Information Security Governance Consultant – 12 Month FTC
- London
- £75,000 + Package
- Job type: Contract
- Sector: Travel & Tourism
- Job reference: JEM / 41069
Information Security Governance Consultant required for market-leading travel organisation. The role will be centred on facilitating the transition of GRC into their Security function. The three major projects you will work on are PCI 4.0 & ISO 27001:2022 transitioning and recertification as well as SOX compliance.
Role Overview:
This position is a full-time, hands-on role reporting to the Director of Information Security. The role’s primary purpose is to facilitate transition to PCI v4.0 and ISO 27001:2022 as well as achieving compliance with the Sarbanes-Oxley Act (SOX). This position will be responsible for designing, implementing, and maintaining effective governance processes and controls, collaborating with cross-functional teams, and ensuring the organization’s Information Security aligns with these regulatory and compliance frameworks.
Main Duties:
PCI 4.0 Compliance:
- Lead the efforts to achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS) version 4.0.
- Conduct gap assessments, remediation planning, and ongoing monitoring to ensure continuous compliance.
SOX Compliance:
- Oversee the implementation and maintenance of controls to meet the requirements of the Sarbanes-Oxley Act (SOX).
- Collaborate with financial, IT, and audit teams to ensure financial reporting integrity and compliance.
ISO 27001:2022 Transition:
- Drive the organization’s transition to ISO 27001:2022 certification from the existing 27001:2013 Management System, including risk assessments, policy development, and process improvements.
- Collaborate with external auditors and certification bodies to achieve ISO 27001:2022 compliance.
As an ideal candidate, you will have:
- Professional certifications such as CISSP, CISM, or CISA are highly desirable.
- Project management certifications (e.g., PMP, PRINCE2) and experience managing complex projects or programs.
- Proven experience in Information Security Governance and compliance roles, including PCI, SOX, and ISO 27001.
- Strong understanding of relevant regulatory requirements and industry standards.
- Excellent communication, leadership, and interpersonal skills.
- Experience working with cross-functional teams and managing security initiatives.
- Strong analytical and problem-solving skills.
- Knowledge of risk management, incident response, and compliance frameworks.