Information Security Consultant

Information Security Consultant - Contract (Outside IR35)

Location: Liverpool (Hybrid - 2 days on-site per week)Duration: 6-month initial contract (12-month project)IR35 Status: Outside IR35Industry: Financial Services

We are seeking an InfoSec Consultant to support a financial services client in implementing key security processes and frameworks. This is a delivery-focused role requiring hands-on experience in security implementation within a regulated environment.

• Project Assurance - Conduct risk assessments, develop documentation, and establish processes to support internal security projects.
• M&A Security - Support security due diligence for acquisitions, ensuring key risks are understood and addressed at the executive level.
• Third-Party Assurance - Develop a structured approach for vendor risk management, classification, and compliance with minimum security requirements.
• Developer Security Framework - Implement governance and agile security methodologies for newly insourced development teams, including mobile app security.
• Knowledge Sharing - Work closely with the Head of InfoSec and an internal team (mid-level and junior analysts) to establish long-term security capabilities.

• Proven experience delivering security frameworks and processes in a financial services environment.
• Strong background in security governance, risk management, and assurance.
• Expertise in third-party security assessments and compliance requirements.
• Experience working with M&A security and risk management during acquisitions.
• Familiarity with agile security methodologies and securing development teams.
• Ability to collaborate with technical and non-technical stakeholders, ensuring security best practices are embedded within the organisation.

This is a critical role in helping the business establish robust security processes and frameworks, ensuring long-term resilience.

If you're interested or know someone who could be a great fit, please get in touch.