IT Security Lead - 6 month contract

The Security Lead (Contractor) will play a pivotal role in strengthening Unity Advisory's security posture by working across technical, governance, and operational domains. Acting as the primary liaison between Unity Advisory and its Managed SOC provider, this role will lead the implementation of Cyber Essentials certification and alignment with ISO 27001 standards. The contractor will establish, operationalise, and embed sustainable security practices while building organisational readiness for formal audit and certification. They will also lead on operational Information Security practices including identity management and vulnerability management. This is both a strategic and hands‑on role that requires the ability to bridge governance, technology, and stakeholder engagement, ensuring Unity Advisory's security maturity evolves in line with regulatory and business objectives.

• Security Governance & Alignment:
  • Lead the development and rollout of a security governance framework aligned with ISO 27001 controls and Cyber Essentials requirements.
  • Conduct gap analyses and implement corrective action plans to achieve compliance milestones.
  • Draft and maintain security policies, standards, and procedures.
• Liaison with SOC and Incident Management:
  • Act as the central point of contact with the Managed Security Operations Centre (SOC), ensuring effective triage, response, and reporting of security incidents.
  • Oversee configuration and optimisation of SIEM/SOAR tools to ensure actionable alerting.
  • Run periodic tabletop exercises and incident simulations to validate response capability.
  • Ensure Vulnerability Management activities are carried out, in conjunction with the wider team and managed services function.
• Cyber Essentials Implementation:
  • Coordinate the technical and procedural controls required to meet Cyber Essentials Plus certification.
  • Liaise with external assessors, IT operations, and third‑party providers to ensure readiness for audit.
• ISO 27001 Readiness & ISMS Development:
  • Build an Information Security Management System (ISMS) tailored to Unity Advisory's business model.
  • Map existing processes and documentation to ISO 27001 Annex A controls.
  • Prepare the organisation for internal and external audits, including documentation, risk treatment plans, and asset registers.
• Risk & Compliance Management:
  • Conduct and maintain an enterprise‑wide information security risk register.
  • Support Data Protection Impact Assessments (DPIAs) and privacy alignment activities in collaboration with the CPO.
  • Support contractual security clauses and third‑party vendor due diligence.
• Awareness & Training:
  • Deliver a targeted security awareness programme, including phishing simulations, staff training, and policy communications.
  • Foster a culture of shared security responsibility across departments.

At Unity Advisory, we are committed to providing an inclusive and accessible recruitment process. In line with the Equality Act 2010, we will accommodate any suitable candidate requiring assistance to attend or conduct an interview. If you need any adjustments or support, please let us know when either scheduling your interview or in your application cover letter. We are dedicated to ensuring everyone has an equal opportunity to succeed and are here to support you throughout the process.

• Strong knowledge of information security frameworks including ISO 27001, Cyber Essentials, NIST CSF, and CIS Controls.
• Experience liaising with SOCs, managing SIEM/SOAR tools, and handling incident response workflows.
• Proven experience leading security maturity assessments and implementing ISO 27001‑aligned controls.
• Understanding of risk‑based security management, policy design, and compliance reporting.
• Excellent communication and stakeholder management skills – able to engage both technical and non‑technical audiences.
• Experience in cloud and SaaS security, ideally within Microsoft 365 and Azure environments.
• Familiarity with third‑party risk management and contract security provisions.
• Desirable: experience with ISO 42001 (AI Management) or emerging AI governance frameworks.
• Security certifications preferred (e.g., CISSP, CISM, ISO 27001 Lead Implementer, CompTIA Security+).

Unity Advisory is a challenger advisory firm. Built for the AI‑enabled world, we operate a lean, conflict‑free, and client‑centric model that embeds AI across all workstreams. With no audit practice, we do not have the audit‑related conflicts which allows us to focus entirely on delivering value to clients with agility and innovative, outcome‑based commercial models. Our culture is highly collaborative and flat‑structured and free of traditional partner P&L silos – pursuing the best outcomes for our clients. We are now looking for an IT Security Lead to join our growing team.

Working at Unity Advisory we offer a truly hybrid and flexible working environment and the opportunity to be at the forefront of AI‑driven advisory services. You'll be part of a highly collaborative, flat‑structured culture, empowered to contribute to the way we scale our business and support our clients. This is an exciting opportunity to join a fast‑growing firm and accelerate your career in professional services.