There’s a lot of noise in cyber consultancy.
Bigger promises. Bigger teams. Bigger slide decks.
That’s never really been us.
CCA was built around a simpler idea:
Produce really good work, build strong relationships on trust, provide value for money, and create an environment where talented people can actually grow.
We’re looking for Cyber Security Consultants to join us as we continue to scale and grow our delivery team, and innovate our service offerings.
We don’t need someone looking for a “safe pair of hands” role where they repeat the same kind of repeat delivery over and again.
We’re need someone who wants breadth and depth. Someone who wants to develop real, pan-domain consultancy ability. Someone who enjoys solving client facing problems, improving how things work and is genuinely trusted by clients.
What the role actually looks like
You’ll work across a wide range of governance, risk and assurance engagements, supporting clients in improving their cyber maturity in ways that are practical and achievable.
That could include:
* ISO 27001 audit and implementation activity
* NCSC CAF and NIST-CSF v2.0 assessments
* Maturity Assessments and Control Gap Analysis
* Third Party Risk Management (TPRM) implementations
* Cyber Incident Exercise delivery
* Governance, Risk and Compliance advisory work
* Supporting clients with meaningful, embedded activity, not just producing reports
Some days will be structured. Others won’t.
You’ll need to adapt to different clients, different industry sectors and environments and different challenges. That’s part of consultancy and honestly, part of what makes the role interesting.
We’re less concerned about whether your background is purely governance-focused or more technical.
You might already be working in GRC. You might be in a technical security role, looking to move into consultancy and advisory work. You might simply be someone who enjoys understanding how organisations operate and figuring out how to help and protect them.
What matters most to us is how you think, and how you apply that thinking.
The type of person who does well here
The people who thrive at CCA tend to be the ones who genuinely care.
They care about the quality of their work.
They care about client outcomes.
They care about improving things rather than just maintaining the status quo.
They ask questions.
They spot inefficiencies.
They challenge constructively.
They take ownership.
And they’re usually the sort of people who want to keep learning rather than feeling like they’ve already “made it”.
You don’t need to know everything.
But you do need to be curious, adaptable and willing to get stuck in.
Why people join us
A lot of consultants reach a point where they feel disconnected from the work they’re delivering.
Projects become transactional.
Development becomes secondary.
Autonomy exists on paper but not in reality.
We’ve tried to build something different.
At CCA, you’ll have visibility into the business, exposure to a broad range of work and the opportunity to contribute beyond your immediate project list.
You’ll work alongside experienced consultants who will support your growth, but you’ll also be trusted to take ownership and develop your own voice and approach over time.
We are remote-first and flexible, but we also care deeply about professionalism, accountability and delivery quality.
The balance matters.
Built to be sustainable
We want people to do great work without burning themselves into the ground to prove something.
That means flexibility that’s genuinely usable.
Support that isn’t performative.
Professional development that isn’t squeezed in around the edges of utilisation targets.
We invest in our people because we want them to stay, grow and build something meaningful with us over time.
About CCA
CCA is a specialist cyber consultancy focused on helping organisations strengthen governance, manage risk and improve cyber maturity in ways that fit their environment.
We work closely with clients, often over long periods of time, because we believe good consultancy is built on trust, not dependency.
We’re also passionate about community and accessibility within the industry. As co-founders of Cyber House Party, we actively support initiatives focused on representation, opportunity and giving back to the wider cyber community.
We’re not trying to be the biggest consultancy in the market.
We’re focused on building one of the best places to grow a career in cyber.
A note on applications
We review every application individually without the use of AI, and will respond to all applicants. Please allow us a little time as we work through each one carefully.