Job Description

Cyber Security Auditor

We are seeking an experienced Senior Cyber Security Auditor to join a high performing Security Practice in Bristol, specialising in Cyber Assessment Framework (CAF) compliance and assurance. You'll work across multiple projects within both public and private sector organisations, taking the lead on day-to-day client engagement and delivering high-quality security audits and assessments. You will also be comfortable identifying new opportunities, supporting bids, and contributing to presales activities where required.



Due to the secure nature of the projects UK SC Clearance is required, with experience working on secure projects with MoD or Government clients. As well as sole UK National status to work in this environment.

The role:

Conduct comprehensive cyber security audits aligned to NCSC CAF and other recognised frameworks. Assess organisational security posture across the full system lifecycle, ensuring


compliance and identifying areas for improvement.
Produce clear, actionable audit reports and recommendations for technical and


non-technical stakeholders.
Facilitate workshops and assurance reviews with business leaders and diverse


project teams.
Act as a trusted advisor, supporting clients in developing and maintaining secure


systems and managing complex security risks.

What you'll bring:

Ability to lead audits, engage stakeholders, and communicate findings effectively. Proven expertise in Cyber Security Auditing, with strong knowledge of: + NCSC Cyber Assessment Framework (CAF). + ISO 27000 series, NIST Cyber Security & Risk Management Frameworks.
+ Legacy IA standards and NCSC guidance.
Familiarity with MOD security frameworks (e.g., JSP 453, JSP 440, JSP 902, DEFCON


659A).
Technical understanding of: + Defensive Cyber principles. + Enterprise Architecture and Secure Systems.
+ Network & Cloud Security, System Hardening.
+ Cryptographic Controls (PKI, Data at Rest/In Transit).
+ Protective Monitoring and Security Assurance.

Qualifications:

Essential

CISSP, CISM, or another industry recognised cyber security certification.

Desirable

Membership of the Chartered Institute of Information Security (CIISec) at an appropriate level - highly desirable. Professional Registration via the UK Cyber Security Council for Audit and


Assurance.


If you're an expert in Cyber Security audit and compliance, and want to work as a true customer-facing security consultant, we'd love to hear from you.