Job Description

Information Security & Resilience Consultant in London

Apply

Location

London

Salary

Negotiable

Contract

Contract

Information Security & Resilience Consultant - M&A

6-Month contract - Inside IR35 - up to £500 per day

Hybrid working - 2 days a week onsite - either London or Bradford based

We are seeking two highly skilled, hands-on Contract Information Security & Resilience Consultants to support several critical, high-priority strategic initiatives.

In this dual-role, you will be responsible for executing rigorous security due diligence on upcoming M&A activities, maintaining and maturing our Information Security Management System (ISMS) compliance frameworks, and driving our Business Continuity and Resilience programs.

Key Responsibilities

  1. M&A Security Due Diligence

Due Diligence Assessments: Conduct comprehensive cybersecurity risk assessments and security due diligence on target acquisition companies.

Control Evaluation: Review target company security controls, policies, third-party assurance reports (e.g., SOC 2, ISO certifications), and historical security incident logs.

Identify deal-impacting risks, quantify remediation effort (cost/timeline ranges), and advise on onboarding security priorities.

Integration Roadmapping: Identify risk areas and formulate actionable post-acquisition security integration roadmaps and transition plans.

  1. Information Security Standards & Compliance (ISO 27001 & SOC 2)

Framework Governance: Assess, maintain, and mature existing security frameworks aligned with ISO/IEC 27001 and SOC 2 Type II.

Develop and maintain information security policies, standards, and procedures aligned to these standards and business objectives.

Run security risk assessments, update risk registers, and drive risk treatment/remediation plans.

Remediation & Evidence: Identify control gaps, collaborate with internal system owners to implement remediation plans, and collect audit-ready evidence.

External Audits: Assist in preparing the business, staff, and control owners for upcoming external surveillance and compliance audits.

  1. Business Continuity & Disaster Recovery

Plan Development: Lead the review and update of Business Continuity Plans (BCPs) across key business departments

Impact Analysis: Facilitate Business Impact Analyses (BIAs) to identify critical business processes, evaluate upstream/downstream dependencies, and define Recovery Time Objectives (RTOs)

Testing & Exercises: Design and execute tabletop exercises and simulation tests to validate recovery strategy effectiveness

  1. Third-Party & Supplier Security

Perform vendor risk assessments, review security clauses, and ensure suppliers meet security and business continuity requirements.

Manage the relationship with our outsourced managed IT and information security suppliers

  1. Security Awareness & Stakeholder Management

Deliver security awareness initiatives and provide advisory support to projects and teams.

Communicate risks and recommendations clearly to leadership and non-technical stakeholders.

Required Skills & Experience

  • M&A Security Expertise: Proven track record of executing security due diligence on target entities during corporate acquisitions.
  • Compliance Mastery: Deep, hands-on experience implementing, auditing, or managing ISO 27001 and SOC 2 compliance programs.
  • Business Continuity Planning: Experience designing, updating, and testing Business Continuity frameworks (experience aligning with ISO 22301 is a plus)
  • Consultative Approach: Outstanding stakeholder management skills, with the ability to communicate complex security risks to business leads and M&A deal teams.

Disclaimer

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission. Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change.

Job reference 421_1783413791
Date posted 07 July 2026

Share Job

Email me jobs like this

By submitting your details you agree to our Privacy Policy

Ash Standring

Ash Standring

Account Consultant

+44 (0) 2392 228 202

Similar Jobs

Feeling uninspired?

Get in touch- we'll find the role for you!

Contact us

Get in Touch

We'd love to hear from you!

Contact us