Principal Information Security Consultant

Gemserv is an expert provider of professional services, helping clients make the most of a world increasingly driven by data and technology. Gemserv has experienced significant growth in recent years, winning new contracts and seeing our role on existing ones extended.

We have ambitious plans for the future and are now looking to strengthen our Cyber Security & Privacy team by employing a Principal Information Security Consultant. We are looking for a passionate and driven individual with practical ISO27001 implementation and auditing experience and an understanding of Smart Energy Code (SEC) Section G to join our growing team.

London Office (hybrid working)
Salary Range
£50,000 - £75,000 plus bonus and excellent benefits package
Employment Type
Contract Basis
Full time (happy to consider flexible working)
Ref No

The Role

The role will be dedicated to leading the delivery of specialist cyber security consulting services into our major contract, Smart Energy Code Administrator Service (SECAS). Therefore, an understanding of the GB energy sector and/or smart metering landscape would be a distinct advantage. The delivery of security services into our client contract is key requirement of the service, requiring the successful candidate to a strategic thinker in how cyber secuirty will continue to shape the smart metering landscape, able to manage engagements at industry level multi-parties, exceptional client management skills, technical skills to deliver high quality output and strong commercial awareness in shaping the service in line with industry change. Furthermore, the role will require excellent communication and stakeholder management skills, so you would need to be a clear, concise and authoritative communicator able to deliver to a broad range of audiences. The successful candidate will be screened against BS7858:2019 which is a key requirement. The successful candidate will be part of the wider Cyber Security & Privacy Practice and will be expected to support the delivering of information security services to our clients.

We would be interested in hearing from candidates who are looking for a permanent role



Key accountabilities for this role include:

  • Briefing the Principal Team Lead on any sensitivities or emerging issues from liaison with Users and / or Shared Resources and providing relevant background and issues to be considered by the SSC.  
  • Providing expert advice to Users undertaking User Security Assessments (USAs)
  • Monitoring the progress of Users who have booked USAs;
  • Ensuring an accurate tracking mechanism to record:
  • Maintaining and reviewing USA related documentation including the Security Controls Framework, Agreed Interpretations and Decision-Making Principles;
  • Undertaking validation of User management responses and Director’s Letters;
  • Liaising with Users to enable an improved User management response to be provided in advance of the User CIO validation or Security Sub-Committee (SSC) review of Director’s Letters where appropriate;
  • Monitoring all security incidents and vulnerabilities reported by Smart Energy Code (SEC) Parties or the DCC and providing an expert assessment of the materiality of the security incident or vulnerability.
  • Advising the Principal Team Lead on whether a security incident or vulnerability is material and warrants the mobilization of SMIRT;
  • Promptly taking whatever action is directed to undertake analysis of the security incident or vulnerability as required;
  • Conducting ‘lessons learned’ analysis after the resolution of a security incident or vulnerability.
  • Undertaking the review of ISO standards, cryptographic standards and best practices as enshrined in the SEC
  • Review confidential minutes related to assessments and contribute to SSC Pre-Meets and Post-Meets.
  • Review and assess Material Security Changes and advise the Principal Team Lead accordingly.
  • Conduct ad hoc risk assessments of specific risks that may arise from time to time.
  • Reviewing user assessment reports and management responses;
  • Monitor the threat landscape and advise the SSC of any material changes arising from threats or business impact levels;
  • Contribute to procurement exercise for the annual SSC risk assessment where requested by the SSC;
  • Provide expert assistance to any external risk assessment commissioned by the SSC.
  • Conduct analysis produce papers and presentations; provide advice and make recommendations.
  • Demonstrate BD, commercial and strategic client management capabilities.



To be successful in the role it is essential that the post-holder should be able to demonstrate experience in the following areas:

  • An essential understanding and practical working knowledge of Smart Energy Code (SEC) Section G
  • Technical knowledge of information security compliance (ISO27001), information management, Smart Metering and IT security arrangements.
  • Ability to conduct risk assessments and treatments using a hybrid IS1/IS2 and ISO 27005 requirements. ISO 27001 Lead Auditor/Implementer qualification is essential
  • Have practical experience in undertaking ISO 27001 internal and external (field) audits.
  • Have practical knowledge of the threat landscape in Smart Metering.

To be successful in the role it would advantageous that the post-holder should be able to demonstrate experience in the following areas:

  • Knowledge of Smart Metering and the energy market would be advantageous
  • Preferably, an understanding and working of ISO standards including ISO 27005, ISO 27035 and ISO 22301
  • ISO 27001 Lead Auditor/Implementer qualification is essential
  • Ideally have an industry qualification such as CISA or CISM


Skills and Qualities

  • Strong business development skills in developing and selling consulting programmes
  • Excellent client consulting skills and ability to engage and build relationships with stakeholders at all levels (including C-suite level)
  • Strategic and commercial skills in consulting programmes, including position and expanding services
  • Ability to understand complex client and industries issues and take a solution approach to position and sell consultancy
  • Able to conceptualise opportunities and develop these through business development activities.
  • Ability to explain complex ideas in a concise manner.
  • Ability to work independently with little to no supervision.
  • Ability to provide expertise and support in operational risk, governance, business continuity, data protection, data leakage and privacy.
  • Passion to develop own skills and knowledge in information security and data protection compliance.
  • Proactive, ‘hands on’ starter finisher and results driven individual.
  • Highly organised and able to manage and prioritise workload.
  • Strong problem solver with high attention to detail.
  • The role may require occasional business travel.




  • 25 days annual leave, plus bank holidays
  • Profit related Bonus (discretionary)
  • Reward and recognition schemes
  • Flexible working
  • Private Bupa healthcare
  • Life Assurance (up to 4 times annual salary)
  • Matched pension contributions
  • Season Ticket Loan
  • Cycle to work scheme
  • Buy and Sell annual leave
  • Reimbursement of eye test and up to £50 towards glasses or contacts
  • Corporate gym rates
  • Employee Assistance Programme
  • Summer and Christmas parties, along with monthly Gembar



We are an expert provider of professional services in a world driven by data and technology. We work across various sectors, from government bodies to global blue-chip organisations and small independent companies.

Due to the nature of what we do, we are a people business. The contribution from every member of the team expands our workforce’s diverse range of experience, skills and personalities – each individually valued.

Gemserv is an equal opportunities employer, we celebrate diversity and are committed to create an inclusive environment for all employees.

We heavily invest in the learning and development opportunities, enabling our people to develop skills and gain experience, which will enhance career prospects for life. Many who started their careers with us have rapidly progressed into more senior positions.

At Gemserv no two days are the same, but we believe in a flexible approach to working which we know our employees’ value. That focus on encouraging a positive work/life balance extends to the many regular social events where employees get the opportunity to meet people from across the business and the wider industry in a more informal environment.


 HR Recruitment Graphic


If you feel that you fit the above requirements and would like to hear more about being part of a growing organisation, then we would love to hear from you. Please submit your CV and application letter to us by clicking ‘Apply now’

Happy to talk flexible working