InfoSecAI helps organisations understand what needs to change, decide what matters most, and put the right governance, controls and ways of working in place to achieve their target operating model across security, regulation and AI.
Security and AI governance services for organisations that need practical decisions, stronger controls and delivery momentum. We help leadership teams understand the current state, align obligations and risk appetite, design target operating models, and move from assessment to implementation.
Senior security direction. Board-grade governance.
Fractional CISO leadership, strategy and architecture, programme management, and transactional cyber due diligence for organisations that need senior expertise without full-time headcount.
ISO 27001, DORA, UK GDPR and assurance readiness.
Gap-to-certification programmes, independent assurance, data protection advisory, maturity benchmarking and operational resilience. All regulator-grade.
EU AI Act. ISO 42001. NIST AI RMF. Production AI.
AI governance frameworks, EU AI Act compliance, ISO 42001 management systems, NIST AI RMF alignment, AI red-teaming and model security testing. Built for organisations deploying AI at scale.
Hands-on security across the live estate.
Incident response and security operations, cloud security posture management, security architecture review, and third-party and supply chain risk. Practical security work for live operating environments.
Core consultancy services across four pillars, all delivered by senior practitioners.
Hands-on CISO, Head of Security and Director-level practice in regulated industries.
ISO 27001, NIST CSF, CIS, DORA, NIS 2, EU AI Act, ISO 42001, UK GDPR, Cyber Essentials, SOC 2.
AI-enabled compliance toolkits across frameworks, regulations and attestations.
Our toolkits help organisations map obligations, assess gaps, draft governance artefacts, structure control activity, and prepare for audit, certification, regulatory review, customer assurance, and attestation activity.
InfoSecAI combines AI-enabled workflow support with practitioner review, so outputs remain grounded in context, risk appetite, implementation reality, and accountable decision-making.
ISO 27001 · ISO 22301 · ISO 42001 · NIST CSF · NIST AI RMF · CIS Controls · Cyber Essentials.
International and recognised standards. ISO management systems, NIST frameworks, and recognised control catalogues, structured into practical governance workflows.
DORA · NIS 2 · EU AI Act · GDPR · UK GDPR.
EU and UK regulatory obligations, mapped to controls. Turn legal text into operational work without doubling activity where ISO 27001 and NIST CSF already overlap.
SOC 1 · SOC 2.
Trust Services Criteria and ICFR control sets mapped to ISO 27001 controls, so SOC readiness and ISO surveillance activity can be planned side by side.
14 AI-enabled toolkits across 3 groups. Private preview through H1 2026. Early-access partners shape the roadmap.
Browse all toolkitsSecurity and AI governance expectations differ by sector, regulator, customer base and operating model. We shape the work around the obligations, control expectations and delivery realities that apply to your environment.
FCA-regulated firms, banks, fintechs and payment providers.
NHS trusts, ICBs, health-tech, life sciences and clinical research.
Central government, local authorities, ALBs, defence and CNI operators.
SaaS, platforms, AI/ML organisations and cloud providers.
Telecoms operators, ISPs, MNOs, MVNOs and network providers.
Industrial manufacturers, OT environments and product engineering.
Multichannel retailers, e-commerce platforms and payment-handling brands.
Law firms, accountants, consultancies and advisors with their own client-data sensitivity.
Product strategy and advisory for managed security service providers building or evolving their portfolio.
InfoSecAI is an independent UK consultancy helping organisations turn security, regulatory, resilience and AI governance requirements into practical operating models, stronger controls and robust delivery.
We work across strategy, governance, risk, compliance, AI security, assurance, operations and engineering. Our services help leadership teams assess their current position, align to standards and regulation, define the target operating model, and deliver the governance, controls, artefacts and ways of working needed to move from intent to implementation.
Our toolkit capability accelerates structured work across ISO 27001, ISO 22301, ISO 42001, NIST CSF, NIST AI RMF, CIS Controls, Cyber Essentials, DORA, NIS 2, the EU AI Act, GDPR, UK GDPR, SOC 1 and SOC 2. The approach combines AI-enabled workflow support with senior practitioner judgement, so outputs remain proportionate, usable and connected to the way the organisation actually operates.
InfoSecAI was founded in 2025 by Paul Jolliffe. The company is built for organisations that need clarity, senior leadership and hands-on delivery across information security and AI governance, without adding unnecessary complexity or treating compliance as a paperwork exercise.
Use the first conversation to clarify the outcome, and next steps.
20+ years in information security, the last decade at CISO and Head of Security level. Most recent senior roles span UK financial services, professional services and enterprise technology.