IT Security Manager / Consultant

IT Security Manager / Consultant - Inside IR35 - 12 Month initial contract - Hybrid working.

My client, on of the largest producers of ZERO CARBON energy, is seeking an experienced IT Security Manager / Senior Information Security Consultant to provide senior-level leadership, advisory, and delivery across the organisation’s information and cyber security landscape.

The role focuses on security governance, risk management, policy, and programme delivery, working across IT, cyber, personnel security, and wider business functions. A key element of the role will include strengthening the organisation’s approach to insider threat and hybrid risk, in line with HMG and Cabinet Office policy, but this sits within a broader information security remit.

This is not a hands-on SOC role it is a senior, consultative position influencing how security is designed, governed, and assured across a complex, regulated environment.

Key Responsibilities -

Information & IT Security Leadership -

• Provide senior leadership across information and IT security domains
• Act as a trusted advisor to technology, security, and business stakeholders
• Support the development and execution of the organisation’s security strategy and roadmap

Security Governance, Risk & Assurance -

• Define, maintain, and improve information security policies, standards, and frameworks
• Support enterprise security risk management, including risk assessment and prioritisation
• Ensure alignment with regulatory, government, and industry security expectations
• Prepare the organisation for audits, assurance activity, and regulatory scrutiny

Security Programme & Delivery Management -

• Lead or support delivery of security improvement programmes and initiatives
• Manage timelines, dependencies, risks, and stakeholders
• Translate strategic security objectives into achievable delivery plans

Cyber & IT Security Integration -

Work closely with IT and cyber teams to ensure security is embedded in:

• IT operations
• System design and change
• Access control and identity management
• Support alignment between technical security controls and governance requirements
• Insider Threat & Hybrid Risk (Part of Wider Scope)
• Support the development and governance of insider threat and insider risk controls
• Ensure alignment with Cabinet Office and NPSA guidance where applicable
• Promote joined-up working between cyber security, personnel security, and other functions

Stakeholder Engagement & Consulting

• Engage with senior stakeholders across multiple business units or licensees
• Communicate complex security and risk topics to both technical and non-technical audiences
• Provide pragmatic, proportionate security advice that enables the business

Skills & Experience Required -

Essential -

Significant experience in IT security, cyber security, or information security consulting

Strong background in:

• Information security governance
• Risk management
• Policy and standards development
• Experience operating in regulated, complex, or government-aligned environments
• Excellent stakeholder management and communication skills
• Ability to work at both strategic and delivery levels

Desirable -

• Experience as a Security Manager, Senior Security Consultant, or Information Security Lead
• Familiarity with standards and frameworks such as:
• ISO/IEC 27001
• NIST
• Government security policy frameworks
• Exposure to insider threat, personnel security, or hybrid risk domains
• Security clearance (SC) or eligibility

Why Join -

• Work on complex, high-impact security challenges
• Influence security outcomes at organisational and strategic level
• Operate in a nationally important, highly regulated environment
• Deliver meaningful improvements to information and cyber security maturity