Information Security Consultant – Security Transformation Programme

Location: Spain (Remote)

Contract Length: Initial 6-Month Contract

Start Date: ASAP

Day Rate: Competitive / DOE

Overview

We are seeking an experienced Information Security Consultant to support a major security transformation programme for a global organisation. This is a fully remote contract role; however, candidates must be based in Spain and eligible to work there.

The successful consultant will play a key role in helping mature security capabilities, improve governance and risk management practices, and support the delivery of strategic cybersecurity initiatives across the business.

Key Responsibilities

• Support the delivery of a large-scale security transformation programme across multiple workstreams
• Assess current security controls, processes, and operating models, identifying gaps and improvement opportunities
• Provide expertise across information security governance, risk, compliance, and security architecture
• Work closely with technical and business stakeholders to define and implement security best practices
• Assist with the development and enhancement of security policies, standards, and procedures
• Support security tooling, control optimisation, and remediation activities
• Contribute to risk assessments, control reviews, and audit readiness activities
• Provide guidance on regulatory and compliance requirements including ISO 27001, NIST, GDPR, and related frameworks
• Produce clear documentation, reporting, and stakeholder updates throughout the programme lifecycle
• Collaborate with internal teams and third-party vendors to ensure successful programme delivery

Required Skills & Experience

• Proven experience working as an Information Security Consultant or Security Transformation Consultant
• Strong background delivering security transformation or cybersecurity improvement programmes
• Experience across security governance, risk management, compliance, and control frameworks
• Good understanding of standards and frameworks such as ISO 27001, NIST CSF, CIS Controls, and GDPR
• Ability to engage with both technical and non-technical stakeholders
• Strong documentation, communication, and reporting skills
• Experience working within complex enterprise environments
• Self-starter with the ability to work independently in a remote environment

Desirable Experience

• Experience within regulated industries such as finance, healthcare, or telecommunications
• Security certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or similar
• Experience supporting cloud security initiatives (AWS, Azure, or GCP)
• Exposure to IAM, SOC, vulnerability management, or security operations transformation projects

Additional Information

• Fully remote position
• Candidates must be based in Spain
• Initial 6-month contract with potential extension
• International project environment
• English language skills required