
- Tasks: Lead clients in implementing ISO/IEC 27001 and Cyber Essentials certifications.
- Company: Join a dynamic consultancy with a focus on information security and resilience.
- Benefits: Enjoy competitive pay, generous holiday, and a range of wellness perks.
- Other info: Flexible working options and a supportive team culture await you.
- Why this job: Make a real impact by guiding organisations through critical security processes.
- Qualifications: Experience in ISO/IEC 27001 and strong communication skills are essential.
The predicted salary is between 55000 - 65000 £ per year.
We have an exciting, permanent opportunity for a Senior Risk & Resilience Consultant / Information Security Consultant & Manager (Associate level) to join any of our 11 UK offices (hybrid working) as we continue to grow following the Howden acquisition. You’ll provide day‑to‑day leadership within a growing and fast‑paced consultancy environment, ensuring the security team delivers high‑quality, responsive services to both internal stakeholders and clients. This role includes full line‑management responsibilities, such as setting clear objectives, holding regular one‑to‑one meetings, supporting professional development, and managing performance in a constructive and accountable manner.
You will coordinate workloads across multiple concurrent client engagements, mentor team members, and foster a collaborative, solutions‑focused culture. You will also work closely with other areas of the organisation including data privacy, business continuity, and enterprise risk to ensure a cohesive and aligned approach to assurance. In addition to leadership responsibilities, this position is hands‑on and client‑facing. You will guide organisations through the implementation and internal audit of ISO/IEC 27001, support them through the Cyber Essentials certification process, and help embed effective security awareness across their business. You’ll also assist clients in assessing and managing third‑party security risks, responding to assurance requests, and making well‑informed risk decisions.
A key requirement of the role is the ability to communicate information security risks clearly and meaningfully, translating technical issues into business‑focused impacts that enable stakeholders to make confident, informed decisions.
Responsibilities- Lead and support clients through ISO/IEC 27001 implementation, from gap analysis to certification readiness.
- Plan and deliver internal ISO/IEC 27001 audits and recommend practical improvements.
- Guide organisations through Cyber Essentials and Cyber Essentials Plus certification.
- Develop and improve proportionate information security policies, processes, and controls.
- Explain information security risks in clear, business‑focused terms, linking technical issues to real‑world impact.
- Deliver tailored security training and awareness sessions for technical and non‑technical audiences.
- Support clients during information security incidents, advising on containment, next steps, and reporting.
- Assist with third‑party security assessments, including supplier reviews, customer questionnaires, and assurance guidance.
- Manage security projects, including planning, monitoring progress, and managing risks.
- Act as a trusted advisor, translating security requirements into actionable business recommendations.
- Facilitate workshops and meetings with stakeholders at all levels.
- Produce clear, well‑structured documentation and reports.
- Support ongoing improvement of clients’ information security management practices.
- Provide day‑to‑day leadership to the security team in a fast‑paced consultancy environment.
- Set objectives, hold regular one‑to‑ones, and manage performance and development.
- Mentor team members and provide quality assurance on deliverables.
- Allocate workloads across multiple client engagements to maintain high‑quality delivery.
- Foster a supportive, collaborative, practical and delivery‑focused team culture.
- Support recruitment, onboarding, and capability development.
- Proven experience implementing ISO/IEC 27001 as a consultant.
- Experience conducting or supporting internal ISO/IEC 27001 audits.
- Practical experience guiding organisations through Cyber Essentials and/or Cyber Essentials Plus.
- Ability to deliver effective information security training and awareness sessions.
- Experience supporting or responding to third‑party security assessments.
- Strong ability to explain security risks in clear, business‑focused terms.
- Solid understanding of information security risk management and controls.
- Confident managing projects, timelines, and stakeholder expectations.
- Excellent written and verbal communication skills.
- Ability to engage and influence stakeholders at all levels, including senior leadership.
- Demonstrated line management and leadership capability, including mentoring, performance management, and team development.
- Experience with data protection and privacy, such as UK GDPR or EU GDPR.
- Experience supporting organisations during security incidents or data breaches.
- Experience assessing supplier risk or working with vendor risk management processes.
- Experience with supporting organisations with Business Continuity planning (ISO 22301).
- Relevant certifications (e.g. ISO 27001 Lead Implementer, Lead Auditor, Cyber Essentials Assessor, CISM, CISSP).
- Previous consultancy or client‑facing experience.
- Competitive discretionary annual bonus.
- Core benefits paid for by BW including life assurance, group income protection, private medical cover and 25 days holiday per year with holiday trading.
- A generous pension scheme where we contribute 8% of your salary from day one of your employment.
- Employee Assistance Programme to support you and your family through any concerns or challenges you may experience.
- A comprehensive range of voluntary benefits to suit you (and your family) including an electric car leasing scheme, tech scheme, cycle to work scheme, dental cover, healthcare cash plan, health assessments, critical illness cover, extension of private medical cover or life assurance to family members, Sports Allowance – we pay up to 50% of your gym/sports membership (up to £50 pm), travel insurance, paid volunteering, and a broad range of discounts at hundreds of retailers including supermarkets, fitness centres, travel and leisure companies.
We are happy to talk flexible working arrangements.
AccessibilityWe are a Disability Confident Employer. If reasonable adjustments could support you, or if you would like more information on accessibility, please click here.
Senior Risk & amp ; Resilience Consultant , Information Security ( Associate ) employer: Barnett Waddingham
Barnett Waddingham is an excellent employer, offering a supportive work culture that values detail-oriented professionals in the IT sector. With hybrid working options available in vibrant locations like Birmingham and Amersham, employees benefit from a competitive package that includes a generous pension and annual bonus, alongside ample opportunities for personal and professional growth within a collaborative environment.
StudySmarter Expert Advice🤫
We think this is how you could land Senior Risk & amp ; Resilience Consultant , Information Security ( Associate )
✨Tip Number 1
Network like a pro! Reach out to your connections in the industry, attend relevant events, and engage with professionals on platforms like LinkedIn. We can’t stress enough how important it is to make those personal connections that could lead to job opportunities.
✨Tip Number 2
Prepare for interviews by practising common questions and scenarios related to risk and resilience. We recommend doing mock interviews with friends or mentors to boost your confidence and refine your answers. Remember, it’s all about showcasing your expertise in a relatable way!
✨Tip Number 3
Don’t just wait for job postings; be proactive! Research companies you admire and reach out directly to express your interest. We love when candidates take the initiative—show them you’re keen to join their team!
✨Tip Number 4
Follow up after interviews with a thank-you note. It’s a simple gesture that shows your appreciation and keeps you fresh in their minds. We believe this small step can make a big difference in leaving a lasting impression!
We think you need these skills to ace Senior Risk & amp ; Resilience Consultant , Information Security ( Associate )
Some tips for your application 🫡
Tailor Your CV:Make sure your CV speaks directly to the role of Senior Risk & Resilience Consultant. Highlight your experience with ISO/IEC 27001 and Cyber Essentials, and don’t forget to showcase your leadership skills and ability to communicate complex security risks in simple terms.
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to tell us why you’re the perfect fit for this role. Share specific examples of how you've led teams or managed projects in the past, and connect your experiences to the responsibilities outlined in the job description.
Showcase Your Communication Skills:Since this role involves explaining technical issues to non-technical stakeholders, make sure your application reflects your strong written communication skills. Use clear, concise language and structure your documents well to demonstrate your ability to convey information effectively.
Apply Through Our Website:We encourage you to apply through our website for a smoother process. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, you’ll find all the details you need about the position and our company culture there!
How to prepare for a job interview at Barnett Waddingham
✨Know Your ISO/IEC 27001 Inside Out
Make sure you’re well-versed in the ISO/IEC 27001 standards. Be prepared to discuss your previous experiences implementing these standards and how you can guide organisations through the certification process. Use specific examples to demonstrate your expertise.
✨Communicate Clearly and Effectively
Since this role requires translating technical security risks into business-focused terms, practice explaining complex concepts in simple language. Think of scenarios where you’ve successfully communicated with non-technical stakeholders and be ready to share those stories.
✨Showcase Your Leadership Skills
As a Senior Risk & Resilience Consultant, you’ll need to lead a team. Prepare to discuss your line management experience, including how you set objectives, mentor team members, and foster a collaborative culture. Highlight any successful projects where your leadership made a difference.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-world situations. Think about past challenges you’ve faced in information security and how you handled them. Be ready to outline your thought process and the outcomes of your decisions.