Location: London / Greater London / Home-based with regular travel
Reports To: Certification Manager / Head of Audit and Compliance
Department: Information Security Certification
About Us We are a UKAS-accredited certification body delivering independent audit and certification services across multiple management system standards, including ISO 9001, ISO 14001, and ISO 27001. Our goal is to help organisations demonstrate compliance, strengthen governance, and continuously improve.
Were seeking a qualified ISO 27001 Lead Auditor based in or around London to join our expanding audit team. Youll lead and conduct Information Security Management System (ISMS) audits in line with ISO/IEC 27001:2022, ISO 17021, and UKAS requirements.
Key Responsibilities Plan, conduct, and report Stage 1, Stage 2, surveillance, and recertification audits for ISO 27001.
Assess client ISMS implementations for conformity and effectiveness against ISO/IEC 27001:2022.
Lead audits independently or as part of a multi-standard team (e.g. ISO 9001, ISO 22301, ISO 27701).
Produce clear, objective audit reports with evidence-based findings and recommendations.
Ensure impartiality, confidentiality, and compliance with UKAS, ISO 17021-1, and ISO 19011 principles.
Support technical reviews, certification decisions, and internal auditor development.
Maintain up-to-date knowledge of information security, data protection, and cyber-risk frameworks.
Essential Qualifications and Experience Successfully completed an ISO/IEC 27001:2022 Lead Auditor course (IRCA-approved or equivalent).
At least four years experience in information security management or auditing.
Proven track record conducting third-party ISO 27001 audits for a UKAS-accredited certification body.
Strong working knowledge of Annex A controls, ISO/IEC 27002, and ISMS risk assessment methodologies .
Familiarity with ISO 17021-1, ISO 19011, and UKAS accreditation processes.
Excellent written and verbal communication skills.
Willingness and ability to travel across London and the South East, with occasional national assignments.
Desirable Skills and Qualifications IRCA-registered ISO 27001 Lead Auditor (or equivalent).
Additional auditor qualifications (ISO 9001, ISO 22301, ISO 27701, ISO 20000-1).
Experience auditing in data-intensive sectors such as finance, healthcare, or public sector.
Technical knowledge of cybersecurity frameworks (NIST CSF, CIS, Cyber Essentials Plus).
Membership in a professional body (BCS, ISACA, IIA, IISP, etc.).
TPBN1_UKTJ