Company

Our client is an established UK-based cyber security consultancy delivering a mix of technical assurance, information security, PCI DSS, ISO 27001 and advisory services.

The company’s service offering includes PCI DSS compliance, QSA-led assessments, ISO 27001 consulting, gap analysis, policy development, risk assessment, remediation support and ongoing consultancy.

This is a hands-on consulting leadership role within a small, specialist cyber consultancy. It is not a detached corporate governance position.

Role Overview

Our client is looking for a Head of Information Security to lead and grow its information security, PCI DSS and ISO 27001 consulting capability.

The role will focus on delivering and overseeing client advisory work across PCI DSS, QSA assessments, ISO 27001, ISMS, risk, compliance and security governance.

The successful person will act as a senior advisor to clients, lead engagements, support commercial conversations and help build a more structured and scalable assurance practice.

This would suit someone from a consultancy background who has worked as a Senior Information Security Consultant, PCI QSA, ISO 27001 Lead Auditor, GRC Lead, Principal Consultant or Head of Information Security Consulting.

Key Responsibilities

• Lead client engagements across PCI DSS, ISO 27001, ISMS and broader information security advisory

• Act as a senior consultant and trusted advisor to clients

• Deliver or oversee PCI DSS assessments, gap analysis, remediation planning and compliance roadmaps

• Support ISO 27001 readiness, implementation, audit preparation and ISMS improvement

• Provide practical, commercially aware advice rather than purely checklist-based compliance

• Review and improve consulting methodology, templates, reporting and delivery quality

• Support pre-sales, scoping, proposals and client meetings

• Manage and mentor consultants involved in information security and compliance work

• Help build a more mature, consistent and scalable assurance practice

• Work with leadership on service development, client retention and growth opportunities

Key Experience

• Strong background in information security consulting, GRC or security assurance

• PCI DSS experience is essential

• QSA status, previous QSA status or strong PCI assessment experience would be highly desirable

• ISO 27001 / ISMS experience, ideally including Lead Auditor or Lead Implementer exposure

• Experience working with clients on gap analysis, risk assessment, remediation and compliance improvement

• Strong understanding of security governance, policies, controls and audit readiness

• Ability to lead client conversations with senior technical and non-technical stakeholders

• Consultancy experience preferred

• Comfortable balancing delivery, advisory, quality control and commercial support

Ideal Profile

The ideal person is a senior information security consultant who can combine hands-on advisory delivery with practice leadership.

They should be credible with clients, strong on PCI DSS and ISO 27001, and able to help organisations understand what they need to fix, why it matters and how to get there practically.

This is not just a governance role. It needs someone who can consult, lead, advise, support commercial conversations and help build the capability around them.

While the role is not purely commercial, it will carry delivery-linked revenue targets alongside client delivery and client expansion objectives. The successful person will be regarded as contributing revenue to the business, rather than being purely delivery-focused.