Senior Cyber Security Consultant - Audit

We are seeking an experienced Senior Cyber Security Specialist / Auditor to join a high performing Security Practice in Bristol, specialising in Cyber Assessment Framework (CAF) compliance and assurance. You’ll work across multiple projects within both public and private sector organisations, taking the lead on day-to-day client engagement and delivering high-quality security audits and assessments. You will also be comfortable identifying new opportunities, supporting bids, and contributing to presales activities where required.

Due to the secure nature of the projects UK SC Clearance is required, with experience working on secure projects with MoD or Government clients. As well as sole UK National status to work in this environment.

The office location is Bristol with hybrid working 1-2 days per week, which could include occasional travel to sites in Chippenham and Exeter within the 1-2 days.

The role:

• Conduct comprehensive cyber security audits aligned to NCSC CAF and other recognised frameworks.
• Assess organisational security posture across the full system lifecycle, ensuring
  compliance and identifying areas for improvement.
• Produce clear, actionable audit reports and recommendations for technical and
  non-technical stakeholders.
• Facilitate workshops and assurance reviews with business leaders and diverse
  project teams.
• Act as a trusted advisor, supporting clients in developing and maintaining secure
  systems and managing complex security risks.

What you’ll bring:

• Ability to lead audits, engage stakeholders, and communicate findings effectively.

• Proven expertise in Cyber Security Auditing, with strong knowledge of:

• NCSC Cyber Assessment Framework (CAF).

• ISO 27000 series, NIST Cyber Security & Risk Management Frameworks.

• Legacy IA standards and NCSC guidance.

Familiarity with MOD security frameworks (e.g., JSP 453, JSP 440, JSP 902, DEFCON
659A). Technical understanding of:

• Defensive Cyber principles.
• Enterprise Architecture and Secure Systems.
• Network & Cloud Security, System Hardening.
• Cryptographic Controls (PKI, Data at Rest/In Transit).
• Protective Monitoring and Security Assurance.

Qualifications:

Essential

• CISSP, CISM, or another industry recognised cyber security certification.

Desirable

• Membership of the Chartered Institute of Information Security (CIISec) at an appropriate level – highly desirable.
• Professional Registration via the UK Cyber Security Council for Audit and
  Assurance.

If you’re an expert in Cyber Security audit and compliance, and want to work as a true customer-facing security consultant, we’d love to hear from you.