Home
Jobs
Grant Thornton UK
Interim Cyber Security Auditor

Interim Cyber Security Auditor

Hybrid

Manchester, United Kingdom

£ 90 / hour

Freelance

13-03-2025

Share this job:

Score my CV Apply

Job Specifications

Location: Manchester and the North West
Role: Agile Talent Community Position - Future Assignments once Onboarding is Completed
Engagement Route: Dependent Worker (PAYE)
Day Rate: £450 - £650 per day

Who we are
Grant Thornton’s Agile Talent Community is a network of contract professionals, giving you the opportunity to work with our clients alongside Grant Thornton teams on a project-by-project basis whilst being supported by our dedicated Agile Talent team.

About The Role
Grant Thornton's Technology Risk Services team (TRS) provides the advice necessary to help clients manage risk associated with their use of technology. Our professionals can deliver objective, value-added solutions that will enable clients to strengthen internal controls and governance processes, implement sound organisational strategies, increase technological capabilities and improve their operational efficiency. TRS is part of Grant Thornton's Business Risk Services (‘BRS’) department, who provide internal audit and risk advisory services to the FTSE 250, large and complex Corporates, international and major charities and not-for-profit organisations, and central government departments.

Joining the Agile Talent Community as an Interim Cyber Security Auditor, you will have the freedom to work on projects that you choose, whether full or part-time within the FAAS team and support our clients and internal teams on short to medium-term assignments.

Skills we are looking for
Experience working within Industry, in a company with an Annual Turnover of a minimum of over £50m+, ideally within a listed FTSE Business.
Experience delivering Cyber Security Audits. Essential.
Exposure to Data Privacy/GDPR and/or IT Audits would also be beneficial.
Understanding of Security Frameworks such as ISO 27001, NIST CSF, CIS or PCI DSS
The minimum criteria you’ll need is a professional qualification (CISA, CISM, COBIT, PRINCE2, ACCA, etc.) with post qualification experience

How to join
You’ll first apply by sending us your CV. If your skills match what we are looking for, one of our recruiters will get in touch and walk you through the interview process. If there’s interest to continue, we’ll invite you to an interview with some of our key business leads. If successful, the final step will be to complete the onboarding process and background checks.

We strive to ensure all our information, products, and services are accessible to everyone. If you need any adjustments to our processes to help you apply for our roles, please get in touch with the Agile Talent Team to discuss: agiletalentteam@uk.gt.com.

About the Company

What does business need now? An adviser that offers a different experience. A better experience. One that delivers technical expertise and a service that goes beyond. Personal, proactive, and agile. That’s Grant Thornton. We are the UK member firm of a global network that employs 58,000 people in 135 countries. We combine global scale with local insight and understanding to give you the assurance, tax, and advisory services you need to realise your ambitions. We go beyond business as usual, so you can too. We make busines... Know more

Related Jobs

Company Name: Sanderson
Job Title: Lead AWS Security Engineer/Architect - Outside IR35 - Remote
Job Description: Lead AWS Security Engineer/AWS Security Architect - Outside IR35 - Remote First - FTSE100 Financial Services Contract Details: Day Rate: £600 - £650per day (Outside IR35) Arrangement: Remote (Primarily remote, with occasional on-site visits when required - no more than 2x per month) Length: Initial 6-month contract with high potential for further extensions. We are seeking a highly skilled AWS Tech Lead/Security Architect to join a dynamic, high-performing team. This role is a 60/40 split, with a heavier focus on hands-on technical delivery while also providing leadership and guidance to the engineering team. You will work closely with the Enterprise Architect to design and expand the Threat Modelling and Assurance functions across multiple AWS environments. Key Responsibilities: Act as the subject matter expert (SME) in AWS security, driving DevSecOps capabilities across multiple AWS-heavy environments. Design and implement security solutions leveraging AWS security tools such as GuardDuty, ControlTower, CloudTrail, Security Hub, and more. Provide expertise in Threat Modelling, Security Assurance, and Auto-Remediation techniques. Collaborate with the Enterprise Architect to design and enhance secure cloud environments. Contribute to the development of Threat Modelling and Assurance frameworks. Guide teams in designing secure infrastructure solutions with a focus on networking, IAM, and data protection. Serve as the go-to technical lead for engineers, providing mentorship and guidance. Lead stand-ups, manage Jira boards, and ensure smooth collaboration between engineering and architecture teams. Act as a bridge between the developers and senior stakeholders, effectively communicating technical challenges and solutions. Apply deep expertise in Infrastructure, Networking, and IAM Security with a strong emphasis on AWS. Lead and manage multiple security projects and ensure best practices are followed. Oversee security assurance efforts to ensure compliance and mitigate potential risks. Communicate effectively between development teams and architects to ensure seamless project delivery. Provide technical leadership in high-pressure situations, driving decision-making and ensuring timely resolution of issues. Key Requirements: Proven experience as an AWS Security Architect or Tech Lead in organisations with large-scale AWS environments. Hands-on expertise in AWS security tools such as GuardDuty, ControlTower, CloudTrail, Security Hub, etc. Strong background in Infrastructure, Network, and IAM Security with a focus on cloud environments. Experience with Threat Modelling and Security Assurance Demonstrated ability to mentor and guide teams, manage Jira boards, and run stand-ups. Excellent communication skills, with the ability to act as a spokesperson between engineering and architecture teams. Important Note: This role may NOT suitable for professionals whose primary expertise lies in Infrastructure, Network, or IAM Engineering/Architecture. Similarly, an AWS DevOps Engineer with a strong infrastructure focus, or a DevSecOps Engineer with limited design and architecture experience, would not be the right fit. A deep and comprehensive understanding of AWS Security, with hands-on technical expertise, is essential. Additionally, candidates with a background predominantly focused on Azure or GCP would not align with the requirements, as this role demands specialised AWS Security knowledge rather than a generalist cloud security skill set. Nice-to-Have Skills: Experience with Kubernetes Security. Knowledge of additional security frameworks and compliance standards. AWS Security Certification Experience within auto-remedia

Bristol, United Kingdom

On site

Freelance

24-03-2025

Company Name: BACB plc
Job Title: Information Security Manager
Job Description: About Us BACB is a UK bank that offers trade finance and investment expertise to clients in specialist markets, especially Africa and the Middle East We have been helping businesses with trade finance and complementary products for over half a century, focusing on trade flows to and from Africa and the Middle East as well as real estate in the UK. Our in-depth knowledge of the countries and practices where our clients operate ensures that we put them first. Additional Info Hybrid Working: 3 days onsite, 2 from home Location: City of London Contract Type: Fixed Term Contract Contract Length: 12 months Job Summary Reporting to the Head of Operational Risk and working closely with the Head of Information Security, the role will support in managing the Bank’s Second line of Defence (2LOD) for cyber security, assuring compliance with the Bank's Information Security Policies and Standards and overseeing the effective implementation of security controls through engagement with the Bank’s cyber security operations team (1LOD). Key Work Outputs and Accountabilities Supporting the management of the Bank’s Cyber Security function maintaining compliance with our NIST based cyber security framework. Responsible to Head of Operational Risk for Information Security RCSA framework, in particular regulatory compliance, and tolerated risk exposure. Act as Cyber Security expert within the Second Line of Defence (2LOD), providing advice and guidance to 1LOD on best practice cyber security and to business driven change activity. Working with the Bank’s Enterprise Architect to ensure solutions are delivered in accordance with BACB’s IT Security policies and Standards Ensure the Bank can effectively respond and recover from Cyber Security Incidents. Working with the Head of Information Security on ways to defend the Bank from current cyber threat landscape, identifying emergent threats and recommending innovative controls and mitigations. Work together with the 1LOD and provide evidence that IT Security operations are within risk tolerances (e.g., Evergreen IT, Patching, Vulnerability scanning and Pen Testing) (supported by a 2nd member of the 2LOD team) Oversee compliance with the Bank’s cyber security standards and policies liaising with CIO (1LOD) where responsibility spans Lines of Defence. Maintain security performance metrics/ KPIs, recommending improvements where appropriate. Effective use of specialist tools and logging to review the Bank’s cyber status and perform requested “deep dives” as necessary as well as define automated alerting mechanisms, ensuring that these alerts can be assessed and investigates independently by 1LOD and 2LOD. Engaging with the CIO and the Head of Information Security to ensure that sufficient/ effective cyber defences are implemented, giving the Bank value for money for any procured Cyber Security solutions, including Cyber Risk Insurance. Responsibility for the effective bank-wide cyber security training and awareness. Required Qualifications and Experience Educated to degree level (or equivalent), possessing at least one security accreditation (e.g., CISM or CISSP) Good working knowledge of cyber security standards (i.e. NIST, ISO 27001, Cyber Essentials, GDPR). Previous experience in the practical use and management of products such as Defender, Darktrace and Mimecast IT security management knowledge, skills, and experience. Familiarity of firewall rulesets and the requirements for effective cyber defence. Familiar with the Microsoft stack from Desktop products to server products to Azure Working in Financial Services or another regulated market, such as aviation or energy. Managing the delivery of an organization-wide information security related strategy Knowledgeable in common Data Leakage reasons and effective prevention. Working with on premise, public and/or hybrid cloud environments Conducting security-based investigations, the management of such inquiries and liaison with external BACB engaged investigation parties.

London, United Kingdom

On site

Freelance

24-03-2025

Company Name: Caravan and Motorhome Club
Job Title: Data Security Compliance Advisor - 12 months FTC
Job Description: Key Tasks / Accountabilities Be primarily responsible for the end to end process of fulfilling data subject requests made under the UK General Data Protection Regulation (UK GDPR), such as subject access requests and erasure requests, as well as requests for information from other organisations, such as law firms, law enforcement or government departments. Build on existing internal documentation and communications regarding the data subject request process so that: Other departments are clear about their responsibilities, and The Data Security Compliance Team handles requests in the most structured, efficient and cost effective manner possible, while complying with UK data protection legislation and meeting legal deadlines. Work with members of the team on the development and integration of tools involved in the data subject request process, such as the OneTrust Privacy Rights Automation module and other internal platforms. Share the responsibility to conduct reviews of existing assessment and accountability processes and work with business stakeholders to create new ones where required. Assist with the recommendation of improvements to achieve compliance and reduce risk and help to ensure the delivery of agreed recommendations. Examples of processes are: Data Protection Impact Assessments (DPIAs) Legitimate Interest Assessments (LIAs) Legal Basis for Processing Checklists Records of Processing Activities (ROPA) Assist with the optimisation of the above record, list and assessment processes and the continual improvement of associated documentation. Contribute to the application of Club wide processes such as Data Protection by Default and by Design, working with business teams and the IS department as necessary. Assist in the refresh and communication of the Club's Data Security Policy set. Contribute to the development and execution of data protection and data security training, awareness campaigns and eLearning training rollouts. Support the DPO in ensuring the importance of data security compliance is appropriately communicated across the Club by assisting with the production of Club communications as well as articles and guidance for the team’s intranet presence. Assist with the production of well written and carefully considered advice and guidance in response to data protection and data security enquiries, both internal and external. Be willing to take on ad hoc challenges and find solutions for implementation. Represent the team in meetings and for projects and initiatives, where required. Attend industry events, conferences and seminars to keep up to date with the threat landscape and any upcoming legislative change. Essential Skills & Experience Required Strong knowledge and experience of current and upcoming UK data protection law, e.g. the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Privacy and Electronic Communication Regulations (PECR) and familiarity with guidance published by the Information Commissioner’s Office. One or more recognised data protection qualifications, e.g. UK GDPR Practitioner, CIPP/E, CIPM. Extensive experience of fulfilling data subject requests made under the UK GDPR. Experience of working in a team where providing guidance and advice about UK data protection law to internal and external stakeholders is a primary focus. Proven experience in handling confidential and sensitive information. First rate planning and organisation skills with the ability to manage conflicting priorities while meeting tight deadlines. Must have the ability to work well under pressure while maintaining discretion. Ability to work with minimum supervision, as well as collaboratively and flexibly with others to achieve team objectives. Excellent written English coupled with clear and articulate verbal communication skills. Methodical, with a high attention to detail and accuracy. Highly motivated and focused with a desire to help, use initiative and add value. Confident general IT skills, ideally primarily with use of Google Workspace and Adobe Acrobat Pro (see below) but as a minimum, with Microsoft Office / O365 software suites. Desirable Skills & Experience Highly proficient use of Google Workspace (Gmail, Drive etc), Microsoft Office (Outlook, Word and Excel in particular) and use of the redaction tools and other key features in Adobe Acrobat Pro. Familiar with information security best practice, e.g. ISO 27001, Cyber Essentials. Awareness of payment card industry standards and requirements, i.e. Payment Card Data Security Standard (PCI DSS). The Caravan and Motorhome Club is committed to employing a diverse workforce. All applications are treated equally and we recruit purely on the basis of skills and experience. We know our greatest strength is our people, so differences are celebrated, and we strive to create an environment where colleagues feel respected and valued for their unique potential.

East Grinstead, United Kingdom

On site

Freelance

20-03-2025

Company Name: Technology Solutions Central
Job Title: Cybersecurity Trainer – Cyber Essentials & ISO 27001 (Freelance)
Job Description: We are looking for a Cybersecurity Trainer to deliver high-impact training programs on Cyber Essentials, ISO 27001, and executive security awareness. Responsibilities: i. Deliver virtual or in-person Cyber Essentials & ISO 27001 training to business clients. ii. Conduct penetration testing workshops for IT teams. iii. Train executives on cyber risk management & compliance (GDPR, FCA, NHS DSPT). iv. Develop course materials & practical cybersecurity case studies. v. Assist clients in passing cybersecurity compliance audits. Requirements: Certified in Cyber Essentials, ISO 27001, GDPR, or Penetration Testing. Experience in training IT teams, CEOs, and compliance officers. Strong presentation & teaching skills. Ability to create engaging training materials. How to Apply: Submit your resume & training portfolio. We are hiring immediately – Apply Now!