Job Description

At abrdn, we empower our clients to plan, save, and invest for their futures. Through the expertise, insight, and innovation of our team, we aim to help clients create more ways for money to make an impact. We set our sights on giving them more confidence to achieve their goals and more clarity about what they need next. And we focus on delivering outcomes that are more than just financial – by investing sustainably to build a better world.

About the department

The Information Security Risk & Assurance Consultant will be part of the Information Security Assurance team, which ensures that our business operations align with keeping our people and data safe. This senior role involves leading and conducting compliance with recognised standards and identifying opportunities for continuous improvement against an Information Security Management System (ISMS). You will collaborate with various teams—business, security, risk, and audit—to ensure that Information Security controls and risks are understood, relevant, and managed within risk tolerance.

About the role

Please note this is a Fixed Term Contract opportunity lasting 9 months.

The Information Security Risk & Assurance Consultant will be responsible for maintaining a view of Information Security Controls and risk for our business. You will lead the development of a robust Security Assurance Plan, manage risk mitigation strategies, and ensure compliance through regular audits. Key responsibilities include:

• Developing and implementing a Security Assurance Plan supported by a consumable control library.

• Ensuring a systematic approach to risk management and mitigation, enhancing the confidentiality, integrity, and availability of information assets.

• Conducting regular audits to monitor systems and processes, adapting controls to changing threats and business needs.

• Prioritising risks associated with non-compliance and operational risks, contributing to organisational resilience.

• Delivering training and awareness activities to foster a culture of security within the organisation.

About the candidate

The Information Security Risk & Assurance Consultant will possess the following:

• Previous experience: Designing, developing, and managing a comprehensive Information Security Management System (ISMS).

• Proven experience: Leading an audit schedule of an ISMS to assess compliance against recognised industry standards such as ISO 27001.

• Hands-on experience: In information security management, including risk assessment, incident management, and information security policies.

• Collaboration skills: Capable of building trust and relationships within the organisation, with strong communication and influence skills for both technical and business audiences.

• Risk management knowledge: Familiar with control and risk management processes, able to make risk judgements.

• Planning skills: Excellent planning abilities and high discipline to meet specific targets and objectives.

• Mentoring ability: Able to guide others on best practices for maintaining compliance with industry standards such as ISO 27001.

We are proud to be a Disability Confident Committed employer. Therefore, if you have a disability and would like to apply to one of our UK roles under the Disability Confident Scheme, please notify us by completing the relevant section in our candidate questionnaire and one of our team will reach out to support you through your application process.

Our benefits

There's more to working life than coming home with a good salary. We have an environment where you can learn, get involved and be supported.

When you join us, your reward will be one of the best around. This includes 40 days’ annual leave, a 16% employer pension contribution, a discretionary performance based bonus (where applicable), private healthcare and a range of flexible benefits – including gym discounts, season ticket loans and access to an employee discount portal. You can read more about our benefits here.

Our business

Enabling our clients to be better investors drives everything we do. Our business is structured around three distinct areas – our vectors of growth – focused on our clients’ changing needs. You can find out more about what we do here.

We’re committed to providing an inclusive workplace where all forms of difference are valued and which is free from any form of unfair or unlawful treatment.  We define diversity in its broadest sense – this includes but is not limited to our diversity of educational and professional backgrounds, experience, cognitive and neurodiversity, age, gender, gender identity, sexual orientation, disability, religion or belief and ethnicity and geographical provenance.  We support a culture that values meritocracy, fairness and transparency and welcomes enquiries from everyone.

If you need assistance or an adjustment due to a disability please let us know as part of your application and we will assist.