Careers >

Information Security Consultant




£50,000 - £65,000

We are seeking an Information Security Consultant to join our growing team.

The role will primarily focus on security governance, risk, compliance and assurance. As such you will need a strong knowledge of GRC and audit concepts. Although not a technical role, an understanding of technical security controls and concepts is required, but we don’t expect you to be an engineer.

You will work with different clients to help them improve their security posture through activities including risk assessments, policy development, threat assessments, compliance with security frameworks and regulations, certification with ISO 27001 and Cyber Essentials, incident response planning, incident response exercises, supplier security due diligence and more.

The Role

Working directly and through our partners, you will support clients in short and medium-term engagements in a variety of consultancy activities (depending on your experience) including:

  • Assessing their security posture or compliance against guidance or specific standards, such as Cyber Essentials, NCSC guidance, the ISO 27001 family, CIS 20 controls, NIS, NIST CSF and NIST Special Publications.
  • Implementing or advising on security frameworks and risk management strategies and work required to help the client comply with or meet specific standards, such as those listed above.
  • Drafting and helping clients to implement security policies, standards, procedures and work instructions.
  • Advising on and assisting with implementation of security governance and assurance activities, steering groups, internal auditing and security testing activities
  • Helping clients to build and implement security incident response capabilities aligned to best practice, including NIST SP 800-61 and ISO 27005.
  • Carrying out risk assessments in line with industry best practice, including ISO 27005; supporting business continuity planning, business impact assessments and IT disaster recovery planning.
  • Delivering threat analysis and risk assessment engagements to help clients identify key threats and actors, key systems, vulnerabilities and provide recommendations.
  • Providing security awareness training and supporting improved security awareness through training and content creation.
  • Advising on security controls to implement and reduce risks to valuable and high-impact information assets.
  • Acting as outsourced / virtual information security manager for clients, including advising their IT team on security strategy.

About You

You’ll have at least 2 year’s experience in client-facing information security consultancy, covering at least some of the activities listed above or have strong in-house security management experience. Most importantly, you’ll be a self-starter who can research standards and best practice and be able to deliver services tailored specifically to clients’ needs rather than standardised services which are cookie cut time and again. Having a good standard of reporting writing is essential.

We’re happy to hear from people with lots of experience and also from candidates with less experience who wish to develop a career in security consulting. If you’re at the less experienced end, we’ll expect you to be a fast learner and to develop through a combination of mentoring, training and, most importantly, self-study and development.

You will also ideally have some of the following knowledge:

  • A working understanding of key security frameworks, including Cyber Essentials, ISO 27001 and NIST CSF
  • Awareness of PCI DSS, GDPR and the Data Protection 2018
  • Awareness of the NIS Directive / Regulations
  • An understanding of security risk management, governance and how security policies and procedures are implemented
  • An understanding of common security threats, vulnerabilities and common technical controls
  • An understanding of TCP/IP networks, computers, web technologies and security testing
  • Some understanding of secure software development practices

Whilst not essential, you will ideally have attained one or more recognised security certifications, which could include:

  • Security +
  • CISM
  • ISO 27001 Lead Implementer
  • ISO 27001 Lead Auditor

About Us

Evalian is a fast-growing consultancy business specialising in data protection, cyber security, penetration testing and ISO certification. Founded in 2018, we have grown to a team of 23 employees working remotely or from our office near Winchester in Hampshire.

The Package

The salary will depend on your experience and qualification but will be in the range of £50,000 – £65,000 and a range of benefits, including life assurance, medical insurance, dental cashback and pension.

Location & Minimum Requirements

We’re happy to hear from consultants from across the UK provided you can work effectively from home and are willing to travel to client sites (when permitted). If you are home-based, you’ll need to have a dedicated working area and a reliable internet connection.

You will need to have a driving licence and access to a car that you can use for work purposes.

Application Form

Accepted file types: doc, docx, pdf, Max. file size: 20 MB.
< All Careers