Cyber Security Consultant £70-80 K
Are you a skilled cyber security professional with a passion and a desire to make a real impact?
Safe Harbour Security is a fast-growing cybersecurity services company, providing essential cybersecurity and data protection services to SMEs.
We specialise in helping businesses achieve ISO 27001 certification, GDPR compliance, and Cyber Essentials Plus, while also offering Penetration Testing and virtual security operations support.
We are looking for a cyber security consultant to join our team and drive our growth during an expansion phase.
As part of our journey, we are looking for someone who thrives in an evolving, fast-paced environment and is excited about helping SMEs secure their digital future.
Key Responsibilities:
* Compliance & Security Framework Implementation: Assist clients in achieving and maintaining ISO 27001, SOC 2, and Cyber Essentials compliance.
* Conduct security risk assessments, gap analyses, and audits.
* Develop and implement security policies, procedures, and controls.
* v CISO & Advisory Services: Provide virtual Chief Information Security Officer (v CISO) services to clients.
* Offer strategic security guidance and risk management recommendations.
* Develop security roadmaps and governance models.
* Penetration Testing & Security Assessments: Assist Pen Testing team with vulnerability assessments.
* Simulate cyberattacks to identify vulnerabilities and recommend remediation strategies.
* Work with clients to improve security controls based on test findings.
* Incident Response & Threat Management: Develop and implement incident response plans.
* Assist clients in investigating and mitigating security incidents.
* Provide recommendations to prevent future breaches.
* Security Awareness & Training: Deliver cyber security awareness training to client teams.
* Conduct phishing simulations and security workshops.
* Promote security best practices across client organisations.
* Technical & Compliance Documentation: Prepare and maintain security documentation, policies, and reports.
* Support clients with evidence collection for audits and certifications.
* Ensure alignment with regulatory and industry standards.
What We Are Looking For:
* Drive & Determination: You are motivated, proactive, and enjoy the challenge of consulting in an emerging market.
* Communication Skills: You can convey complex ideas simply, differentiating our services in a crowded market.
* Curiosity & Learning: An eager learner about cybersecurity and data protection, with the ability to engage in conversations with IT decision-makers like CTOs, CIOs, and IT Managers.
* Tech-Savvy: Proven experience in cybersecurity consulting, risk management, or compliance.
* Strong understanding of ISO 27001, SOC 2, and Cyber Essentials frameworks.
* Hands-on experience with penetration testing, vulnerability assessments, and security tools.
* Familiarity with regulatory requirements such as GDPR, NIST, and CIS Controls.
* Ability to develop and implement security policies and procedures.
* Experience with incident response planning and security operations.
* Strong communication and client management skills.
* Relevant certifications preferred (e.g., CISSP, CISM, CEH, OSCP, ISO27001 Lead Auditor/Implementer).
* Resilience & Grit: The start-up world isn't easy, and you're ready to take on challenges, bounce back from rejection, and persist through obstacles.
* Self-Starter: You're a person who thrives in an autonomous role and enjoys bringing fresh ideas to the table.
Why Join Us?
* Growth Opportunity: You'll have a chance to contribute to our growth and receive a rewarding compensation plan, including equity.
* Impact: Be a key part of an organisation that values innovation and appreciates different viewpoints.
* Your ideas will shape the company's future.
* Collaboration: Work with a team of passionate people who value hard work, open dialogue, and accountability.
* Flexible Environment: The early-stage, dynamic environment means you'll have the freedom to shape your role and approach.
What We Won't Do:
* Sit back and wait for customers to interact with us: We actively assist our clients to become cyber resilient and achieve compliance by anticipating their needs.
* Provide rigid instructions: We encourage innovative thinking and self-direction.
* Leave you unsupported: We'll ensure you have the training and tools to succeed, including cybersecurity and data protection expertise.