1 to 25 of 63 ISO/IEC 27001 Jobs in the South West

code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 / 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security … execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience … in product or application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on More ❯

code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 / 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security … execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience … in product or application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on More ❯

and Experience Required Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan ). An understanding of MOD ISN 23 / 09 Secure by Design. Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP. Experience of working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Why Join? You'll gain exposure to cutting-edge defence technology and intelligence insights, alongside good … salary & benefits . The client offers flexible working options, with some hybrid / remote working. Apply now to be immediately considered for this fantastic opportunity. More ❯

Required Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05 139). An understanding of MOD ISN 23 / 09 Secure by Design. Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP. Experience of working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Why Join? You'll gain exposure to cutting-edge defence technology and intelligence insights, alongside good … salary & benefits . The client offers flexible working options, with some hybrid / remote working. Apply now to be immediately considered for this fantastic opportunity. More ❯

may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss More ❯

may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss More ❯

Information Security Engineer Hybrid: Remote / Bristol Reporting to: Joe Mathews - VP of Technology Salary: £45,000 - £50,000 About Us Duel is a SaaS company on a mission to make Brand Advocacy the industry standard playbook for building brilliant retail brands. It was founded by world record breaking … a timely manner. Learn and implement security monitoring and automation solutions to detect and respond to threats. Help manage security tooling, including SIEM, IDS / IPS, and vulnerability scanning solutions. Work closely with engineers to support secure coding practices and help embed security considerations early in the development process. … as Secureframe, Drata, or Vanta. Experience working with pen testing and bug bounties a plus. Basic understanding of security tools such as SIEM, IDS / IPS, and vulnerability management solutions. Experience or knowledge of cloud security (AWS, GCP, or Azure). Awareness of security best practices in application and More ❯

UK. The Information Security Manager Role: As Information Security Manager, you’ll be the go-to expert for all things security, steering our ISO 27001 compliance and leading security strategy across the business. From protecting internal operations to aligning with defence frameworks, your work will directly … the cutting edge of cybersecurity excellence. Key Responsibilities of the Information Security Manager: Maintain and enhance ISO 27001, Cyber Essentials / Cyber Essentials+, and DCPP compliance Lead policy development and risk mitigation across the business Advise on Secure by Design (SbD) assurance and government protective … Own security controls for our North Bristol site Support the creation of project-specific security documentation and assurance strategies Skills & Experience: Experience leading ISO 27001 and cybersecurity governance Strong knowledge of NIST CSF, ISO 27005, and DCPP frameworks Confident communicator with a security-first More ❯

UK. The Information Security Manager Role: As Information Security Manager, you'll be the go-to expert for all things security, steering our ISO 27001 compliance and leading security strategy across the business. From protecting internal operations to aligning with defence frameworks, your work will directly … the cutting edge of cybersecurity excellence. Key Responsibilities of the Information Security Manager: Maintain and enhance ISO 27001, Cyber Essentials / Cyber Essentials+, and DCPP compliance Lead policy development and risk mitigation across the business Advise on Secure by Design (SbD) assurance and government protective … Own security controls for our North Bristol site Support the creation of project-specific security documentation and assurance strategies Skills & Experience: Experience leading ISO 27001 and cybersecurity governance Strong knowledge of NIST CSF, ISO 27005, and DCPP frameworks Confident communicator with a security-first More ❯

knowledge sharing across teams. What We’re Looking For Technical Experience & Knowledge Experience with risk management frameworks and methodologies such as ISO / IEC 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53. Strong understanding of security … standards and frameworks including OWASP, Secure by Design principles, and MOD-specific guidelines (e.g., JSP, Def Stan 05-138 / 139). Familiarity with HMG security principles and assurance frameworks is advantageous. Comfortable using threat modelling tools and implementing mitigation strategies. Experience with NIST standards. (this is an absolute More ❯

developing mitigation strategies. Conducting security code reviews and offering guidance to ensure a secure-by-design approach. Ensuring products meet key regulatory standards (ISO 27001, NIST 800 series, JSPs, Def Stans). Authoring vital security documentation, including RMADS and Security Assurance Documents. … Performing penetration testing and coordinating remediation efforts. What You Bring: A solid understanding of security frameworks such as ISO 27001 / 2, ISO 31000, NIST 800-30 / 37 / 53. Hands-on experience with Defence Standards (JSPs, HMG, Def Stan … / 139). Strong knowledge of security testing tools and techniques. Excellent communication skills — able to explain complex risks and solutions clearly. A proactive, problem-solving mindset with a high level of personal integrity and professional ethics. Experience with NIST standards. (this is an absolute must) You'll Succeed More ❯

Management Systems and Audit Manager, you will collaborate with cross-functional teams to support the continuous improvement. Support the maintenance of existing external ISO accreditation's and the support attainment of new ISO accreditation's to support the business strategy. Key Responsibilities: Support in the implementation … of National Security Solutions Audit Schedule Support in the maintenance of existing ISO accreditation's Support in the attainment of new ISO accreditations as required Maintain the company's Integrated Management System (IMS) Audit Schedule to ensure compliance with regulatory requirements and industry standards (e.g. ISO … benefits including private health care, career development opportunities and performance bonuses. For a comprehensive list of benefits, speak to our recruitment team. Essential qualifications / experience: ISO 9001 Lead auditor Detailed knowledge of ISO 9001, ISO 27001, ISO More ❯

to the Head of Cybersecurity and work within our specialist Cybersecurity Practice. In this role, you will provide cybersecurity assurance within a complex marine / defence engineering programme, supporting the development and delivery of cyber-resilient systems. This is a consultancy role focused on integrating cybersecurity into programme controls … Engineering, or a related technical or defence-focused discipline. Recognised cybersecurity certifications: CompTIA, CISSP, CISM, CRISC, ISO 27001 Lead Auditor / Implementer, or equivalent. Familiarity with MOD, maritime, or defence-specific frameworks: JSPs, DEFSTAN, NIST, IEC 62443, IMO or ISO / IEC 27001. SC clearance (or eligibility to obtain SC as a minimum) is required; DV clearance is desirable depending on the programme needs. Essential skills Strong understanding of cybersecurity assurance principles, risk management, and regulatory compliance in defence or safety-critical environments. Proven ability to produce and More ❯

to the Head of Cybersecurity and work within our specialist Cybersecurity Practice. In this role, you will provide cybersecurity assurance within a complex marine / defence engineering programme, supporting the development and delivery of cyber-resilient systems. This is a consultancy role focused on integrating cybersecurity into programme controls … Engineering, or a related technical or defence-focused discipline. Recognised cybersecurity certifications: CompTIA, CISSP, CISM, CRISC, ISO 27001 Lead Auditor / Implementer, or equivalent. Familiarity with MOD, maritime, or defence-specific frameworks: JSPs, DEFSTAN, NIST, IEC 62443, IMO or ISO / IEC 27001. SC clearance (or eligibility to obtain SC as a minimum) is required; DV clearance is desirable depending on the programme needs. Essential skills Strong understanding of cybersecurity assurance principles, risk management, and regulatory compliance in defence or safety-critical environments. Proven ability to produce and More ❯

reviews and ensure secure-by-design principles. Conduct threat modelling exercises to identify and mitigate potential risks. Ensure compliance with security regulations such as ISO27001, NIST 800-30 / 37 / 53, JSP 440, 604, and Defence Standards. Develop and maintain security documentation (e.g., RMADS, Security Assurance Documents … vulnerability assessments, and remediation activities. The Person Key Skills & Experience: Strong knowledge of risk management frameworks and methodologies (ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53). Experience with defence and government security standards (JSPs, Def Stan … / 139). Proficiency in security testing tools, technologies, and techniques. Ability to analyze and mitigate security vulnerabilities effectively. Strong problem-solving, decision-making, and communication skills. Qualifications & Requirements: Degree in Cybersecurity, Computer Science, or a related field (or equivalent experience). Industry certifications such as CISSP, OSCP, CEH More ❯

reviews and ensure secure-by-design principles. Conduct threat modelling exercises to identify and mitigate potential risks. Ensure compliance with security regulations such as ISO27001, NIST 800-30 / 37 / 53, JSP 440, 604, and Defence Standards. Develop and maintain security documentation (e.g., RMADS, Security Assurance Documents … vulnerability assessments, and remediation activities. The Person Key Skills & Experience: Strong knowledge of risk management frameworks and methodologies (ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53). Experience with defence and government security standards (JSPs, Def Stan … / 139). Proficiency in security testing tools, technologies, and techniques. Ability to analyze and mitigate security vulnerabilities effectively. Strong problem-solving, decision-making, and communication skills. Qualifications & Requirements: Degree in Cybersecurity, Computer Science, or a related field (or equivalent experience). Industry certifications such as CISSP, OSCP, CEH More ❯

collaborate with cross-functional teams to support the continuous improvement of the company's management system, the maintenance of NGUKL's existing external ISO accreditations and the attainment of new ISO accreditations to support the business strategy. This is an excellent opportunity if you are looking … system and the CAD database Maintain the company's Integrated Management System (IMS) to ensure compliance with regulatory requirements and industry standards (e.g. ISO 9001, 20000-1, 27001, 14001) Support functions and process owners to ensure processes are up to date, efficient and align with required … required Ensure appropriate reviews have taken place, and required approvals have been obtained prior to publication We are looking for: Detailed knowledge of ISO 9001, ISO 27001, ISO 20000 and ISO 14001 standards Experience in managing libraries of process documentation More ❯

by Design Conduct threat modelling exercises to prioritise potential risks and develop mitigation strategies to reduce risks Ensure products meet regulatory standards such as ISO27001, NIST 800-30 / 37 / 53, Joint Standards Publications (JSP) such as JSP 440, 604 and Defence Standards (Def stans) Produce security … assessments and remediation activities Your skillset may include: Understanding and application of risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Working knowledge of Defence Standards (e.g., JSPs, HMG, Def Stan 05-138, Def More ❯

by Design Conduct threat modelling exercises to prioritise potential risks and develop mitigation strategies to reduce risks Ensure products meet regulatory standards such as ISO27001, NIST 800-30 / 37 / 53, Joint Standards Publications (JSP) such as JSP 440, 604 and Defence Standards (Def stans) Produce security … assessments and remediation activities Your skillset may include: Understanding and application of risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Working knowledge of Defence Standards (e.g., JSPs, HMG, Def Stan 05-138, Def More ❯

Develop and present comprehensive risk assessment reports, including clear recommendations for mitigation and investment Apply frameworks such as NIST 800-53, ISO / IEC 27001, and NCSC CAF to assess current controls and identify improvement opportunities Contribute to the development of organisational threat … can apply critical thinking to complex and ambiguous environments, making informed decisions under pressure You have strong knowledge of cyber risk frameworks (e.g. NIST, ISO27001, NCSC CAF) and experience in applying them You're experienced in one or more of: counterintelligence, human intelligence and security, physical security assessments, operational technology More ❯

diverse range of client projects within the defence, national security, environmental, and research sectors. This includes the provision of strategic risk management advice and / or technical consultancy within the context of cybersecurity. You will join a team of highly skilled professionals dedicated to safeguarding technologies and systems, many … and guidance with experience in consultancy or supplier roles. Securing OT (Operational Technologies) with knowledge and understanding of challenges, particularly within military platforms and / or Critical National Infrastructure (CNI) Federation of Security Operations Centre (SOC)operations across two or more organisational environments such as enterprise, edge / deployed environments or cloud . Demonstrable knowledge of cyber detection (e.g., threat identification / intelligence, real-time monitoring, anomaly detection) and cyber response (e.g. incident response, eradication and remediation, recovery, post-incident analysis). DevSecOps. Zero Trust Architecture (ZTA) expertise for enterprise, cloud and air-gapped environments along More ❯

Perform Pre Cable and Pre deploy duties in cases where circuits and client sites are yet to be delivered or readied by vendors. Troubleshoot / Investigate and rectify circuit connection errors & circuit / hardware down scenarios using ServiceNow ticketing system and working closely with internal teams. Participate in … a Rota system to provide out of hours migration / switch over works providing on-site support if required to client premises nationwide. Perform Hardware upgrades on legacy equipment and re-cable as instructed. Participate in on-call / out of hours duties on various planned and unplanned … order of received tickets, workload for each day. Keep in line with internal and client agreed SLAs surrounding time taken to deliver each ticket / site deployment dependent on geographical location. Maintain a professional and disciplined approach at all times when working within Exponential-e Client Premises, Data Centres More ❯

an Infrastructure Engineer or Systems Engineer – ideally a minimum of 3 years Experience with multi-vendor enterprise IT infrastructure, installation, design, configuration and troubleshooting / support of computer, storage, networking, physical infrastructure and software. Experience managing technical service environments and delivering services in line with … internal and external SLAs. Experience of Information Security and controls to mitigate threats within secure IT environments. Experience of working to CIS, Microsoft, NCSC, ISO27001 and Cyber Essentials Plus frameworks. Networking knowledge and concepts including switching, routing, firewalls, load balancing, TCP / IP, VPN / VLAN, Routing, Enterprise … Wi-Fi, DHCP, DNS, IP Addressing, WAN, LAN. Storage knowledge of SAN, iSCSI, Multipath. Experience maintaining and troubleshooting Windows / Linux server and desktop platforms – Windows 10 / 11, Windows Server 2019 / 2022 / 2025, Ubuntu, and Debian. Experience with Active Directory, AD CS, GPO More ❯

Security and Data Protection, in alignment with the corporate Risk Framework, is another critical responsibility. Supporting internal and external audit activities related to Data / Information and Technology, such as ISO 27001 certification, risk management, business continuity, and relevant specific requirements, is also part of … IT departments, including budgeting and financial management, talent management, risk management, and IT audits. Familiarity with relevant compliance standards and regulations, such as ISO 27001 and the Data Protection Act, is crucial. A solid understanding of corporate productivity and technology tools, including Microsoft Office and Azure … also important. Desirable skills and qualifications include a degree in a relevant subject, such as Computer Science, Information Management, or Business Management. Experience and / or certification in leading data warehouse, analysis, and visualisation tools, such as Snowflake, Azure Synapse, Power Platform, Cognos, SAS, and Qlik, are highly valued. More ❯

vendors (AWS, GCP, Azure) and driving security policies and guide rails Experience working within a structured governance framework IT Security Qualification such as CISA / CISSP or BCS and PCI / ISA qualification Industry and Regulatory Experience The security architect is expected to have documented experience with the … and Frameworks Payment Card Industry Data Security Standard (PCI-DSS) General Data Protection Regulation (GDPR) and Privacy Practices ISO 27001 / 2 Knowledge of OWASP 10 NIST Cybersecurity Framework (CSF) CIS and Benchmarking By joining Morrisons, you not only become an essential asset to our More ❯