1 to 25 of 34 ISO/IEC 27001 Jobs in Bristol

code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 / 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security … execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience … in product or application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on More ❯

Required Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05 139). An understanding of MOD ISN 23 / 09 Secure by Design. Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP. Experience of working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Why Join? You'll gain exposure to cutting-edge defence technology and intelligence insights, alongside good … salary & benefits . The client offers flexible working options, with some hybrid / remote working. Apply now to be immediately considered for this fantastic opportunity. More ❯

may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss More ❯

may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss More ❯

may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss More ❯

Information Security Engineer Hybrid: Remote / Bristol Reporting to: Joe Mathews - VP of Technology Salary: £45,000 - £50,000 About Us Duel is a SaaS company on a mission to make Brand Advocacy the industry standard playbook for building brilliant retail brands. It was founded by world record breaking … a timely manner. Learn and implement security monitoring and automation solutions to detect and respond to threats. Help manage security tooling, including SIEM, IDS / IPS, and vulnerability scanning solutions. Work closely with engineers to support secure coding practices and help embed security considerations early in the development process. … as Secureframe, Drata, or Vanta. Experience working with pen testing and bug bounties a plus. Basic understanding of security tools such as SIEM, IDS / IPS, and vulnerability management solutions. Experience or knowledge of cloud security (AWS, GCP, or Azure). Awareness of security best practices in application and More ❯

UK. The Information Security Manager Role: As Information Security Manager, you’ll be the go-to expert for all things security, steering our ISO 27001 compliance and leading security strategy across the business. From protecting internal operations to aligning with defence frameworks, your work will directly … the cutting edge of cybersecurity excellence. Key Responsibilities of the Information Security Manager: Maintain and enhance ISO 27001, Cyber Essentials / Cyber Essentials+, and DCPP compliance Lead policy development and risk mitigation across the business Advise on Secure by Design (SbD) assurance and government protective … Own security controls for our North Bristol site Support the creation of project-specific security documentation and assurance strategies Skills & Experience: Experience leading ISO 27001 and cybersecurity governance Strong knowledge of NIST CSF, ISO 27005, and DCPP frameworks Confident communicator with a security-first More ❯

UK. The Information Security Manager Role: As Information Security Manager, you'll be the go-to expert for all things security, steering our ISO 27001 compliance and leading security strategy across the business. From protecting internal operations to aligning with defence frameworks, your work will directly … the cutting edge of cybersecurity excellence. Key Responsibilities of the Information Security Manager: Maintain and enhance ISO 27001, Cyber Essentials / Cyber Essentials+, and DCPP compliance Lead policy development and risk mitigation across the business Advise on Secure by Design (SbD) assurance and government protective … Own security controls for our North Bristol site Support the creation of project-specific security documentation and assurance strategies Skills & Experience: Experience leading ISO 27001 and cybersecurity governance Strong knowledge of NIST CSF, ISO 27005, and DCPP frameworks Confident communicator with a security-first More ❯

knowledge sharing across teams. What We’re Looking For Technical Experience & Knowledge Experience with risk management frameworks and methodologies such as ISO / IEC 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53. Strong understanding of security … standards and frameworks including OWASP, Secure by Design principles, and MOD-specific guidelines (e.g., JSP, Def Stan 05-138 / 139). Familiarity with HMG security principles and assurance frameworks is advantageous. Comfortable using threat modelling tools and implementing mitigation strategies. Experience with NIST standards. (this is an absolute More ❯

knowledge sharing across teams. What We’re Looking For Technical Experience & Knowledge Experience with risk management frameworks and methodologies such as ISO / IEC 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53. Strong understanding of security … standards and frameworks including OWASP, Secure by Design principles, and MOD-specific guidelines (e.g., JSP, Def Stan 05-138 / 139). Familiarity with HMG security principles and assurance frameworks is advantageous. Comfortable using threat modelling tools and implementing mitigation strategies. Experience with NIST standards. (this is an absolute More ❯

developing mitigation strategies. Conducting security code reviews and offering guidance to ensure a secure-by-design approach. Ensuring products meet key regulatory standards (ISO 27001, NIST 800 series, JSPs, Def Stans). Authoring vital security documentation, including RMADS and Security Assurance Documents. … Performing penetration testing and coordinating remediation efforts. What You Bring: A solid understanding of security frameworks such as ISO 27001 / 2, ISO 31000, NIST 800-30 / 37 / 53. Hands-on experience with Defence Standards (JSPs, HMG, Def Stan … / 139). Strong knowledge of security testing tools and techniques. Excellent communication skills — able to explain complex risks and solutions clearly. A proactive, problem-solving mindset with a high level of personal integrity and professional ethics. Experience with NIST standards. (this is an absolute must) You'll Succeed More ❯

developing mitigation strategies. Conducting security code reviews and offering guidance to ensure a secure-by-design approach. Ensuring products meet key regulatory standards (ISO 27001, NIST 800 series, JSPs, Def Stans). Authoring vital security documentation, including RMADS and Security Assurance Documents. … Performing penetration testing and coordinating remediation efforts. What You Bring: A solid understanding of security frameworks such as ISO 27001 / 2, ISO 31000, NIST 800-30 / 37 / 53. Hands-on experience with Defence Standards (JSPs, HMG, Def Stan … / 139). Strong knowledge of security testing tools and techniques. Excellent communication skills — able to explain complex risks and solutions clearly. A proactive, problem-solving mindset with a high level of personal integrity and professional ethics. Experience with NIST standards. (this is an absolute must) You'll Succeed More ❯

IT Systems Administrator Location: Home-based / Flexible Working Salary: Competitive Contract Type: Permanent About the Company A SaaS business delivering innovative solutions seeks a skilled IT Systems Administrator to join its growing team. The role supports the smooth operation and security of IT systems, reporting to the IT … and cybersecurity management. Key Responsibilities: Microsoft 365 Management: Administers and maintains Microsoft 365 services, including Identity, InTune, Exchange, Security, SharePoint, Teams, and Teams Direct / Calling. Ensures performance, availability, and security of the M365 environment. Information Security: Implements and maintains security measures compliant with ISO 27001 … GDPR, Cyber Essentials, and PCI-DSS. Conducts audits, risk assessments, and configures MFA / SSO and security awareness training. Machine Configuration & Diagnostics: Configures, deploys, and troubleshoots Windows and Mac systems. Performs system audits, updates, patches, and automates vulnerability fixes. Service Desk Operations: Provides internal IT support, manages incidents and More ❯

to the Head of Cybersecurity and work within our specialist Cybersecurity Practice. In this role, you will provide cybersecurity assurance within a complex marine / defence engineering programme, supporting the development and delivery of cyber-resilient systems. This is a consultancy role focused on integrating cybersecurity into programme controls … Engineering, or a related technical or defence-focused discipline. Recognised cybersecurity certifications: CompTIA, CISSP, CISM, CRISC, ISO 27001 Lead Auditor / Implementer, or equivalent. Familiarity with MOD, maritime, or defence-specific frameworks: JSPs, DEFSTAN, NIST, IEC 62443, IMO or ISO / IEC 27001. SC clearance (or eligibility to obtain SC as a minimum) is required; DV clearance is desirable depending on the programme needs. Essential skills Strong understanding of cybersecurity assurance principles, risk management, and regulatory compliance in defence or safety-critical environments. Proven ability to produce and More ❯

to the Head of Cybersecurity and work within our specialist Cybersecurity Practice. In this role, you will provide cybersecurity assurance within a complex marine / defence engineering programme, supporting the development and delivery of cyber-resilient systems. This is a consultancy role focused on integrating cybersecurity into programme controls … Engineering, or a related technical or defence-focused discipline. Recognised cybersecurity certifications: CompTIA, CISSP, CISM, CRISC, ISO 27001 Lead Auditor / Implementer, or equivalent. Familiarity with MOD, maritime, or defence-specific frameworks: JSPs, DEFSTAN, NIST, IEC 62443, IMO or ISO / IEC 27001. SC clearance (or eligibility to obtain SC as a minimum) is required; DV clearance is desirable depending on the programme needs. Essential skills Strong understanding of cybersecurity assurance principles, risk management, and regulatory compliance in defence or safety-critical environments. Proven ability to produce and More ❯

reviews and ensure secure-by-design principles. Conduct threat modelling exercises to identify and mitigate potential risks. Ensure compliance with security regulations such as ISO27001, NIST 800-30 / 37 / 53, JSP 440, 604, and Defence Standards. Develop and maintain security documentation (e.g., RMADS, Security Assurance Documents … vulnerability assessments, and remediation activities. The Person Key Skills & Experience: Strong knowledge of risk management frameworks and methodologies (ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53). Experience with defence and government security standards (JSPs, Def Stan … / 139). Proficiency in security testing tools, technologies, and techniques. Ability to analyze and mitigate security vulnerabilities effectively. Strong problem-solving, decision-making, and communication skills. Qualifications & Requirements: Degree in Cybersecurity, Computer Science, or a related field (or equivalent experience). Industry certifications such as CISSP, OSCP, CEH More ❯

by Design Conduct threat modelling exercises to prioritise potential risks and develop mitigation strategies to reduce risks Ensure products meet regulatory standards such as ISO27001, NIST 800-30 / 37 / 53, Joint Standards Publications (JSP) such as JSP 440, 604 and Defence Standards (Def stans) Produce security … assessments and remediation activities Your skillset may include: Understanding and application of risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Working knowledge of Defence Standards (e.g., JSPs, HMG, Def Stan 05-138, Def More ❯

by Design Conduct threat modelling exercises to prioritise potential risks and develop mitigation strategies to reduce risks Ensure products meet regulatory standards such as ISO27001, NIST 800-30 / 37 / 53, Joint Standards Publications (JSP) such as JSP 440, 604 and Defence Standards (Def stans) Produce security … assessments and remediation activities Your skillset may include: Understanding and application of risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Working knowledge of Defence Standards (e.g., JSPs, HMG, Def Stan 05-138, Def More ❯

by Design Conduct threat modelling exercises to prioritise potential risks and develop mitigation strategies to reduce risks Ensure products meet regulatory standards such as ISO27001, NIST 800-30 / 37 / 53, Joint Standards Publications (JSP) such as JSP 440, 604 and Defence Standards (Def stans) Produce security … assessments and remediation activities Your skillset may include: Understanding and application of risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Working knowledge of Defence Standards (e.g., JSPs, HMG, Def Stan 05-138, Def More ❯

vital role in safeguarding our cloud infrastructure and applications. - If you have expertise in AWS security, a strong understanding of security frameworks like ISO or NIST, and the ability to drive secure coding practices, we want to hear from you! The role. As an Application Security Engineer, you … such as ISO 27001, NIST, and CIS benchmarks. Collaborate with development teams to enhance secure coding practices and strengthen CI / CD pipeline security. Oversee and improve cloud security in AWS, leveraging tools such as AWS Security Hub, AWS Shield, and AWS IAM. Manage the … Familiarity with OWASP Top 10, CWE, and secure coding practices. Proficiency in using security tools such as static and dynamic analysis tools. Basic coding / scripting skills in Python, JavaScript, or similar. Strong communication skills with the ability to engage technical and non-technical stakeholders. Desirable Skills: Experience working More ❯

or equivalent) e.g. CISSP. In-depth knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST, CIS, DSPT / CAF). Experience as a Security Architect or in a similar role, with a strong track record of designing and implementing security controls and … / or solutions and leading technical teams. Experience with architecture methodology such as TOGAF or SABSA. Experience of threat and risk modeling. Strong understanding of network security, encryption, authentication, and access control mechanisms. Experience with security technologies such as firewalls, intrusion detection / prevention systems, security information and … Google). Experience of DevSecOps. Experience of research in technology trends and ways to secure those technologies. Experience with automated deployment techniques and CI / CD pipelines. Experience working in or with Government organizations, especially within a Health and Social Care setting, including the handling of assets subject to More ❯

control and collaboration: Proficient with Git, GitHub, Azure DevOps, or similar tools for source control and team collaboration. Agile methodologies: Experience working in Agile / Scrum environments, with a focus on iterative development and continuous improvement. Security best practices: Knowledge of secure coding practices and compliance with data protection … regulations (GDPR, ISO 27001, CE+). Problem-solving and analytical skills: Ability to troubleshoot complex software issues, identify root causes, and implement effective solutions. Communication and teamwork: Strong verbal and written communication skills, with the ability to work collaboratively with both technical and non-technical teams. More ❯

control and collaboration: Proficient with Git, GitHub, Azure DevOps, or similar tools for source control and team collaboration. Agile methodologies: Experience working in Agile / Scrum environments, with a focus on iterative development and continuous improvement. Security best practices: Knowledge of secure coding practices and compliance with data protection … regulations (GDPR, ISO 27001, CE+). Problem-solving and analytical skills: Ability to troubleshoot complex software issues, identify root causes, and implement effective solutions. Communication and teamwork: Strong verbal and written communication skills, with the ability to work collaboratively with both technical and non-technical teams. More ❯

required. Practicing continuous self-learning to keep up-to-date with industry trends and developments to enhance your relevant skills. Skills & experience Essential skills / behaviours: You'll have a broad understanding of the services that the organisation provides to its customer base and be able to map this … interface at the highest level and exhibit good verbal, written and presentation skills. Experience of working within key Cyber Security principles and standards (ISO 27001, NIST, Cyber Essentials, MITRE). [i] Experience working in a customer-facing role desirable. You should have experience in managing team More ❯

and monitoring practices, including event correlation, identity-related SIEM alerts, or IAM health dashboards Understanding of identity governance within regulatory frameworks such as ISO 27001, NIST, GDPR, or SOX Experience in platform resilience, fault tolerance, and incident response practices Benefits Motability Operations is a unique organisation … during probation period) 28 days annual leave with option to purchase and sell days 1 day for volunteering Funded Private Medical Insurance cover Electric / Hybrid Car Salary Sacrifice Scheme and Cycle to Work Scheme Life assurance at 4 times your basic salary to give you a peace of More ❯