Associate ISO 27001 Lead Implementer and Lead Auditor (UK, Remote)

Intelance is a UK consulting firm serving mid-market and enterprise clients across financial services, healthcare, SaaS, and private equity-backed businesses. We are an IASME Certification Body across Cyber Essentials, Cyber Essentials Plus, and IASME Cyber Assurance, with a growing ISO 27001 implementation and audit book.

We are building a selective associate panel of senior ISO 27001 practitioners. This is a long-term associate relationship, not an employment role. We want a small group of serious operators who can take a client from kick-off to certification without hand-holding, and who treat an Information Security Management System as a business instrument, not a paperwork exercise.

• Lead ISO 27001:2022 implementation engagements end-to-end: scoping, gap analysis, risk assessment and treatment, Statement of Applicability, policy architecture, control design, internal audit, management review, and support through Stage 1 and Stage 2 external audits.
• Design ISMS scopes that are commercially sensible and defensible, not bloated.
• Build risk registers and Statements of Applicability that hold up under scrutiny from UKAS-accredited certification bodies.
• Author and tailor policies, procedures, and records aligned to Annex A 2022 controls. No generic templates dropped on clients.
• Run internal audits and management reviews that generate real findings, not theatre.
• Coach client ISMS owners and control owners so the system survives after handover.
• Support clients through external audit, including responding to non-conformities and observations.
• Where capacity and interest align, extend into IASME Cyber Assurance, NIST CSF, SOC 2 readiness, and supplier assurance work.
• Contribute to Intelance delivery standards, templates, and calibration sessions.

• ISO 27001 Lead Implementer and Lead Auditor certifications, both preferred. One is the minimum bar.
• Minimum five years hands-on ISO 27001 delivery in the UK or European market.
• Personally led at least five ISO 27001 implementations to first certification, or conducted at least twenty ISO 27001 audits.
• Fluent in the 2022 transition, Annex A control set, and the practical differences from the 2013 version.
• Confident authoring a defensible Statement of Applicability in under a week for a typical mid-market client.
• Strong commercial judgement on scope, control proportionality, and residual risk.
• Excellent written English. Documents must be board-ready and auditor-ready without heavy editing.
• Confident operating with CISOs, CTOs, COOs, and private equity sponsors.
• Based in the UK with the right to work in the UK.
• Able to operate outside IR35 via a limited company, or on a compliant basis.
• Willing to be listed publicly as an Associate of Intelance, including on LinkedIn, while on the panel.

Desirable:

• IASME Cyber Assurance, Cyber Essentials Plus, NIST CSF, or SOC 2 experience.
• CISSP, CISM, or ISO 22301 credentials.
• Sector depth in regulated industries: financial services, healthcare, legal, defence supply chain, SaaS.
• Experience inside private equity portfolio environments and 100-day security plans.

• Competitive day rate, paid on 14-day terms.
• Right of first refusal on engagements matched to your sector and availability.
• Named inclusion on the Intelance Cyber Assurance panel page and on proposal credentials.
• Referral fee of up to 10 percent of net first-year fees for associate-originated client work.
• Direct access to delivery leadership. No layers, no sub-sub-contracting.
• Mature templates, tooling, and a quality framework so your time goes into judgement, not formatting.
• Quarterly calibration workshops and co-branded continuing professional development.
• A professional home for senior practitioners who want steady, well-run work without the politics of a consultancy payroll.

We are deliberately selective. We would rather run a tight panel of five excellent practitioners than a directory of twenty average ones. If you take pride in ISMS work that actually protects a business and passes audit cleanly, we want to meet you.

Process: short application, 30-minute virtual assessment, 30-minute screen with our Cyber Assurance lead, a technical scenario walkthrough based on a real client situation, two references, and a signed Associate Panel Agreement. From application to panel membership in under three weeks for the right candidates.