1 to 25 of 105 ISO/IEC 27001 Jobs in Scotland

level experience as a Cyber Security Professional? Join us to shape the security technology and tooling strategy for HMRC and influence the UK Public Sector. Enjoy a healthy work / life balance while making a significant impact. HMRC are now one of the most digitally advanced tax authorities in the world and are continuing to spend the next five … strategic platforms. In addition, you may be encouraged to undertake line management responsibilities developing and managing a team. You may be expected to own and develop CSTS capabilities and / or services. Person specification Ideal candidate: A business and technology leader in the strategic selection, development and delivery of technical security controls and services. Focused expertise to develop and … encryption systems, infrastructure, risks, weaknesses and mitigations. Knowledge and Experience of Modernised Security Operations Centre including Attack Surface Management. Cloud Security & Risk applied to all service and deployment ISO standards including 27001, 27002, 27005, 270017, 27018, 22301 and NIST CSF 2.0. Technical Security within one or many of the following domains: Identity and Access Management: Expertise More ❯

Social network you want to login / join with: Cryptographic Platform Engineer, Vice President, Hybrid, Edinburgh col-narrow-left Client: State Street Location: Edinburgh, United Kingdom Job Category: Other - EU work permit required: Yes col-narrow-right Job Reference: 5bab8fdd205f Job Views: 5 Posted: 29.06.2025 Expiry Date: 13.08.2025 col-wide Job Description: Who we are looking for We are … integration with multi-cloud key management services (AWS KMS, Azure Key Vault, OCI KMS) Collaborate with security architects, application teams, and DevSecOps engineers to embed encryption management into CI / CD pipelines. Automate key lifecycle processes such as key generation, rotation, distribution, revocation and decommissioning. Build monitoring and alerting mechanisms to detect cryptographic anomalies and improve operational efficiency. Ensure … automation and integrations align with cryptographic policies, compliance and regulations (PCI DSS, GDPR, FIPS 140-2 / 3), and security best practices. Work closely with risk and compliance teams to provide audit trails and access control mechanisms for key and certificate operations. Assist in vulnerability management and patching of cryptographic components and automation workflows. Troubleshoot integration and automation issues More ❯

Social network you want to login / join with: Chief Information Security Officer, Edinburgh col-narrow-left Client: Motability Operations Location: Edinburgh, United Kingdom Job Category: Other - EU work permit required: Yes col-narrow-right Job Reference: 5615cf41bd25 Job Views: 6 Posted: 25.06.2025 Expiry Date: 09.08.2025 col-wide Job Description: About The Role: The Chief Information Security Officer (CISO … information security governance framework and ensure appropriate technical guardrails are in place, including policies, standards, and procedures. Ensure compliance with applicable laws, regulations, and industry standards (e.g., GDPR, ISO 27001, NIST Cybersecurity Framework). Incident Response: Oversee the development and testing of technology incident response plans. Coordinate with relevant stakeholders to promptly respond to and resolve … Reporting: Report to leadership on the organisation's security posture, potential risks, and ongoing security initiatives. Communicate effectively to raise awareness and support for information security initiatives. Chair and / or participate in Security Governance forums, including the Risk Management Committee. Industry Knowledge and Innovation: Stay abreast of the latest cybersecurity threats, trends, and technologies. Evaluate and introduce innovative More ❯

strategy, cyber risk, cyber maturity, security architecture, cyber transformation and regulatory compliance for cyber. Experience of various recognised cyber security relevant standards and regulations, such as NIST CSF, CRI2.0, ISO27001, NCSC CAF, GDPR and NIS2 or equivalent. Experience working in a variety of environments or organisational contexts to develop cyber strategy and manage cyber risk. Desire to work with large … true self to work every day. And you’ll never stop growing, whatever your level.Discover more reasons to connect with us, our people and purpose-driven culture at deloitte.co.uk / careersWPFULL SLTTECH BACYBER BACSRAT LOCBRI LOCEDI LOCMAN Apply For Job #J-18808-Ljbffr More ❯

Social network you want to login / join with: Information & Cyber Security Executive, Edinburgh col-narrow-left Client: McCabe & Barton Location: Edinburgh, United Kingdom Job Category: Other - EU work permit required: Yes col-narrow-right Job Views: 6 Posted: 26.06.2025 Expiry Date: 10.08.2025 col-wide Job Description: Location: Remote with occasional travel Employment Type: Full-Time Reports To: Information … other benefits. Working remotely with occasional presence in the office in Essex. What You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO / IEC 27001 / 2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience … clear, business-friendly advice. Stay on-call during scheduled weeks for incident support and response. Requirements Solid understanding of cyber security, governance, and risk management principles. Experience with risk / vulnerability assessments and incident management. Experience in first and second line support. Strong analytical thinking and attention to detail. Familiarity with compliance frameworks like ISO 27001 More ❯

Role: IT Engineer - 2nd / 3rd Line Place of work: Glasgow, City Centre Contract type: Full-time, Permanent Working Hours: Monday – Friday, 9am – 5pm Do you thrive in a fast-paced environment and have a passion for delivering excellence in IT support? If so, Jones Whyte has an excellent opportunity for you where you will have the chance to … shine and contribute your expertise. We are seeking a skilled and proactive 2nd / 3rd Line IT Engineer to join our IT Support Team. This role blends advanced ticket-based support responsibilities with hands-on cybersecurity exposure. Why Jones Whyte? At Jones Whyte, we’re more than just a law firm—a dynamic community built on collaboration, innovation, and … a shared commitment to excellence. Joining us means stepping into a role where your expertise is valued, and your growth is a priority. The Role As a 2nd / 3rd line IT Engineer, you will be supporting the firm with advanced tasks, ensuring the smooth running of our technology. You'll be responsible for maintaining, troubleshooting, and improving our More ❯

and Security Operations—is key to aligning local and global security standards. You'll also drive cyber awareness and training initiatives for commercial teams, support regulatory compliance (e.g., ISO 27001, NIST SP 800-53, GDPR), and handle incident response, triage, and escalations per internal policies. You'll contribute to investigations, the annual NIST CSF 2.0 maturity … You're a proactive, analytical security professional with a strong technical background and excellent communication skills. You bring: Proven experience with ISO 27001, NIST CSF / SP 800-53, GDPR compliance, and risk management Strong technical expertise in implementing security controls aligned with ISMS Ability to create clear, audience-tailored documentation and reports Effective problem More ❯

encryption methodologies are applied to data stored in databases, applications, and IoT connected devices. Collaborate with cloud security and DevSecOps teams to integrate encryption and key management into CI / CD pipelines and Infrastructure as Code (IaC) deployments. Develop IoT encryption frameworks to secure IoT devices. Support the integration of encryption solutions into applications, databases, cloud services, IoT platforms … deployment processes. Support post-quantum cryptography (PQC) readiness by evaluating and preparing for emerging threats to encryption security. Ensure compliance with NIST 800-57, PCI DSS, FIPS 140-2 / 3, ISO 27001, GDPR, FFIEC, and IoT security (NIST 800-183, ETSI EN 303 645). What We Value These skills will help you succeed … Infrastructure as Code (IaC). Education & Preferred Qualifications You have multiyear (>4 years) experience within Cybersecurity including SecOps, Cloud Security, and secure architecture. Bachelor's Degree in Computer Science / Engineering, related discipline, or equivalent work experience. Strong proficiency in Python, PowerShell, Bash, or Java. Hands-on Experience with key management systems (HashiCorp Vault, ASW KMS, Azure Key Vault More ❯

up resources so they can be re-invested into essential services. The security services and technology provided by NSS Digital and Security (DaS) are critical operational components, used 24 / 7 365 days a year. About The Organisation National Services Scotland (NSS) is a national NHS Board operating right at the heart of NHSScotland, providing invaluable support and advice … up resources so they can be re-invested into essential services. The security services and technology provided by NSS Digital and Security (DaS) are critical operational components, used 24 / 7 365 days a year. The Post NSS DaS operates the Cyber Centre of Excellence (CCoE), providing modern, proactive, and efficient national cybersecurity services for NHSScotland. This is an … Ideally the candidate will have achieved Chartered Professional status of the British Computer Society (MBCS CITP) and should have obtained a post-graduate qualification in the specialist area e.g. ISO27001 Lead Implementer, CISM, CISA, CISSP, GIAC certifications, CCP accreditor or have equivalent additional experience / expertise. The candidate should have excellent interpersonal, communication and organisational skills. They should also More ❯

Information Security Analyst, Security Engineer or Vulnerability Analyst with strong experience with complex information security projects . In-depth knowledge & expertise of Information Security standards, technologies & methodologies etc (e.g., ISO27001 ). Strong grasp of security best practices , risk management , and compliance . Particular focus on Vulnerability Management utilising SAST / DAST tools , especially Tenable . Familiarity with Azure DevOps … tracking work items. Ability to work independently and in agile teams. Excellent communication and stakeholder management skills are a must as always. Any formal certifications like CISA, CISM , or ISO27001 Lead Implementer / Auditor would be highly advantageous With a hybrid-working approach, my client is ideally seeking candidates from local Scottish-Market who can commit to regular time More ❯

Social network you want to login / join with: Information Security Analyst, dunfermline col-narrow-left Client: Origo Location: Job Category: Other - EU work permit required: Yes col-narrow-right Job Views: 4 Posted: 26.06.2025 Expiry Date: 10.08.2025 col-wide Job Description: About Origo We are a leading FinTech company based in Edinburgh, dedicated to improving the operational efficiency … to protect our organisation's assets from cyber threats and ensuring compliance with industry standards. Key Responsibilities Assist in the planning and implementation of security controls and testing to ISO27001 standards, including developing and enforcing security policies and best practices to ensure compliance. Perform business impact analyses (BIA) across key technology processes, systems and facilities and identify any gaps that … skills. Ability to work on own initiative. Applicants must have the Right to Work in the UK. Desirable knowledge, skills and experience Qualifications such as CompTIA Security+, CEH or ISO27001 Lead Implementer. Experience of senior management engagement and relationship management. Experience in dealing with Information Security incidents. Experience conducting penetration tests and working with vulnerability management tools. This role offers More ❯

Social network you want to login / join with: Information Security Analyst, livingston col-narrow-left Client: Origo Location: livingston, United Kingdom Job Category: Other - EU work permit required: Yes col-narrow-right Job Views: 4 Posted: 26.06.2025 Expiry Date: 10.08.2025 col-wide Job Description: About Origo We are a leading FinTech company based in Edinburgh, dedicated to improving … to protect our organisation's assets from cyber threats and ensuring compliance with industry standards. Key Responsibilities Assist in the planning and implementation of security controls and testing to ISO27001 standards, including developing and enforcing security policies and best practices to ensure compliance. Perform business impact analyses (BIA) across key technology processes, systems and facilities and identify any gaps that … skills. Ability to work on own initiative. Applicants must have the Right to Work in the UK. Desirable knowledge, skills and experience Qualifications such as CompTIA Security+, CEH or ISO27001 Lead Implementer. Experience of senior management engagement and relationship management. Experience in dealing with Information Security incidents. Experience conducting penetration tests and working with vulnerability management tools. This role offers More ❯

to protect our organisation's assets from cyber threats and ensuring compliance with industry standards. Key Responsibilities Assist in the planning and implementation of security controls and testing to ISO27001 standards, including developing and enforcing security policies and best practices to ensure compliance. Perform business impact analyses (BIA) across key technology processes, systems and facilities and identify any gaps that … with threat assessment and work with business units in articulating impact and mitigations to reduce attack surface. Plan, schedule, conduct and report on systems security audits, ensuring any corrective / preventive actions identified are tracked to a satisfactory conclusion. Document and report enterprise risk and compliance issues according to required timelines. Assist with the management, planning & preparation of third … skills. Ability to work on own initiative. Applicants must have the Right to Work in the UK. Desirable knowledge, skills and experience Qualifications such as CompTIA Security+, CEH or ISO27001 Lead Implementer. Experience of senior management engagement and relationship management. Experience in dealing with Information Security incidents. Experience conducting penetration tests and working with vulnerability management tools. Benefits This role More ❯

cultivate a strong security culture across the organisation Oversee all audit activities to ensure compliance with internal standards as well as supporting external audit compliance with relevant standards e.g. ISO27001 What you’ll bring * The successful applicant for this role may be required to undergo and obtain a positive outcome from pre-employment screening in accordance with the requirements of … significant experience of inputting into the IT security strategy of an organisation of similar size and scale to ScottishPower, and preferably hold relevant industry qualifications (e.g., CISSP, CISM and ISO27001). You’ll have proven experience and knowledge of - Security Risk Management including the development, recommendation, and delivery of remediation plans Assessing technical designs across multiple IT / Digital … you have everything you need to take care of your world – today and tomorrow. That’s why our benefits include: 36 days annual leave Holiday purchase – perfect your work / life balance with extra annual leave Share Incentive Plan and Sharesave Scheme Payroll giving and charity matched funding Technology Vouchers – save more and spread the cost of your technology More ❯

Social network you want to login / join with: Senior Information Assurance Consultant, edinburgh col-narrow-left Client: Location: edinburgh, United Kingdom Job Category: Other - EU work permit required: Yes col-narrow-right Job Views: 4 Posted: 26.06.2025 Expiry Date: 10.08.2025 col-wide Job Description: Job Title: Senior Information Assurance Consultant Location: Fully Remote (UK-based candidates) Contract Type … is essential. Key Responsibilities: Lead the design and implementation of security management processes for a new service offering. Develop and maintain a unified ISMS aligned with ISO / IEC 27001, NIST, PRISMA, and CoBIT frameworks. Conduct gap analyses and risk assessments to ensure compliance with relevant security standards and regulatory requirements. Collaborate with … and certification activities, ensuring documentation and controls are in place and effective. Proven experience in information assurance, cyber security, or risk management roles. Strong knowledge and practical experience with ISO27001, NIST, PRISMA, and CoBIT frameworks. Demonstrated ability to design and implement ISMS in complex, multi-stakeholder environments. Excellent communication and stakeholder engagement skills. Relevant certifications such as CISSP, CISM, ISO27001 More ❯

regulatory developments and changes in laws, regulations, and industry standards. Assess the organisation's compliance with applicable regulations, standards, and internal policies. Resilience Planning: Support the Senior Resilience BCP / DR Advisor in developing and maintaining IT resilience and business continuity plans to ensure the organisation's ability to respond to and recover from IT disruptions. Incident Response and … Data Protection Act) and industry-specific regulations Experience implementing compliance and control frameworks Proficiency in IT governance and quality standards Knowledge of security management frameworks like ISO / IEC 27001, ITIL, COBIT, NIST standards Strong stakeholder management skills High integrity and professionalism in handling confidential matters Familiarity with risk management tools like OneTrust More ❯

and experience of working with organisations that have OT networks and standards utilised in the energy sector such as the Cyber Assessment Framework and IEC ISA 99 / 62443. You'll be helping multiple clients with different aspects of their security. The role is interesting and varied and a great opportunity for those that prefer spontaneity over … routine. A Day in the Life Delivering projects, including creating information security strategies, risk assessments of OT projects and assessments against frameworks like ISO 27001. Identify and develop new business opportunities with clients and prospects. Mentoring and supporting junior team members to raise the team's understanding of working with Energy clients. Stay updated on the latest information … non-technical audiences. What would be great to have CISSP, CISM, 62443 cyber security certificates Cyber Assessment Framework, NIST CSF, NIST SP 800-82, IEC ISA 99 / 62443, CIS Controls Strong understanding of IT and OT security risks Knowledge of the threat landscape Experience in Business development and proposal / tender writing How We Take More ❯

Research Environment (TRE) at the University of Glasgow, and in partnership with NHS Greater Glasgow and Clyde. The postholder will ensure the TRE is aligned with governance and AI / ML workflows, to achieve key milestones across academic, clinical, and industry-facing projects. The role requires a high level of cross-sector coordination, stakeholder engagement, financial oversight, and support … and commitment for a research-driven, AI / ML-enabled infrastructure with national relevance. Main Duties and Responsibilities 1. To lead on the planning, coordination, and execution of all phases of TRE implementation, ensuring on-time and on-budget delivery of infrastructure setup, AI workflow deployment, and governance milestones. 2. Facilitate alignment and collaboration between NHS Safe Haven, MVLS … IT, and Services teams to manage the transition from existing TRE provider (Robertson Centre for Biostatistics) to long-term operational sustainability. 3. Support the delivery of key demonstrator AI / ML projects (digital pathology, imaging, NLP) that will shape the TRE's foundational workflows for integration into national health research infrastructure. 4. To play a key role to ensure More ❯

a wide range of infrastructure improvements. From migrating to Azure AD and Intune, to rolling out Defender across the business and helping push toward Cyber Essentials Plus and ISO 27001 compliance; there’s a lot going on, and you’ll be in the thick of it. Alongside cloud migration work, you’ll also be involved in … telephony platforms in a business environment • Exposure to cloud migrations, ideally Azure (some AWS experience also fine) • Experience supporting enterprise platforms like IIS & SQL • Familiarity with compliance standards (ISO 27001, Cyber Essentials, NIST) There’s no on call requirement, though some flexibility around out of hours work may occasionally be needed. This is a genuinely varied More ❯

a wide range of infrastructure improvements. From migrating to Azure AD and Intune, to rolling out Defender across the business and helping push toward Cyber Essentials Plus and ISO 27001 compliance; there's a lot going on, and you'll be in the thick of it. Alongside cloud migration work, you'll also be involved in … telephony platforms in a business environment Exposure to cloud migrations, ideally Azure (some AWS experience also fine) Experience supporting enterprise platforms like IIS & SQL Familiarity with compliance standards (ISO 27001, Cyber Essentials, NIST) There's no on call requirement, though some flexibility around out of hours work may occasionally be needed. This is a genuinely varied More ❯

transition and transformation engagements. • Develop knowledge base, re-usable components for GRC advisory services. • Responsible for development and enhancements of GRC services, team and delivery capabilities. • Manage 3rd party / sub-contractors as part of the GRC delivery engagement. • Manage local partners and develop partner sales channel Skills: Expertise in delivery of risk and compliance advisory services (preferable candidates … from Big4 organizations) • Should have proven capabilities of executing atleast 3-4 advisory / consulting engagements • Excellent technical capabilities around information security, business continuity and technology risk assessments. ISO 27K, NIST, AI Governance, CIS etc. • Good compliance understanding of industry domains such as BFSI – (SOX, FFIEC, PCI-DSS, BASEL, MAS etc.), Healthcare & Life-sciences – (HIPAA, Hi-Trust … Cyber Recovery, ZTA • GRC Project & Program Management • Excellent written and verbal communications skills • Should be able to travel 70%-80% on short as well as long term engagements. PLATFORM / TOOL EXPERTISE Experience on the below mentioned tools is not mandated but candidates having exposure to these will be preferred: • MetricStream, Archer, ServiceNow GRC & SecOps, OneTrust QUALIFICATIONS B.E / More ❯

Edinburgh, United Kingdom | Posted on 25 / 11 / 2024 Position Overview : The CyberArk Practice Manager leads and oversees the development, delivery, and management of CyberArk security solutions within SysGroup. This role is responsible for driving business growth, managing client relationships, and ensuring the successful deployment and maintenance of privileged access management (PAM) services. Key Responsibilities : Practice Leadership … AAM). Excellent leadership, communication, and client management skills. Ability to lead teams, manage complex projects, and drive client success. Knowledge of cybersecurity frameworks and compliance (e.g., NIST, ISO 27001). Certifications : CyberArk certifications (e.g., CyberArk Defender, Sentry) preferred. Relevant security certifications (e.g., CISSP, CISM) are a plus. Additional Skills : Problem-solving and analytical thinking. Strong More ❯

Social network you want to login / join with: Principal Security Engineer (Vulnerability Management), aberdeen col-narrow-left Client: Oracle Location: Job Category: Other - EU work permit required: Yes col-narrow-right Job Views: 3 Posted: 26.06.2025 Expiry Date: 10.08.2025 col-wide Job Description: Do you have a passion for high scale services and working with some of Oracle … assurance, at scale, a reality. We are a dedicated team, leveraging each other’s insights and abilities to produce cutting edge solutions to difficult problems through automation and CI / CD. Join us to grow your career and create the future of software assurance at scale together. What You’ll Bring A minimum of 8 years of experience in … current on emerging threats, vulnerabilities, and industry trends Nice to Have Experience automating metrics pipelines using scripting, APIs, or business intelligence platforms. Familiarity with regulatory frameworks (e.g., NIST, ISO 27001, CIS) and how they influence security metrics Prior experience working closely with IT operations, application teams, and others to support remediation and reporting efforts What We More ❯

Social network you want to login / join with: Principal Security Engineer (Vulnerability Management), edinburgh col-narrow-left Client: Oracle Location: edinburgh, United Kingdom Job Category: Other - EU work permit required: Yes col-narrow-right Job Views: 4 Posted: 26.06.2025 Expiry Date: 10.08.2025 col-wide Job Description: Do you have a passion for high scale services and working with … assurance, at scale, a reality. We are a dedicated team, leveraging each other’s insights and abilities to produce cutting edge solutions to difficult problems through automation and CI / CD. Join us to grow your career and create the future of software assurance at scale together. What You’ll Bring A minimum of 8 years of experience in … current on emerging threats, vulnerabilities, and industry trends Nice to Have Experience automating metrics pipelines using scripting, APIs, or business intelligence platforms. Familiarity with regulatory frameworks (e.g., NIST, ISO 27001, CIS) and how they influence security metrics Prior experience working closely with IT operations, application teams, and others to support remediation and reporting efforts What We More ❯

diversity. Experience of conducting control testing, technical reviews or audits to understand cyber compliance needs aligned to technical and regulatory standards. Experience of cyber risk management, security frameworks (NIST, ISO27001) cyber compliance, assurance, and attestation work. Exposure to facilitating penetration testing, security risk assessments, driving the remediation of cyber vulnerabilities and remediating or mitigating cyber risks. Experience of security testing … week ago Edinburgh, Scotland, United Kingdom 3 days ago Edinburgh, Scotland, United Kingdom 2 days ago Edinburgh, Scotland, United Kingdom 2 weeks ago Senior Information Security Analyst (ASM / VM) Edinburgh, Scotland, United Kingdom 1 week ago Edinburgh, Scotland, United Kingdom 3 months ago Edinburgh, Scotland, United Kingdom 4 days ago Data Loss Prevention (DLP) Governance Analyst Edinburgh, Scotland … Edinburgh, Scotland, United Kingdom 2 weeks ago Key, Certificate, and Encryption Management Governance Analyst Edinburgh, Scotland, United Kingdom 1 month ago Edinburgh, Scotland, United Kingdom 1 week ago Senior / Staff Application Security Analyst (Bangkok based, relocation provided) Edinburgh, Scotland, United Kingdom 1 week ago Senior / Staff Application Security Analyst (Bangkok based, relocation provided) Edinburgh, Scotland, United More ❯