1 to 25 of 82 ISO/IEC 27001 Jobs in Central London

security). Drive non-functional requirements (scalability, availability, performance, reliability, DR, observability). Cloud & Platform Architect secure, cost-optimized solutions using AWS services (EKS / ECS, Lambda, API Gateway, ALB / NLB, RDS / Aurora, DynamoDB, S3, ElastiCache, MSK / Kinesis, CloudWatch, IAM, KMS). Establish … / CD pipelines, infrastructure-as-code (Terraform / CloudFormation), and environment strategies (dev / test / stage / prod). Engineering Leadership Provide hands-on guidance in Java / Spring Boot, design patterns, and microservices best practices. Review code and designs, enforce standards ...

logical and physical topology). Hybrid Connectivity Design Principles and Standards (DNS-based policy, Zero Trust segmentation, firewalling). Detailed Bill of Materials (vendor / platform options, sizing, licence models, costs to Class 4 estimate). Delivery Project Plan (work breakdown structure, stage gates, dependencies, critical path). Security … Digital Distribution, Connectivity, Architecture, InfoSec, Service Assurance, Commercial) to define cross-connects, circuits, and governance alignment. Assessment of hyperscaler scope (AWS in baseline; Azure / GCP to be evaluated) and interconnection locations (carrier-neutral DCs / IX presence). Deliverables or KPIs (e.g. uptime %, response times, resolution targets ...

Threat Detection, Secure Remote Access, and Adaptive Security Policies—balancing exceptional user experience with enterprise-grade security. We operate under an ISO / IEC 27001-certified ISMS and an ITIL-aligned service management framework, ensuring integrity, resilience, and operational excellence. Joining Zero Plus … issues with cloud systems and resources. Monitor and optimise performance across hybrid, cross-tenancy, and multi-cloud environments. Implement observability tooling. Ensure compliance with ISO27001 standards, Zero Trust principles, and Well-Architected Frameworks. Maintain accurate documentation and mentor junior engineers. This role gives you the opportunity to deliver secure, modern ...

Cyber Security Engineer (Hedge Fund) - Python / Powershell / SQL / Tableau BI / NIST / CISSP / CISA - PERM We are seeking a Cyber Security Risk Engineer with a robust background in the full suite of modern technologies employed within an enterprise environment. … evolving enterprise technologies. Assist with incident response planning and post-incident risk evaluation, leveraging broad technical knowledge to assess impacts and recommend improvements. Qualifications / Skills Required Demonstrated experience working with information technology, information security, compliance, legal, business teams, and clients to assess and document security risks and compensating ...

security questions in “request for proposals” (RFP’s) or customer assessments (Due Diligence Questionnaires). Acts as first point of escalation for security / compliance questions for current and prospective customers. Review third party vendors for security and compliance controls; assesses risk based on a given risk assessment framework … Third Party Risk Management / Vendor Assessment). Assists and / or takes the lead in managing / overseeing annual SOC2 & ISO27001 audits. Contributes in annual InfoSec Policies review / edits / updates and provides considered input. Review proposed client engagement terms and conditions ...

ROLE OVERVIEW / / Reporting to the Information Security Manager, the Information Security Assurance Specialist will play a pivotal role in strengthening the firm’s information security posture. It will identify where security assurance testing of the firm’s systems and processes is required, commission the required tests … communicate information security risks to a range of stakeholders. A strong background in information security within professional or financial services is essential. KEY RESPONSIBILITIES / / The key responsibilities of this role are set out below and there may be others which are not listed. ...

Hybrid Connectivity Design Principles and Standards, including DNS-based policy, Zero Trust segmentation, and firewalling. Provide a Detailed Bill of Materials, covering vendor / platform options, sizing, licence models, and costs to Class 4 estimate. Develop a comprehensive Delivery Project Plan, detailing work breakdown structure, stage gates, dependencies … plan. Outline a Migration Strategy to guide phasing, cutover options, and rollback plans for later phases. Required Skills & Qualifications: Extensive experience in enterprise LAN / WAN / SD-WAN architecture and design. Proficiency in routing & switching (L2 / L3), and Wi-Fi controllers / enterprise deployments. ...

engagement aligned with CREST and OWASP standards. Conduct API penetration testing (REST, GraphQL, SOAP) focusing on authentication, authorization, and business logic flaws. Perform UI / Web application penetration testing for vulnerabilities such as XSS, CSRF, SQL Injection, and session management issues. Identify and document security issues with clear reproduction … practices and contribute to continuous improvement of testing methodologies. Maintain strong documentation and communication throughout the engagement lifecycle. Required Skills & Certifications: CREST certification (CRT / CPT / CPSA or equivalent). Penetration Testing Expertise – Strong hands-on experience in API and UI / Web application penetration testing. ...

engagement aligned with CREST and OWASP standards. Conduct API penetration testing (REST, GraphQL, SOAP) focusing on authentication, authorization, and business logic flaws. Perform UI / Web application penetration testing for vulnerabilities such as XSS, CSRF, SQL Injection, and session management issues. Identify and document security issues with clear reproduction … practices and contribute to continuous improvement of testing methodologies. Maintain strong documentation and communication throughout the engagement lifecycle. · Required Skills & Certifications: CREST certification (CRT / CPT / CPSA or equivalent) is a must. Penetration Testing Expertise – Strong hands-on experience in API and UI / Web application ...

ISO27001 Consultant / Central London (3 days onsite) / Fixed Term Contract We are working with a well-respected real estate organisation who is looking to bring on an ISO 27001 Implementer. This role is suited to someone who has hands-on experience implementing … ISO27001 and is comfortable working with a range of internal stakeholders to drive the certification process forward. Key Responsibilities Support and deliver the end-to-end implementation of ISO27001, from gap analysis through to certification readiness Work closely with technology, risk, compliance, and business stakeholders to embed information security controls ...

infrastructure and security concepts clearly to non-technical audiences. Key Responsibilities Corporate IT & Identity Management Own and manage the Microsoft 365 estate (Entra ID / Azure AD, Exchange, Teams, SharePoint) Manage joiners, movers and leavers across systems Enforce MFA, conditional access and security best practice Manage endpoint security … remediation Support access management across Azure subscriptions, ensuring separation between prod and non-prod environments Compliance & Audit Coordination Own and coordinate SOC 1 / SOC 2 and ISO 27001 activity Manage certificate renewals and ongoing compliance obligations Use compliance tooling (e.g. Drata or similar ...

Senior Control Advisor / GRC Advisor – Aberdeen or London We’re looking for a proactive and detail-oriented Senior Control Advisor to support the Governance, Risk & Compliance (GRC) function. In this role, you’ll help ensure regulatory compliance and effective risk management by monitoring controls, conducting audits, and collaborating … technical and nontechnical audiences. Substantial relevant experience in control management for governance, compliance, IT audits, IS assurance and risk management programmes. CISA, CISM, ISO27001 or equivalent preferred Relevant IT work experience Understanding of regulatory requirements, including cross-industry regulations (e.g., GDPR, Data Protection Act, UK Corporate Reform) and industry-specific ...

infrastructure and security solutions through a structured consultation framework based on recognised regulations and standards (e.g., Cyber Essentials in the UK and Europe, ISO 27001, NIST). This role combines consultative engagement with product management support to deliver tailored solutions that meet compliance requirements and customer … with regulatory and business requirements. 2. Consultation & Productisation Lead initiatives to develop and standardise consultation offerings based on frameworks such as Cyber Essentials, ISO 27001, and similar. Translate customer needs and compliance obligations into actionable service packages and product features. Collaborate with technical and commercial teams ...

will play a key role in supporting the delivery of information security and compliance activities across Newmark, with a particular focus on achieving ISO 27001 certification. This role will involve assisting with security policies, risk assessments, and operational activities. This position requires a strong technical background … security and compliance responsibilities. Ability to work independently, use initiative, and manage tasks with minimal supervision. Interest in information security, professional standards and / or regulatory compliance as part of a longer-term career path. Personal Attributes Professional, dependable, and solutions-focused. Proactive self-starter with strong problem-solving ...

Title: Java Architect Location: London, UK (Hybrid) Industry: Banking / Financial Services Job Summary We are seeking a highly experienced Java & AWS Cloud Architect to lead the design and delivery of large-scale, secure, and resilient microservices-based solutions within the banking domain. The ideal candidate will bring deep … including scalability, availability, performance, reliability, DR, and observability. Cloud & Platform Engineering Design secure, scalable, and cost-optimized AWS solutions using services such as EKS / ECS, Lambda, API Gateway, ALB / NLB, RDS / Aurora, DynamoDB, S3, ElastiCache, MSK / Kinesis, CloudWatch, IAM, and KMS. Establish ...

Infrastructure Operations Manager. The post-holder will assume full accountability for the stability, availability, and optimisation of the Council’s Hybrid Cloud Infrastructure (Azure / Windows Server), WAN (Fortigate / Cisco), and Service Desk functions. This role will be responsible for providing expert operational leadership during a critical … interconnects, and switching fabric to support a flexible, hybrid workforce Manage the lifecycle of the Microsoft stack, including Windows Server (2012-2022), Hyper-V / VMware clusters, and the M365 collaboration suite (Teams, Exchange, SharePoint). Ensure rigorous patch management and version control Validation of backup and recovery capabilities ...

Title: Cyber Security Consultant (Healthcare – DSPT / CAF Specialist) Role Summary We are looking for a highly skilled Cyber Security Consultant with proven healthcare sector experience and deep expertise in the DSPT and Cyber Assessment Framework (CAF) . The successful candidate must have hands-on experience writing and implementing … policies aligned to DSPT / CAF . Experience with EDRMS solutions is strongly desirable. Key Responsibilities Lead cyber security delivery for healthcare clients, ensuring full alignment with DSPT and CAF requirements. Produce high-quality policies, procedures, and governance documentation mapped directly to DSPT / CAF controls. Conduct security ...

Architect CyberArk PAM Self-Hosted components —Vault, PVWA, PSM, CPM, PSMP, PTA, DR—ensuring resilience, scalability, operational segregation and regulatory compliance. Design CyberArk Conjur / Secrets Manager Enterprise & Credential Provider for secure management of application, machine and DevOps secrets, integrating with: CI / CD pipelines Containers and Kubernetes … / OpenShift Multi-cloud platforms Collaborate with security, DevOps and infrastructure teams to integrate CyberArk with AD / LDAP, SAML / OIDC identity providers, SIEM (e.g. Splunk), ITSM, and MFA solutions . Lead installation, configuration, testing and handover of CyberArk secrets-management solutions into Run & Maintain teams. ...

national-scale address and change-of-address datasets. You’ll take true ownership of production workflows and data pipelines that run every day, 24 / 7 , supporting long-standing commercial partnerships. You’ll become the expert on a mission-critical proprietary platform, with the freedom to help modernise … redevelop it. Data Quality, Analysis & Reporting Perform analytical comparisons across large datasets to assess quality, identify discrepancies and generate scoring outputs. Build derived / third-party datasets for benchmarking and analytical validation. Produce clear, meaningful insights for internal teams and selected clients. Summarise results and contribute to reports ...

national-scale address and change-of-address datasets. You’ll take true ownership of production workflows and data pipelines that run every day, 24 / 7 , supporting long-standing commercial partnerships. You’ll become the expert on a mission-critical proprietary platform, with the freedom to help modernise … redevelop it. Data Quality, Analysis & Reporting Perform analytical comparisons across large datasets to assess quality, identify discrepancies and generate scoring outputs. Build derived / third-party datasets for benchmarking and analytical validation. Produce clear, meaningful insights for internal teams and selected clients. Summarise results and contribute to reports ...

national-scale address and change-of-address datasets. You’ll take true ownership of production workflows and data pipelines that run every day, 24 / 7 , supporting long-standing commercial partnerships. You’ll become the expert on a mission-critical proprietary platform, with the freedom to help modernise … redevelop it. Data Quality, Analysis & Reporting Perform analytical comparisons across large datasets to assess quality, identify discrepancies and generate scoring outputs. Build derived / third-party datasets for benchmarking and analytical validation. Produce clear, meaningful insights for internal teams and selected clients. Summarise results and contribute to reports ...

role , with full ownership of the enterprise security function across wholesale and retail operations. You’ll define strategy, lead transformation, and operate at senior / board level , driving security across governance, cloud, risk and operations in a complex hybrid environment. What You’ll Do Define and deliver … platforms (Azure, AWS, Nutanix, Zero Trust, SASE, CASB) Drive security culture, awareness and third-party risk management What We’re Looking For Senior cyber / security leadership experience CISSP, CISM or CISA (or equivalent) Strong background in ISO 27001, NIST, PCI DSS Hands-on experience ...

ISO 27001 . They will bring proven experience in strategic planning, risk-based information assurance, business impact analysis, and threat / vulnerability management , as well as deep expertise in compliance, policy design, and information security frameworks including ISO 27001, NIST, COBIT ...

cyber, IT, cloud, and third parties Assure controls aligned to ISO 27001, NIST, SOC2 Own audit readiness and support internal / external audits Maintain security risk register and track remediation actions Provide assurance over IAM / PAM, vulnerability management, data protection Produce clear executive … level security reporting Work closely with Cyber, Risk, IT, and Compliance teams Key Skills & Experience Strong background in Information Security Assurance / GRC Experience in regulated environments Knowledge of security frameworks and controls Stakeholder management at senior level Familiarity with security tooling and assurance processes ...

Material Security, including threat mitigation and authentication protocols Manage endpoint security systems like CrowdStrike Falcon Align technical controls with standards such as ISO 27001, PCI-DSS and SOC2, contributing to audits and compliance efforts Investigate security incidents, supporting forensic analysis and incident reporting Monitor emerging security … recommend improvements, and implement innovative solutions to stay ahead of evolving threats Required Skills: Strong working knowledge of industry standards such as NIST, ISO 27001, and PCI DSS Proven experience managing vulnerability scans, cloud security, and endpoint security tools Familiarity with email security protocols, threat management ...