Cyber Security Consultant

Who are we looking for?

With increasing demand for the governance, risk, and compliance (GRC) work delivered by Principle Defence, the team is expanding to strengthen its consulting capability. This role centres on a pragmatic, GRC-focused approach, grounded in best-practice balanced with empathy when working with clients. It suits someone with strong experience across cyber security, risk management, and regulatory compliance, who is comfortable operating in client-facing environments.

The work involves engaging with senior stakeholders, translating technical and regulatory requirements into clear, actionable guidance, and building trusted relationships. The emphasis is on helping organisations improve their security and resilience in a way that aligns with real operational and business constraints.

Requirements

The role sits within Principle Defence’s wider consulting practice. Your primary focus will be the delivery of GRC services to our clients, while also supporting the broader consulting team across a range of cyber security engagements. These may range from a focused risk or gap assessment through to the design and implementation of a full information security management system to support organisations seeking certification against appropriate international standards.

Our clients operate across a variety of sectors, including critical national infrastructure, highly regulated industries, and complex enterprise environments. Engagements often involve working with organisations at very different stages of security and compliance maturity.

The services you will contribute to are varied and include:

• Supporting clients to transition towards a more mature, sustainable cyber security and risk management posture, sometimes from a low initial baseline.
• Helping clients implement and align to recognised frameworks, standards, and regulatory requirements, such as ISO/IEC 27001, NIST, NIS2, CAF, and other relevant industry or regulatory guidance.
• Delivering cyber risk assessments, gap analyses, and governance reviews, and supporting risk prioritisation and treatment planning.
• Designing and embedding security governance structures, policies, standards, and processes that are practical and proportionate.
• Providing assurance over cyber security transformation programmes and major change initiatives.
• Supporting clients in preparation for audits, certifications, and regulatory assessments.
• Translating technical and regulatory requirements into clear, actionable guidance for senior stakeholders.
• Building and maintaining trusted client relationships through clear communication and pragmatic advisory support.

What we’re looking for

• An understanding of enterprise IT environments and how cyber security, risk, and compliance considerations apply across people, process, and technology.
• Understanding of common cyber security risks, control types, and assurance approaches within complex organisational environments.
• Awareness of the differing priorities between security, business operations, and regulatory compliance, and how to balance these effectively.
• Knowledge of cyber security and risk frameworks and standards, including but not limited to ISO/IEC 27001, NIST CSF, NIST SP 800-53, NIS2, and other relevant regulatory or industry guidance.
• Awareness and understanding of the evolving cyber threat and regulatory landscape.
• Ability to understand and articulate the business, operational, and regulatory impacts of cyber security incidents.
• Experience in performing cyber risk assessments, gap analyses, and control maturity assessments.
• Familiarity with governance artefacts such as risk registers, policies, standards, audit evidence, and assurance documentation.
• Experience working within a regulated or complex industry sector.
• Strong verbal communication skills and high-quality technical and professional authoring capability.

About Us: 

Principle Defence is an information security and data protection consultancy and training provider. It was founded in 2021 with a vision to “end bad security and privacy” by demonstrating how security can integrate with business and organisational goals to enable growth, rather than hinder it. 

We are continuing to grow and are looking for a consultant who can provide consultancy services to clients in a range of sectors. We are accredited to deliver professional training on behalf of a range of qualification bodies including the British Computing Society (BCS), APMG and Open Group and have been recognised by the National Cyber Security Centre (NCSC) as a specialist Cyber Advisor for Cyber Essentials.  

Benefits

• 28 Days Holiday (Inc Bank Holidays)
• Remote & Flexible Working (around core office hours)
• Company Pension
• Dedicated Training Budget

Location: Principle Defence operates a remote working policy, however you will be required to travel to different sites on occasion.

Principle Defence values diversity and is committed to being a fair and equal opportunity employer. We strive to create an inclusive working environment where our people are respected, supported, and able to give their best. Our aim is to build a team that reflects the diversity of the communities we serve and brings a broad range of perspectives, experiences, and ideas to our work.