Information Security Management Systems Implementation Specialist (Contract – Outside IR35)

Location: Remote (HQ: Teesside)

Contract Length: 6 months

NRG is delighted to partner with a growing, mid-sized organisation on an exciting new opportunity for an experienced ISMS Implementation Specialist to lead the delivery of a full ISO 27001-aligned Information Security Management System (ISMS).

You’ll be the hands-on lead responsible for designing and implementing an operational, production-ready ISMS , with the potential for certification in a future project phase. You’ll work closely with leadership, IT, and operations to bring structure, compliance, and scalability to their maturing security posture.

What You’ll Be Doing

ISMS Framework & Governance

• Establish a fully compliant ISMS framework aligned to ISO 27001 standards
• Build and formalise the ISMS Governance Council and internal Information Security Team structures
• Develop all core policies, procedures, and controls across the business
• Implement risk assessment processes and treatment plans
• Launch internal audit and management review programmes

Security Configuration & Technical Delivery

• Configure Microsoft 365 security settings (DLP, conditional access, info protection etc.)
• Review and enhance controls for a custom CRM application on AWS (OWASP-compliant)
• Integrate Vanta (existing compliance monitoring platform) with the ISMS
• Directly implement security controls where possible or brief/manage the ITSM provider
• Document all technical processes and configurations for long-term sustainability

Operational Readiness & Handover

• Ensure the ISMS is fully operational and self-sustaining
• Support training and upskilling of governance council and ISMS roles
• Establish competency frameworks, documentation packs, and evidence collection systems
• Formalise key business processes (incident response, risk, continuous improvement)

What We’re Looking For

• Proven track record implementing ISO 27001-aligned ISMS in similar-sized organisations (50–200 employees).
• Hands-on experience configuring Microsoft 365 security tools (DLP, CA, compliance centre, etc.).
• Strong understanding of governance frameworks, especially involving business-led councils and stakeholder engagement.
• Experience working with regulators such as FCA or ICO across diverse technical environments.
• Confident leading ISMS delivery independently, with structured project plans and clear documentation.
• Familiar with Vanta or similar compliance automation platforms (Drata, Tugboat Logic, etc.).
• ISO 27001 Lead Implementer certification preferred but not essential.

Why Apply?

• Autonomy: Full ownership of ISMS Phase 1 - from design to delivery
• Flexibility: Fully remote contract role, with support from a responsive leadership team
• Impact: Shape the organisation’s long-term information security maturity
• Tools: Leverage a modern tech stack (M365, AWS, Vanta, cloud SaaS)

If this role sounds of interest, click ‘apply now’ and a member of our team will be in touch.