Jason Moseley
@jasonmoseley
Information security and risk professional specialising in ISO27001, TPRM, and IT audit assurance.
United KingdomWhat I'm looking for
I am an information security and cyber risk professional with extensive experience across 2nd and 3rd line assurance, IT audit, ISO27001 implementation, third-party risk management, and control testing. I have led certification efforts, designed GRC frameworks, scoped and delivered TPRM programmes, and advised senior stakeholders to strengthen security posture.
My background includes roles delivering enterprise risk registers, executing supplier audits, and acting as lead auditor for ISO27001/9001 programmes. I combine technical assessment skills (including control testing and gap analysis) with strong stakeholder engagement to achieve measurable reductions in vendor and organisational risk.
Experience
Work history, roles, and key accomplishments
GRC Specialist
SEFE Gas Distribution Company
Aug 2025 - Present (4 months)
Acted as lead GRC advisor on a major transformation, designing and delivering a unified GRC operating model and TPRM framework that improved control assurance and regulatory compliance (ISO 27001, NIST CSF, NIS2).
ISO 27001 & 9001 Auditor
NQA Certification Body
Oct 2024 - Jul 2025 (9 months)
Conducted independent audits of organisations' ISMS against ISO 27001 and assessed documentation, controls, and operational practices to determine certification readiness and continued compliance.
ISO27001 Consultant
IMSM
Feb 2022 - Sep 2024 (2 years 7 months)
Provided audit and consultancy services for ISO27001 certifications, delivering gap analyses, control implementation guidance, ISMS documentation, internal audits, and audit preparation.
Cyber Security Consultant
Belron International
Apr 2022 - Nov 2023 (1 year 7 months)
Led transformation initiatives to strengthen information security, implemented risk management and TPRM processes, and reduced vendor-related vulnerabilities by 40% while cutting high-risk vendors by 25%.
Cyber Security Risk Manager
Flutter International
Jan 2022 - Apr 2022 (3 months)
Managed IT risk registers, chaired the Top Risk Working Group, conducted gap analyses and risk treatment planning, and closed outstanding audit actions to prepare for ISO27001 recertification.
IT & Information Security Risk Manager
Allianz Insurance
Apr 2020 - Jan 2022 (1 year 9 months)
Led IT and information security risk activities including RCSAs, CBEST remediation, control testing (COBIT 5), and management of risk registers to align cybersecurity controls with business objectives and NIS2 obligations.
Internal Auditor
Ion Trading
Mar 2016 - Apr 2020 (4 years 1 month)
Developed audit plans and performed internal audits for ISO9001 and ISO27001, maintained ISO9001 and SOC 2 certifications, and supported international certification efforts including Hong Kong locations.
Internal Audit & Systems Manager
Grundon
Jun 2015 - Mar 2016 (9 months)
Maintained ISO9001, ISO27001, ISO14001 and OHSAS/18001 standards across the business and managed internal audit and systems compliance activities.
BGPerformed audits against ISO27001 and ISO9001 standards as a certified lead auditor, evaluating organisational compliance and recommending improvements.
IT Helpdesk Manager
RWS
May 2011 - Apr 2014 (2 years 11 months)
Managed IT helpdesk operations, implemented ISO27001, resolved technical issues, and oversaw IT assets to ensure reliable IT service delivery.
Education
Degrees, certifications, and relevant coursework
Jason hasn't added their education
Don't worry, there are 90k+ talented remote workers on Himalayas
Availability
Location
United KingdomAuthorized to work in
Job categories
Interested in hiring Jason?
You can contact Jason and 90k+ other talented remote workers on Himalayas.
Message JasonFind your dream job
Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!
