Hire the Best Information Security Audit Freelancers
in the United Kingdom

More than 3,000 reviews on G2
Rating is 4.5 out of 5.
4.5/5
of Upwork by G2 peer reviewers
David M.

Tonbridge, United Kingdom

$50/hr
5.0
5 jobs

🔒 You need security that actually works — not a report that says it does. The organisations I work with want to find the vulnerabilities that matter, fix them with confidence, and get on with growing their business without security becoming the thing that stops them. I have delivered over 1,000 commercial penetration tests across 27 years. Not side projects. Not internal assessments. Full mission-critical engagements for high street and investment banks, hedge funds, insurance firms, government departments, police, military, national infrastructure, retailers, law firms, airports and more. I led the security architecture for the Athens 2004 Olympics internet-facing systems. I was lead architect on the UK Cyber Essentials scheme at launch. I have published in commercial security press and guest lectured at universities. There is a difference between someone who does penetration testing and someone who has seen every flavour of environment, every attack pattern, and every way organisations deceive themselves about their security posture. That difference is what you are hiring. 🎯 Where can I help: 🗡️ Network & Infrastructure Penetration Testing — adversarial testing of internal and external infrastructure, finding exploitable exposures before an attacker does. 🌐 Application Penetration Testing — web application and API security testing against real attack patterns: authentication, authorisation, input handling and business logic flaws. ☁️ Microsoft 365 Security Assessment — Entra ID, Conditional Access, PIM, Intune, DLP, sensitivity labelling, Exchange Online and Defender for Office 365. 🔷 Azure Security Assessment — identity and access management, network controls, storage and key management, Defender for Cloud posture, and monitoring coverage. 🟢 Google Workspace, GCP & AWS Security Assessments — configuration and access control assessments across Google and Amazon cloud environments. 🏛️ Security Architecture and Risk Advisory — senior technical input on architecture decisions, control design and risk without a full engagement commitment. 👤 Every engagement is delivered directly by me — David Morgan, founder of Metis Security. No account management layer, no junior handoffs, no templated output. You work with the person conducting the analysis and writing the report. 📋 How I work is as important as what I find Every finding in my reports is one I will defend as genuinely material to your environment. No padding, no low-hanging fruit included to justify the fee, no default risk ratings copied from a scanner. If your context changes the risk, the rating reflects that. What you receive: ✅ A visually structured report with clear separation between executive summary, findings and remediation roadmap — written to be read by people who are not security specialists ✅ Risk ratings adjusted to your specific environment and context, not defaulted from a tool ✅ A prioritised remediation roadmap so your team knows exactly what to fix first and why it matters commercially ✅ Immediate escalation of any high-risk finding or schedule-affecting issue during the engagement — you are never waiting until the end to hear something important ✅ Daily status updates so you always know where the engagement stands ✅ A debrief call at close to walk through findings, answer questions and finalise the report before it is delivered CISSP | ISSAP | Microsoft Security certifications | 27 years If you need to know whether your environment is genuinely secure — not whether it looks configured — I am worth a conversation.

  • Information Security Audit
  • Penetration Testing
  • Web Application Security
  • Network Penetration Testing
  • Office 365
  • Microsoft Azure
  • Cloud Security
  • Network Security
  • Vulnerability Assessment
  • Security Assessment & Testing
  • Cybersecurity Management
  • Zero Trust Architecture
  • Security Analysis
  • Google Cloud Platform
  • Google Workspace
  • Amazon Web Services
  • NIST Cybersecurity Framework
  • Microsoft 365 Copilot
  • Internet Security
  • Information Security Consultation
Rob S.

Bembridge, United Kingdom

$60/hr
4.9
353 jobs

IT Professional with over 30 years experience. 15+ years experience in web development. 10+ Years experience in PCI-DSS Consultation, including level 1 companies, working with QSA's to swiftly obtain compliance. For the past seven years, I have been providing GDPR consultation to many small to medium-sized companies. Five years experience with ISO 27001 helping clients get and maintain ISO 27001 accredited certification. I spent 20 years working in various IT roles, mainly support, engineering, and web development, within one of the largest companies in the world. I was awarded Charted IT Professional status from the British Computer Society in July 2008. Since then, I have run my own company with a small team producing web-based platforms and services and offering freelance compliance consultation to small businesses. I have also worked as a CTO on several start-up projects managing their entire IT infrastructure and gaining valuable PCI compliance experience, essential to all e-commerce projects. Due to my experience and varied IT roles, I have a good knowledge of web design, programming, databases, security, SEO, troubleshooting, technical writing & more. I am a highly organised and reliable individual, utilising existing knowledge and experiences to find practical solutions to even the most complex project.

  • Information Security Audit
  • Information Security
  • Security Analysis
  • Web Content Accessibility Guidelines
  • GDPR
  • Risk Assessment
  • ISO 27001
  • Compliance
  • PCI
  • Website Security
  • Data Protection
  • PCI DSS
  • Vulnerability Assessment
  • Data Privacy
  • Compliance Consultation
Omer R.

London, United Kingdom

$10/hr
4.3
7 jobs

Cyber Security, Compliance, and Cloud Infrastructure expert with extensive knowledge of global regulatory standards and secure architecture review. As an ISO 27001 Lead Auditor and the CTO of CyberGaar, I bring deep technical expertise and strategic leadership to ensure your systems meet strict compliance requirements. Compliance & Audit Expertise Includes: - ISO 27001, PCI-DSS, SOC 2, GDPR - NIST SP 800-53, NIST SP 800-63, OWASP Standards - Risk & Gap Analysis, Control Activity Matrix (CAM) development - Vulnerability Assessment review, Penetration Test & Scanning Report analysis - Documentation review, Physical Security assessments, and Control Advisory Technical & Infrastructure Expertise Includes: - Cloud Platforms: AWS, Azure, Oracle Cloud - DevOps & CI/CD Security: Terraform, Ansible - Virtualization & Containerization: Docker, Kubernetes, VMware, Proxmox - Architecture & Code Review: C++, .NET, Java, Python, Node.js, Next.js - On-Premise and Hybrid Cloud environments

  • PCI
  • NIST Cybersecurity Framework
  • NIST SP 800-53
  • GDPR
  • HIPAA
  • ISO 27001
  • Gap Analysis
  • Secure SDLC
  • .NET Core
  • Java
  • C++
  • Python
  • Terraform
  • Ansible
  • Penetration Testing
Ayushi G.

London, United Kingdom

$60/hr
5.0
19 jobs

Top Rated Plus | CISA | ISO 27001 & ISO 42001 Lead Auditor | IAPP Certified Privacy Professional I'm an IT Audit Manager at a leading European consulting firm, with prior experience at a Big 4, delivering high-impact assurance and advisory engagements across Financial Services, Energy & Infrastructure, and Public Sector clients globally. What I bring to the table: ISO 27001 & 42001 - I hold Lead Auditor certifications for both ISO 27001:2022 and ISO 42001 (AI Management Systems). I've led certification audits end-to-end and supported clients through readiness, gap assessment, policy and procedure development, internal audit programmes, and management review - for both first-time certifications and surveillance cycles. My experience spans multinationals, SMEs, and early-stage startups across the UK, US, EU, and beyond, so I understand how to make the standard practical and proportionate regardless of your organisation's size or maturity. AI Governance - One of a small pool of practitioners certified to audit against ISO 42001. I help organisations build and assess governance frameworks for AI systems, covering risk, accountability, and compliance requirements. Privacy & Data Protection - As a CIPP/E certified professional, I've conducted GDPR audits and gap assessments for clients across the UK, US, EU, and South Africa, covering data mapping, lawful basis, DPIAs, and third-party data flows. Broader Assurance Coverage - My engagements span: - SOC 2 (manual and tool-assisted via Vanta, Drata, Secureframe) - SWIFT Customer Security Controls Framework (CSCF) - Third-Party Risk Assessment (NIST SP 800-53, CIS Controls, CSA CCM) - IT Health Checks (ITHC) and penetration testing oversight - Segregation of Duties (SoD) reviews - SDLC, Change & Incident Management - DR/BCP reviews - ISO 9001 and ISO 27701 Certifications: CISA | ISO 27001:2022 Lead Auditor | ISO 42001 Lead Auditor | CIPP/E | SWIFT CSCF | CSM | CSPO Whether you're a startup pursuing your first ISO certification or an established organisation needing an experienced pair of eyes on your controls, I deliver quality work on time with no chasing required. If you need someone who can hit the ground running, ask the right questions, and give you an honest view of where you stand, feel free to reach out.

  • Financial Audit
  • Cybersecurity Management
  • Business Analysis
  • Information Technology
  • Governance, Risk Management & Compliance
  • GDPR
  • Data Privacy
  • Risk Assessment
  • NIST SP 800-53
  • ISO 27001
  • Product Strategy
  • Digital Transformation
  • Secure SDLC
  • Program Management
  • AI Governance
  • ISO 9001
  • Change Management
  • IT Compliance Audit
  • Incident Management
  • Artificial Intelligence
Creston V.

Wembley, United Kingdom

$75/hr
4.9
27 jobs

Microsoft 365 Architecture Expert! Microsoft Certified: Cybersecurity Architect Expert E-Learn Certified Professional Penetration Tester Dedicated and ambitious Cyber Security Solutions Architect with a extensive experience in information security principles and industry leading best security practices with over 10 years of experience in the corporate world. I have helped companies achieve compliancy & audited for Cyber Security Frameworks such as ISO 27001, SOC 2, Cyber Essentials Plus, GDPR and many more by carefully planning based on budget, current Infrastructure assessment, Security testings and remediation efforts. Proficient in conducting risk assessments, penetrations testing, implementing security controls, and assisting in incident response. Skilled in utilizing cybersecurity tools and technologies to detect and mitigate threats. Committed to learning and expanding knowledge in the field to contribute to the organization's security objectives. Strong teamwork and communication skills, with a passion for maintaining a secure and resilient IT environment.

  • System Security
  • Security Engineering
  • VPN
  • Cloud Security Framework
  • User Identity Management
  • Microsoft Active Directory
  • Office 365
  • Enterprise Architecture
  • Application Security
  • Virtualization
  • Insurance & Risk Management
  • Malware Detection
  • Security Management
  • Threat Detection
  • Data Protection
Sivakumar R.

Birmingham, United Kingdom

$40/hr
5.0
1 jobs

Sivakumar Raju is a seasoned Technology Risk, Audit, and Compliance Consultant with over 15 years of experience in implementing and auditing information security frameworks. He specialises in developing security policies, conducting risk assessments, evaluating the effectiveness of controls, and providing strategic guidance to address compliance gaps. Experienced Technology Auditor Offering the Following Services: 1. SOC 1 (System and Organization Controls 1) – Based on ISAE 3402, issued under the AICPA framework (U.S.); focuses on controls relevant to financial reporting. 2. SOC 2 / SOC 3 – Based on AICPA Trust Services Criteria; focuses on security, availability, processing integrity, confidentiality, and privacy. 3. ISO/IEC 27001: 2022 Certification 4. CSA STAR Attestation 5. PCI DSS (Payment Card Industry Data Security Standard) 6. NIST SP 800-53 / FedRAMP Compliance 7. C5 (Cloud Computing Compliance Criteria Catalogue) 8. Third party vendor risk assessments 9. ISAE 3402 Audit Support (Third party service auditor reports)

  • IT Compliance Audit
  • ISO 27001
  • Risk Management
  • Governance, Risk & Compliance Software

How it works

Post a job for freePost a job

Tell us what you need. Create your own job post or generate one with AI then filter talent matches.

Hire top talent fast

Consult, interview, and hire quickly, so you can meet the freelancers you're excited about.

Collaborate easily

Use Upwork to chat or video call, share files, and track project progress right from the app.

Payment simplified

Manage payments in one place with flexible billing options. Only pay for approved work, hourly or by milestone.

Don't just take our word for it

How do I hire a Information Security Audit Freelancer in the United Kingdom on Upwork?

You can hire a Information Security Audit Freelancer in the United Kingdom on Upwork in four simple steps:

  • Create a job post tailored to your Information Security Audit Freelancer project scope. We'll walk you through the process step by step.
  • Browse top Information Security Audit Freelancer talent on Upwork and invite them to your project.
  • Once the proposals start flowing in, create a shortlist of top Information Security Audit Freelancer profiles and interview.
  • Hire the right Information Security Audit Freelancer for your project from Upwork, the world's largest work marketplace.

At Upwork, we believe talent staffing should be easy.

How much does it cost to hire a Information Security Audit Freelancer?

Rates charged by Information Security Audit Freelancers on Upwork can vary with a number of factors including experience, location, and market conditions. See hourly rates for in-demand skills on Upwork.

Why hire a Information Security Audit Freelancer in the United Kingdom on Upwork?

As the world's work marketplace, we connect highly-skilled freelance Information Security Audit Freelancers and businesses and help them build trusted, long-term relationships so they can achieve more together. Let us help you build the dream Information Security Audit Freelancer team you need to succeed.

Can I hire a Information Security Audit Freelancer in the United Kingdom within 24 hours on Upwork?

Depending on availability and the quality of your job post, it's entirely possible to sign up for Upwork and receive Information Security Audit Freelancer proposals within 24 hours of posting a job description.