Information Security Consultant (Security Assurance / GRC)

We’re currently looking for a passionate and knowledgeable Information Security Consultant to join our fast‑paced and growing Information Security function. In this role, you’ll partner with delivery teams and business stakeholders to provide security assurance and security‑by‑design across business change, ensuring initiatives meet our security policies and standards and do not introduce unacceptable risk.

This is a full‑time, permanent role based at our Support Centre in Speke, Liverpool.

This role is business‑facing and assurance‑led. It’s ideal for someone who enjoys translating risk into practical decisions and working across teams. While you’ll collaborate closely with technical teams, this role is not primarily focused on hands‑on implementation of security tools.

The key responsibilities for this role are:

• Provide security‑by‑design consultancy to projects, programmes and business initiatives from inception through delivery
• Translate security policies, standards and risk requirements into clear, actionable guidance for technical and non‑technical stakeholders
• Act as the primary security point of contact for assigned business areas and change initiatives
• Conduct and support information security risk assessments, threat modelling and control gap analysis
• Advise on proportionate, risk‑based treatments and support risk acceptance and governance processes
• Embed security into technology change across cloud, infrastructure, identity, applications and third‑party services
• Support security testing activities (e.g., vulnerability scanning, pen testing coordination) and remediation planning with engineering and delivery teams
• Support project delivery by defining security requirements, reviewing designs and documenting assurance outcomes (e.g., risks, decisions, exceptions and actions)
• Lead and support third‑party assurance activities (suppliers, SaaS and outsourced services), assessing security risk and ensuring due‑diligence requirements are met
• Support risk acceptance and policy exception processes by clearly articulating risk, options and recommended controls to business owners
• Build strong relationships with IT, Architecture, Engineering, SOC and business stakeholders
• Contribute to security reporting, KPIs and governance forums to support oversight, decision‑making and continuous improvement

To be successful in this role you will demonstrate:

• Experience in security assurance, GRC, audit, risk or security consulting, supporting business change and technology delivery
• A strong understanding of information security risk management, security controls and secure design principles
• Experience partnering with projects, programmes or product teams from discovery through delivery to embed and evidence security controls
• Knowledge of third‑party assurance and supplier security due diligence (e.g., questionnaires, evidence review, risk findings and remediation tracking)
•  Working knowledge of frameworks/standards such as ISO 27001/27002, NIST CSF/800‑53, CIS Controls and common governance processes
• An ability to communicate risk and control requirements clearly to business stakeholders, and collaborate effectively with security and technology teams
• Be pragmatic and commercially aware—able to recommend proportionate controls that enable delivery while managing risk
• Experience in retail or e‑commerce environments, including customer‑facing platforms, identity and access management, and payment/card data risk (desirable)
• Relevant qualifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or similar (not essential)

We also welcome applications from GRC Analysts and Security Auditors who want to move into a security‑by‑design / security assurance role and can engage confidently with business teams as well as technical stakeholders.

Why Join B&M?

We offer you a range of great benefits including discount in our stores, a colleague portal offering discounts for numerous retailers, hospitality & much more! Check out our full benefits here: https://careers.bmstores.co.uk/our-bm-benefits/

If you’re ready to take on a new challenge with an ambitious and growing business, apply online today! 

B&M are proud to be an equal opportunities employer. We’re committed to fostering a diverse and inclusive workplace for all our colleagues.