Senior Information Security Consultant

Cyber & GRC / Cloud & Audit Focus

Role Summary

The Senior Information Security Consultant is a senior individual contributor role that spans both Cyber Security and Information Security Governance (GRC). The role owns security controls end-to-end and is directly accountable for ISO 27001 and/or SOC 2 audit outcomes, while remaining hands-on across AWS-hosted environments.

Key Responsibilities

• Own assigned areas of ISO 27001 and/or SOC 2 audits as technical control owner.

• Act as primary technical point of contact for auditors, leading walkthroughs and responding to queries.

• Define, review, and approve technical audit evidence and drive remediation of findings.

• Provide senior hands-on security expertise across AWS (IAM, logging, monitoring, network security).

• Own or oversee vulnerability management, including prioritisation, remediation, and audit-ready reporting.

• Provide senior input into SIEM, monitoring, and incident response.

• Oversee endpoint and SaaS security controls (e.g. Microsoft 365).

• Act as a senior technical authority and coach less-senior team members.

Required Experience

Essential:

• Senior experience in a technical information security role.

• Direct ownership of ISO 27001 and/or SOC 2 audit controls, including auditor interaction and remediation.

• Strong hands-on experience securing AWS-hosted environments.

• Practical experience with vulnerability management, SIEM, and monitoring.

• Strong judgement and ability to explain technical controls to auditors and engineers.

Desirable:

• SaaS or cloud-native environments.

• Familiarity with NIST CSF or CIS Controls.

• Automation or scripting experience.

• Relevant certifications (ISO 27001, AWS Security, CISSP, etc.).