Information Security Consultant - UK (SMB)

🔒 Confidential Employer
Posted 28 April 2026
LOCATION
Leeds
TYPE
Full-time
LEVEL
Associate
CATEGORY
Information Technology
This employer holds a UK Home Office sponsor license — sponsorship for this specific role is at the employer’s discretion

SKILLS

GRC consulting Information Security Compliance ISO 27001 SOC 2 NIST Risk assessments Policy development

FULL DESCRIPTION

Information Security Consultant - UK (SMB)

Company: [Employer hidden — view at passion-project.co.uk]

Location: Leeds (Remote)

Work Type: Hybrid

Job Type: Full-time

Experience Level: Associate

About the Role

Our GRC Consulting practice helps organisations strengthen their security posture and achieve compliance through clear, structured, and practical guidance. We work with clients at different stages of maturity, from building foundational security programmes to operating mature, scalable compliance functions.

We are seeking an Information Security Consultant to join our GRC Consulting team. This is a client-facing, delivery-focused role suited to a security and compliance professional who is confident supporting engagements and contributing high-quality advisory services.

As an Information Security Consultant, you will support the delivery of GRC engagements across a range of clients and industries. You will help translate regulatory and framework requirements into practical, business-aligned solutions and work collaboratively with senior consultants and client stakeholders to drive measurable improvements in governance, risk, and compliance.

This role suits someone with strong foundational GRC knowledge, growing consulting experience, and a desire to develop into a trusted security advisor.

Key Responsibilities

Client Delivery & Support:

  • Lead the delivery of GRC consulting engagements across multiple clients and sectors.
  • Contribute to security posture assessments, gap analyses, and maturity reviews.
  • Assist in the design and implementation of GRC programmes aligned to frameworks such as ISO 27001, SOC 2, NIST, and related standards.
  • Support clients through audit preparation, certification processes, and external assessments.
  • Develop remediation plans and assist clients in tracking progress against agreed actions.
  • Participate and lead in client workshops, risk assessments, and stakeholder sessions.

Advisory & Technical Contribution:

  • Support the interpretation of security standards and regulations, translating requirements into practical recommendations.
  • Lead in the development of policies, procedures, risk registers, control frameworks, and governance documentation.
  • Contribute to the design and documentation of security controls and operating models.
  • Help embed compliance activities into operational and technical processes.
  • Conduct risk assessments and maintain supporting documentation.

Quality & Professional Standards:

  • Produce high-quality client deliverables with clarity, accuracy, and consistency.
  • Follow established methodologies, templates, and internal quality standards.
  • Proactively identify areas for improvement within engagements.
  • Manage assigned tasks effectively to meet deadlines and scope expectations.

Requirements

  • 2–5 years’ experience in security, risk, compliance, or GRC-related roles.
  • Practical experience with at least one framework such as ISO 27001, SOC 2, NIST, or similar standards.
  • Experience supporting compliance or assurance initiatives (internal or client-facing).
  • Strong written and verbal communication skills.
  • Ability to manage multiple priorities in a structured and organised manner.
  • Analytical mindset with a pragmatic approach to problem solving.
  • Comfortable working with both technical and non-technical stakeholders.
  • Consulting experience is highly desirable but not essential.
  • Experience with GRC platforms including Vanta is desirable.

What We Offer

  • 25 days of annual leave plus bank holidays
  • Your birthday off
  • £2000 Annual personal training and development budget
  • A high-trust, supportive environment with clear career progression
  • Refer-a-friend bonus scheme (up to £2000)

Why Join Us?

At [Employer hidden], you will be part of a collaborative and innovative team that values your input and shares support. You'll have the opportunity to work on challenging projects that make a real impact on our clients. We'd love to hear from you if you want to challenge, lead and innovate!

We're not just about the work; we're about the people. Join a team where innovation is celebrated and your contributions are valued. We foster a collaborative environment where fresh ideas thrive and professional growth is encouraged.

Applications

We’re always happy to help with questions, but to keep our process fair for everyone, we’re unable to accept applications via email—please apply directly through the job advert page.

Please feel free to reach out to Andrea, our Senior Recruiter, if you would like any further information, to discuss accessibility requirements, or if you require this information provided in an alternative format – [contact hidden].

We welcome applications from candidates from diverse backgrounds and can make various reasonable adjustments to accommodate individual needs.

NO RECRUITMENT AGENCIES, PLEASE

Department

Governance, Risk and Compliance (GRC)

Role

Information Security Consultant

Locations

Leeds HQ

Remote status

Hybrid

CONTACT

Andrea Smith

Senior Recruiter – Human Resources

Sign up free — access 45,000+ UK sponsor-licensed jobs