Senior Information Security Consultant

Job Description Description:Cyber & GRC / Cloud & Audit FocusRole SummaryThe Senior Information Security Consultant is a senior individual contributor role that spans both Cyber Security and Information Security Governance (GRC). The role owns security controls end-to-end and is directly accountable for ISO 27001 and/or SOC 2 audit outcomes, while remaining hands-on across AWS-hosted environments.Key Responsibilities• Own assigned areas of ISO 27001 and/or SOC 2 audits as technical control owner.• Act as primary technical point of contact for auditors, leading walkthroughs and responding to queries.• Define, review, and approve technical audit evidence and drive remediation of findings.• Provide senior hands-on security expertise across AWS (IAM, logging, monitoring, network security).• Own or oversee vulnerability management, including prioritisation, remediation, and audit-ready reporting.• Provide senior input into SIEM, monitoring, and incident response.• Oversee endpoint and SaaS security controls (e.g. Microsoft 365).• Act as a senior technical authority and coach less-senior team members.Requirements:Required ExperienceEssential• Senior experience in a technical information security role.• Direct ownership of ISO 27001 and/or SOC 2 audit controls, including auditor interaction and remediation.• Strong hands-on experience securing AWS-hosted environments.• Practical experience with vulnerability management, SIEM, and monitoring.• Strong judgement and ability to explain technical controls to auditors and engineers.Desirable:• SaaS or cloud-native environments.• Familiarity with NIST CSF or CIS Controls.• Automation or scripting experience.• Relevant certifications (ISO 27001, AWS Security, CISSP, etc.).