Associate ISO 27001 Lead Implementer, Lead Auditor

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Lead end-to-end ISO 27001:2022 implementation projects, encompassing scoping, gap analysis, risk assessment and treatment, Statement of Applicability, policy architecture, control design, internal audit, management review, and support through both Stage 1 and Stage 2 external audits.

• Create ISMS scopes that are commercially viable and defensible, avoiding unnecessary complexity.

• Develop risk registers and Statements of Applicability that withstand scrutiny from UKAS-accredited certification authorities.

• Write and customize policies, procedures, and records in alignment with Annex A 2022 controls, ensuring no generic templates are provided to clients.

• Conduct internal audits and management reviews that yield substantive findings rather than mere formalities.

• Mentor client ISMS owners and control owners to ensure the system remains effective post-handover.

• Assist clients during external audits, including addressing non-conformities and observations.

• When appropriate, expand into IASME Cyber Assurance, NIST CSF, SOC 2 readiness, and supplier assurance initiatives.

• Contribute to the development of Intelance delivery standards, templates, and calibration sessions.

⛳️ Requirements

• ISO 27001 Lead Implementer and Lead Auditor certifications are both preferred, with at least one being the minimum requirement.

• A minimum of five years of direct ISO 27001 delivery experience within the UK or European markets.

• Must have personally led at least five ISO 27001 implementations to achieve first certification or conducted a minimum of twenty ISO 27001 audits.

• Proficient in the 2022 transition, Annex A control set, and the practical distinctions from the 2013 version.

• Capable of drafting a defensible Statement of Applicability for a typical mid-market client within a week.

• Strong commercial acumen regarding scope, control proportionality, and residual risk.

• Exceptional written English skills, with documents needing to be board-ready and auditor-ready without extensive editing.

• Comfortable communicating with CISOs, CTOs, COOs, and private equity sponsors.

• Must reside in the UK and possess the right to work in the UK.

• Able to work outside of IR35 through a limited company or on a compliant basis.

• Willing to be publicly listed as an Associate of Intelance, including on LinkedIn, while serving on the panel.

• Desirable: Experience with IASME Cyber Assurance, Cyber Essentials Plus, NIST CSF, or SOC 2.

• Possession of CISSP, CISM, or ISO 22301 credentials is a plus.

• Expertise in regulated industries such as financial services, healthcare, legal, defense supply chain, or SaaS.

• Experience within private equity portfolio environments and familiarity with 100-day security plans.

🏝️ Benefits

• Competitive day rate, with payments made on 14-day terms.

• Right of first refusal on projects that align with your sector and availability.

• Named inclusion on the Intelance Cyber Assurance panel page and within proposal credentials.

• Referral fee of up to 10 percent of net first-year fees for client work generated by associates.

• Direct access to delivery leadership.

• No intermediaries or sub-sub-contracting involved.

• Access to mature templates, tools, and a quality framework, allowing you to focus on judgment rather than formatting.

• Participation in quarterly calibration workshops and co-branded continuing professional development opportunities.

• A professional environment for senior practitioners seeking stable, well-managed work without the complexities of consultancy payroll politics.

• We are intentionally selective, preferring a tight panel of five exceptional practitioners over a larger directory of average ones.