Information Security Management Systems Implementation Consultant (Contract – Outside IR35)
Location:
Remote (HQ: Teesside)
Contract Length:
6 months
NRG is delighted to partner with a growing, mid-sized organisation on an exciting new opportunity for an experienced ISMS Implementation Specialist to lead the delivery of a full ISO 27001-aligned Information Security Management System (ISMS).
You'll be the hands-on lead responsible for designing and implementing an operational, production-ready ISMS, with the potential for certification in a future project phase. You'll work closely with leadership, IT, and operations to bring structure, compliance, and scalability to their maturing security posture.
What You'll Be Doing
ISMS Framework & Governance
* Establish a fully compliant ISMS framework aligned to ISO 27001 standards
* Build and formalise the ISMS Governance Council and internal Information Security Team structures
* Develop all core policies, procedures, and controls across the business
* Implement risk assessment processes and treatment plans
* Launch internal audit and management review programmes
Security Configuration & Technical Delivery
* Configure Microsoft 365 security settings (DLP, conditional access, info protection etc.)
* Review and enhance controls for a custom CRM application on AWS (OWASP-compliant)
* Integrate Vanta (existing compliance monitoring platform) with the ISMS
* Directly implement security controls where possible or brief/manage the ITSM provider
* Document all technical processes and configurations for long-term sustainability
Operational Readiness & Handover
* Ensure the ISMS is fully operational and self-sustaining
* Support training and upskilling of governance council and ISMS roles
* Establish competency frameworks, documentation packs, and evidence collection systems
* Formalise key business processes (incident response, risk, continuous improvement)
What We're Looking For
* Proven track record implementing ISO 27001-aligned ISMS in similar-sized organisations (50–200 employees).
* Hands-on experience configuring Microsoft 365 security tools (DLP, CA, compliance centre, etc.).
* Strong understanding of governance frameworks, especially involving business-led councils and stakeholder engagement.
* Experience working with regulators such as FCA or ICO across diverse technical environments.
* Confident leading ISMS delivery independently, with structured project plans and clear documentation.
* Familiar with Vanta or similar compliance automation platforms (Drata, Tugboat Logic, etc.).
* ISO 27001 Lead Implementer certification preferred but not essential.
Why Apply?
* Autonomy:
Full ownership of ISMS Phase 1 - from design to delivery
* Flexibility:
Fully remote contract role, with support from a responsive leadership team
* Impact:
Shape the organisation's long-term information security maturity
* Tools:
Leverage a modern tech stack (M365, AWS, Vanta, cloud SaaS)
If this role sounds of interest, click 'apply now' and a member of our team will be in touch.