The Role
Lead end-to-end ISO 27001:2022 implementations and audits for mid-market and enterprise clients: scoping, gap analysis, risk assessment/treatment, SoA, policy and control design, internal audits, management reviews, and support through external Stage 1/2 audits. Coach client owners, respond to non-conformities, contribute templates and delivery standards, and optionally extend into IASME, NIST CSF, SOC 2, and supplier assurance.
Summary Generated by Built In
Intelance is a UK consulting firm serving mid-market and enterprise clients across financial services, healthcare, SaaS, and private equity-backed businesses. We are an IASME Certification Body across Cyber Essentials, Cyber Essentials Plus, and IASME Cyber Assurance, with a growing ISO 27001 implementation and audit book.
We are building a selective associate panel of senior ISO 27001 practitioners. This is a long-term associate relationship, not an employment role. We want a small group of serious operators who can take a client from kick-off to certification without hand-holding, and who treat an Information Security Management System as a business instrument, not a paperwork exercise.
Tasks
* Lead ISO 27001:2022 implementation engagements end-to-end: scoping, gap analysis, risk assessment and treatment, Statement of Applicability, policy architecture, control design, internal audit, management review, and support through Stage 1 and Stage 2 external audits.
* Design ISMS scopes that are commercially sensible and defensible, not bloated.
* Build risk registers and Statements of Applicability that hold up under scrutiny from UKAS-accredited certification bodies.
* Author and tailor policies, procedures, and records aligned to Annex A 2022 controls. No generic templates dropped on clients.
* Run internal audits and management reviews that generate real findings, not theatre.
* Coach client ISMS owners and control owners so the system survives after handover.
* Support clients through external audit, including responding to non-conformities and observations.
* Where capacity and interest align, extend into IASME Cyber Assurance, NIST CSF, SOC 2 readiness, and supplier assurance work.
* Contribute to Intelance delivery standards, templates, and calibration sessions.
Requirements
* ISO 27001 Lead Implementer and Lead Auditor certifications, both preferred. One is the minimum bar.
* Minimum five years hands-on ISO 27001 delivery in the UK or European market.
* Personally led at least five ISO 27001 implementations to first certification, or conducted at least twenty ISO 27001 audits.
* Fluent in the 2022 transition, Annex A control set, and the practical differences from the 2013 version.
* Confident authoring a defensible Statement of Applicability in under a week for a typical mid-market client.
* Strong commercial judgement on scope, control proportionality, and residual risk.
* Excellent written English. Documents must be board-ready and auditor-ready without heavy editing.
* Confident operating with CISOs, CTOs, COOs, and private equity sponsors.
* Based in the UK with the right to work in the UK.
* Able to operate outside IR35 via a limited company, or on a compliant basis.
* Willing to be listed publicly as an Associate of Intelance, including on LinkedIn, while on the panel.
Desirable:
* IASME Cyber Assurance, Cyber Essentials Plus, NIST CSF, or SOC 2 experience.
* CISSP, CISM, or ISO 22301 credentials.
* Sector depth in regulated industries: financial services, healthcare, legal, defence supply chain, SaaS.
* Experience inside private equity portfolio environments and 100-day security plans.
Benefits
* Competitive day rate, paid on 14-day terms.
* Right of first refusal on engagements matched to your sector and availability.
* Named inclusion on the Intelance Cyber Assurance panel page and on proposal credentials.
* Referral fee of up to 10 percent of net first-year fees for associate-originated client work.
* Direct access to delivery leadership. No layers, no sub-sub-contracting.
* Mature templates, tooling, and a quality framework so your time goes into judgement, not formatting.
* Quarterly calibration workshops and co-branded continuing professional development.
* A professional home for senior practitioners who want steady, well-run work without the politics of a consultancy payroll.
We are deliberately selective. We would rather run a tight panel of five excellent practitioners than a directory of twenty average ones. If you take pride in ISMS work that actually protects a business and passes audit cleanly, we want to meet you.
Process: short application, 30-minute virtual assessment, 30-minute screen with our Cyber Assurance lead, a technical scenario walkthrough based on a real client situation, two references, and a signed Associate Panel Agreement. From application to panel membership in under three weeks for the right candidates.
We are building a selective associate panel of senior ISO 27001 practitioners. This is a long-term associate relationship, not an employment role. We want a small group of serious operators who can take a client from kick-off to certification without hand-holding, and who treat an Information Security Management System as a business instrument, not a paperwork exercise.
Tasks
* Lead ISO 27001:2022 implementation engagements end-to-end: scoping, gap analysis, risk assessment and treatment, Statement of Applicability, policy architecture, control design, internal audit, management review, and support through Stage 1 and Stage 2 external audits.
* Design ISMS scopes that are commercially sensible and defensible, not bloated.
* Build risk registers and Statements of Applicability that hold up under scrutiny from UKAS-accredited certification bodies.
* Author and tailor policies, procedures, and records aligned to Annex A 2022 controls. No generic templates dropped on clients.
* Run internal audits and management reviews that generate real findings, not theatre.
* Coach client ISMS owners and control owners so the system survives after handover.
* Support clients through external audit, including responding to non-conformities and observations.
* Where capacity and interest align, extend into IASME Cyber Assurance, NIST CSF, SOC 2 readiness, and supplier assurance work.
* Contribute to Intelance delivery standards, templates, and calibration sessions.
Requirements
* ISO 27001 Lead Implementer and Lead Auditor certifications, both preferred. One is the minimum bar.
* Minimum five years hands-on ISO 27001 delivery in the UK or European market.
* Personally led at least five ISO 27001 implementations to first certification, or conducted at least twenty ISO 27001 audits.
* Fluent in the 2022 transition, Annex A control set, and the practical differences from the 2013 version.
* Confident authoring a defensible Statement of Applicability in under a week for a typical mid-market client.
* Strong commercial judgement on scope, control proportionality, and residual risk.
* Excellent written English. Documents must be board-ready and auditor-ready without heavy editing.
* Confident operating with CISOs, CTOs, COOs, and private equity sponsors.
* Based in the UK with the right to work in the UK.
* Able to operate outside IR35 via a limited company, or on a compliant basis.
* Willing to be listed publicly as an Associate of Intelance, including on LinkedIn, while on the panel.
Desirable:
* IASME Cyber Assurance, Cyber Essentials Plus, NIST CSF, or SOC 2 experience.
* CISSP, CISM, or ISO 22301 credentials.
* Sector depth in regulated industries: financial services, healthcare, legal, defence supply chain, SaaS.
* Experience inside private equity portfolio environments and 100-day security plans.
Benefits
* Competitive day rate, paid on 14-day terms.
* Right of first refusal on engagements matched to your sector and availability.
* Named inclusion on the Intelance Cyber Assurance panel page and on proposal credentials.
* Referral fee of up to 10 percent of net first-year fees for associate-originated client work.
* Direct access to delivery leadership. No layers, no sub-sub-contracting.
* Mature templates, tooling, and a quality framework so your time goes into judgement, not formatting.
* Quarterly calibration workshops and co-branded continuing professional development.
* A professional home for senior practitioners who want steady, well-run work without the politics of a consultancy payroll.
We are deliberately selective. We would rather run a tight panel of five excellent practitioners than a directory of twenty average ones. If you take pride in ISMS work that actually protects a business and passes audit cleanly, we want to meet you.
Process: short application, 30-minute virtual assessment, 30-minute screen with our Cyber Assurance lead, a technical scenario walkthrough based on a real client situation, two references, and a signed Associate Panel Agreement. From application to panel membership in under three weeks for the right candidates.
Skills Required
- ISO 27001 Lead Implementer OR Lead Auditor certification
- Holding both ISO 27001 Lead Implementer and Lead Auditor certifications
- Minimum five years hands-on ISO 27001 delivery in the UK or European market
- Personally led at least five ISO 27001 implementations to first certification OR conducted at least twenty ISO 27001 audits
- Fluent in the 2022 transition, Annex A 2022 control set, and differences from 2013
- Ability to author a defensible Statement of Applicability in under a week for a typical mid-market client
- Strong commercial judgement on scope, control proportionality, and residual risk
- Excellent written English; board-ready and auditor-ready documentation without heavy editing
- Confident operating with CISOs, CTOs, COOs, and private equity sponsors
- Based in the UK with the right to work in the UK
- Able to operate outside IR35 via a limited company, or on a compliant basis
- Willing to be listed publicly as an Associate of Intelance while on the panel
- IASME Cyber Assurance, Cyber Essentials Plus, NIST CSF, or SOC 2 experience
- CISSP, CISM, or ISO 22301 credentials
- Sector depth in regulated industries (financial services, healthcare, legal, defence supply chain, SaaS)
- Experience inside private equity portfolio environments and 100-day security plans
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Intelance is a UK-based strategic consultancy specializing in Enterprise Architecture, AI transformation, and cybersecurity. The firm helps organizations design the systems, structures, and operating models needed to scale, secure, and lead in a volatile world, delivering practical transformation that reduces risk and creates measurable value. They serve public and private sector clients across the UK, Africa, and the Middle East in highly regulated industries.
