Information Security Consultant (CAF Assessments) - SC Cleared

Hybrid working (Mainly remote, with UK client visits when required)

Salary - Circa £60k

Start Date ASAP - Looking for candidates ideally with a 1-month maximum notice period

Our client is a new kind of cyber security consultancy – built from the ground up by practitioners with military and defence backgrounds, with a culture that reflects it. Disciplined, direct, mission-focused and deeply competent. We are a startup, which means the team is small, the work is real, and the people who join now will help define what we become. If you want a role where you can see the impact of your work, have a genuine say in how things are done, and build something alongside people who take both quality and each other seriously – this is worth reading on.

The role:

• Four days a week you will be leading and supporting Cyber Assessment Framework (CAF) engagements across central government – working remotely with clients the majority of the time, with occasional travel to UK client sites as required.
• You will assess compliance against NCSC CAF objectives and indicators of good practice, identify and characterise gaps, and produce clear, actionable reports and remediation roadmaps.
• The fifth day is structured time for business development or wider delivery work – contributing to bids, supporting pre-sales conversations, or flexing into other cyber advisory work as the practice grows.
• Because we are a startup, you will also have the chance to help shape our methodology, sharpen our tooling and build the foundations of something lasting.

What you will be doing:

• Conducting end-to-end CAF assessments across central government clients, covering all four CAF objectives and associated indicators of good practice – primarily remote, with occasional on-site visits.
• Engaging with senior stakeholders – SROs, CISOs and technical leads – to gather evidence, validate findings and present outcomes clearly.
• Writing high-quality assessment reports, gap analyses and prioritised improvement plans that clients can actually use.
• Contributing to business development – writing proposal content, attending client conversations and helping win new work alongside senior colleagues.
• Helping build the practice – refining internal methodologies, templates and tooling as we grow and scale.
• Flexing into broader delivery on your BD/delivery day – drawing on skills across risk, governance, architecture or assurance depending on where we need you.

What we are looking for:

• Hands-on experience conducting NCSC CAF assessments – you have done this for real, not just studied the framework.
• 3-5 years Cyber Security experience.
• Public Sector/Government experience.
• Solid grasp of the CAF objectives, indicators of good practice and the broader UK government cyber security landscape.
• Comfortable working independently and remotely – self-directed, organised and reliable without needing close oversight.
• Willing to be flexible – a startup means occasional shifting priorities, and the right person sees that as opportunity, not disruption.
• Current or eligible for SC clearance (active clearance strongly preferred).
• Strong written communication – producing reports that are accurate, structured and genuinely useful.

• Relevant certifications – CISSP, CISM, CCP (Lead Assessor or equivalent) or other NCSC-recognised qualifications.
• Background in or exposure to military, defence or government security – you will fit right in.
• Broader assurance or risk experience across ISO 27001, NIST, GovAssure or similar frameworks.
• Experience in a consulting or early-stage business – you know what it means to help build something, not just execute inside it.

What you can expect from the client:

• A small, capable team that operates with high standards, low ego and genuine mutual respect.
• Primarily remote working with the flexibility that brings – and infrequent, predictable UK travel when clients need you on site.
• Real influence – you will not be employee number 500. What you build here, and how you build it, will matter.
• Ongoing professional development and certification support.