Information Security Consultant, Senior Risk & Resilience Consultant

We have an exciting, permanent opportunity for a Senior Risk & Resilience Consultant / Information Security Consultant to join any of our 11 UK offices (hybrid working) as we continue to grow following the Howden acquisition. We are looking for an experienced Information Security Consultant to support our clients in improving their security posture and achieving recognised certifications. This role is hands-on and client-facing.

You will guide organisations through the implementation and internal audit of ISO/IEC 27001, lead them through the Cyber Essentials certification process, and help build security awareness across the business. You will also support clients in understanding and managing third-party security risks, responding to assurance requests, and making informed decisions about risk. A key part of the role is the ability to explain information security risks in a meaningful way that relates directly to business impact, enabling stakeholders to make clear, informed decisions.

Responsibilities

• Lead and support clients through the implementation of ISO/IEC 27001, from gap analysis to readiness for certification.
• Plan and conduct internal audits against ISO/IEC 27001, including reporting findings and recommending improvements.
• Guide organisations through the Cyber Essentials and Cyber Essentials Plus certification process.
• Design, review, and improve information security policies, processes, and controls that are proportionate and practical.
• Explain information security risks to stakeholders in clear, business-focused terms, linking technical issues to business impact such as operational disruption, financial loss, regulatory exposure, or reputational damage.
• Deliver information security training and awareness sessions to staff at different levels of the organisation.
• Tailor training content to suit technical and non-technical audiences.
• Support and guide clients in the event of an information security incident, helping them understand next steps, containment, and reporting obligations.
• Support clients with third-party security assessments, including responding to customer security questionnaires; assessing supplier security posture and risks; advising on proportionate assurance and risk treatment approaches.
• Manage security projects, including planning, tracking progress, managing risks, and meeting deadlines.
• Act as a trusted advisor, translating security requirements into clear business actions.
• Facilitate workshops and meetings with stakeholders ranging from operational teams to senior leadership.
• Produce clear, well-structured documentation and reports suitable for both technical and non-technical audiences.
• Support continuous improvement of clients’ information security management practices.

Qualifications

• Proven experience implementing ISO/IEC 27001 within an organisation or as a consultant and performing or supporting internal audits against ISO/IEC 27001.
• Practical experience guiding organisations through the Cyber Essentials certification process.
• Experience delivering information security training or awareness sessions.
• Experience supporting or responding to third-party security assessments or questionnaires.
• Demonstrated ability to communicate information security risks in business terms, not just technical language.
• Excellent understanding of information security risk management and controls.
• Experience managing projects, including timelines, dependencies, and stakeholder expectations.
• Excellent communication skills, both written and verbal with confidence engaging with people at all levels of an organisation, including senior management.
• Experience with data protection and privacy, such as UK GDPR or EU GDPR.
• Experience supporting organisations during security incidents or data breaches.
• Experience assessing supplier risk or working with vendor risk management processes.
• Experience with supporting organisations with Business Continuity planning (ISO 22301).
• Relevant certifications (e.g. ISO 27001 Lead Implementer, Lead Auditor, Cyber Essentials Assessor, CISM, CISSP).
• Previous consultancy or client-facing experience.

What’s in it for you

• Competitive discretionary annual bonus.
• Core benefits paid for by BW including life assurance, group income protection, private medical cover and 25 days holiday per year with holiday trading.
• A generous pension scheme where we contribute 8% of your salary from day one of your employment.
• Employee Assistance Programme to support you and your family through any concerns or challenges you may experience.
• A comprehensive range of voluntary benefits to suit you (and your family) including an electric car leasing scheme, tech scheme, cycle to work scheme, dental cover, healthcare cash plan, health assessments, critical illness cover, extension of private medical cover or life assurance to family members, Sports Allowance – we pay up to 50% of your gym/sports membership (up to £50 pm), travel insurance, paid volunteering, and a broad range of discounts at hundreds of retailers including supermarkets, fitness centres, travel and leisure companies.

We are a Disability Confident Employer. If you reasonable adjustments could support you, or if you would like more information on accessibility, please click here.