IT Security Manager / Consultant - Inside IR35 - 12 Month initial contract - Hybrid working.
My client, on of the largest producers of ZERO CARBON energy, is seeking an experienced IT Security Manager / Senior Information Security Consultant to provide senior-level leadership, advisory, and delivery across the organisation's information and cyber security landscape.
The role focuses on security governance, risk management, policy, and programme delivery, working across IT, cyber, personnel security, and wider business functions. A key element of the role will include strengthening the organisation's approach to insider threat and hybrid risk, in line with HMG and Cabinet Office policy, but this sits within a broader information security remit.
This is not a hands-on SOC role it is a senior, consultative position influencing how security is designed, governed, and assured across a complex, regulated environment.
Key Responsibilities -
Information & IT Security Leadership -
Provide senior leadership across information and IT security domains
Act as a trusted advisor to technology, security, and business stakeholders
Support the development and execution of the organisation's security strategy and roadmap
Security Governance, Risk & Assurance -
Define, maintain, and improve information security policies, standards, and frameworks
Support enterprise security risk management, including risk assessment and prioritisation
Ensure alignment with regulatory, government, and industry security expectations
Prepare the organisation for audits, assurance activity, and regulatory scrutiny
Security Programme & Delivery Management -
Lead or support delivery of security improvement programmes and initiatives
Manage timelines, dependencies, risks, and stakeholders
Translate strategic security objectives into achievable delivery plans
Cyber & IT Security Integration -
Work closely with IT and cyber teams to ensure security is embedded in:
IT operations
System design and change
Access control and identity management
Support alignment between technical security controls and governance requirements
Insider Threat & Hybrid Risk (Part of Wider Scope)
Support the development and governance of insider threat and insider risk controls
Ensure alignment with Cabinet Office and NPSA guidance where applicable
Promote joined-up working between cyber security, personnel security, and other functions
Stakeholder Engagement & Consulting
Engage with senior stakeholders across multiple business units or licensees
Communicate complex security and risk topics to both technical and non-technical audiences
Provide pragmatic, proportionate security advice that enables the business
Skills & Experience Required -
Essential -
Significant experience in IT security, cyber security, or information security consulting
Strong background in:
Information security governance
Risk management
Policy and standards development
Experience operating in regulated, complex, or government-aligned environments
Excellent stakeholder management and communication skills
Ability to work at both strategic and delivery levels
Desirable -
Experience as a Security Manager, Senior Security Consultant, or Information Security Lead
Familiarity with standards and frameworks such as:
ISO/IEC 27001
NIST
Government security policy frameworks
Exposure to insider threat, personnel security, or hybrid risk domains
Security clearance (SC) or eligibility
Why Join -
Work on complex, high-impact security challenges
Influence security outcomes at organisational and strategic level
Operate in a nationally important, highly regulated environment
Deliver meaningful improvements to information and cyber security maturity