Information Security Consultant in Birmingham

We're partnering with a large, complex and highly respected organisation that is continuing to invest heavily in its Information Security and Governance capabilities. As part of this growth, we're looking to appoint an Information Security Consultant with strong ISO 27001 expertise to play a key role in the ongoing development, implementation and maintenance of the organisation's Information Security Management System (ISMS). This is an excellent opportunity to join a business where information security is a genuine strategic priority, working alongside stakeholders across technology, operations, risk, compliance and business functions to drive best practice and ensure continued alignment with ISO 27001 standards.

Reporting into the Information Security function, you'll be responsible for supporting and enhancing the organisation's ISO 27001 framework, helping to embed security controls, improve governance processes and maintain ongoing compliance across the business. You'll work closely with a wide range of stakeholders, providing guidance, conducting audits and supporting continuous improvement initiatives.

Key responsibilities include:

• Supporting the implementation, maintenance and continual improvement of the ISO 27001 Information Security Management System (ISMS).
• Conducting internal ISO 27001 audits and assessments across multiple business functions.
• Working with stakeholders to identify, assess and remediate compliance gaps.
• Supporting external audits and certification activities.
• Reviewing and maintaining security policies, standards, procedures and controls.
• Assisting with risk assessments and risk treatment plans.
• Providing advice and guidance on information security best practice.
• Supporting awareness and training initiatives across the organisation.
• Producing audit reports, findings and recommendations for senior stakeholders.
• Driving continuous improvement across information security governance and compliance processes.

About You

We're looking for someone who combines strong ISO 27001 expertise with excellent stakeholder management skills and the ability to operate effectively within a large, complex environment. You’ll ideally have experience of:

• Implementing, maintaining or auditing ISO 27001 frameworks.
• Managing Information Security Management Systems (ISMS).
• Conducting internal audits and compliance assessments.
• Information security governance, risk and compliance activities.
• Security policy development and control frameworks.
• Working with cross-functional business and technology teams.
• Identifying and managing information security risks.
• Supporting external certification and audit processes.
• ISO 27001 Lead Auditor or Lead Implementer certification.
• Knowledge of NIST, Cyber Essentials, CIS Controls or other security frameworks.
• Experience within large enterprise or regulated environments.
• Understanding of broader cyber security and risk management principles.

What's on Offer?

• Salary up to £55,000.
• Excellent pension and benefits package.
• Exposure to a large-scale, complex technology environment.
• Ongoing professional development and certification support.
• The opportunity to play a key role in shaping and enhancing information security across the organisation.

If you're passionate about information security, governance and compliance, and enjoy working with stakeholders to drive meaningful security improvements, we'd love to hear from you.