Information Security Compliance & Assurance Consultant (Outside IR35) at Spencer Rose Ltd, united kingdom, £700 per day

Information Security Compliance & Assurance Consultant (Outside IR35)

Contract: Outside IR35
Duration: 6 months
Location: Remote/Hybrid (UK)
Day Rate: Competitive Market Rate
Start Date: ASAP

Information Security Compliance & Assurance Consultant - SOC 2 & ISO 27001

We are seeking an experienced Information Security Compliance & Assurance Consultant to support a regulated SaaS organisation through a critical period of security assurance and certification activity.

This is a hands-on contract role focused on leading and coordinating the delivery of a SOC 2 audit and ISO 27001 certification/surveillance audit, ensuring the business is audit-ready whilst strengthening its overall compliance and security governance framework.

The successful consultant will work closely with Technology, Engineering, Risk, Compliance, Legal and Executive stakeholders to drive audit preparedness, evidence collection, control effectiveness reviews and remediation activities.

Key Responsibilities

• Lead the end-to-end preparation and delivery of SOC 2 audits.
• Manage ISO 27001 certification, surveillance or recertification activities.
• Assess and mature security controls against relevant frameworks and regulatory requirements.
• Conduct control gap assessments and coordinate remediation plans.
• Develop and maintain information security policies, standards and procedures.
• Coordinate audit evidence gathering and validation across multiple business functions.
• Work directly with external auditors and certification bodies.
• Monitor and track remediation activities, ensuring timely closure of findings.
• Support risk assessments and control effectiveness reviews.
• Provide executive-level reporting on audit readiness, risks and compliance posture.
• Advise on security governance, assurance and continuous improvement initiatives.

Required Experience

• Proven experience delivering successful SOC 2 Type II audits.
• Strong practical experience with ISO 27001 implementation and certification audits.
• Background in Information Security, Governance, Risk & Compliance (GRC), or Security Assurance.
• Experience working within a regulated environment, ideally SaaS, FinTech, HealthTech, InsurTech or other technology-led businesses.
• Strong understanding of information security controls, governance and risk management practices.
• Experience managing audit engagements and external auditor relationships.
• Ability to interpret and map controls across multiple frameworks.
• Excellent stakeholder management and communication skills.
• Experience driving remediation programmes across technical and business teams.

Desirable Experience

• Experience within cloud-native environments (AWS, Azure and/or GCP).
• Familiarity with GDPR, NIST CSF, CIS Controls, PCI DSS or related frameworks.
• Security or audit certifications such as:
  • ISO 27001 Lead Implementer or Lead Auditor
  • CISSP
  • CISM
  • CRISC
  • CISA

Personal Attributes

• Pragmatic and delivery-focused.
• Comfortable operating autonomously in a fast-paced environment.
• Strong attention to detail and evidence-based decision making.
• Able to challenge constructively whilst building strong stakeholder relationships.
• Commercially aware with excellent written and verbal communication skills.

What's on Offer?

• High-profile security assurance programme within a growing regulated SaaS business.
• Opportunity to shape and improve the organisation's security compliance maturity.
• Flexible working arrangements.
• Outside IR35 engagement with competitive day rates.

To apply, please send your CV highlighting your experience leading SOC 2 and ISO 27001 audits within regulated technology or SaaS environments.