the EMEA EIT department to all relevant legislation and regulations, including but not limited to Health and Safety, Financial and Privacy laws. Main duties / responsibilities: Conduct information security, information system, and compliance-based risk assessments, evaluate responses and recommend risk treatment actions Develop and execute risk mitigation plans … in conjunction with relevant internal and external stakeholders / groups and to agreed timescales, following through to completion Support the creation, implementation and maintenance of information security policies and standards, in accordance with ISO27001 other relevant frameworks and standards (NIST CSF, IEC … relevant Support information security and compliance audits conducted in the department Qualifications and Experience required: Degree level qualified or equivalent - highly desirable. CISM and / or CRISC or other relevant certification is highly desirable ISO27001:2022 Lead Implementer / Auditor certification is essential. More ❯
the EMEA EIT department to all relevant legislation and regulations, including but not limited to Health and Safety, Financial and Privacy laws. Main duties / responsibilities: Conduct information security, information system, and compliance-based risk assessments, evaluate responses and recommend risk treatment actions Develop and execute risk mitigation plans … in conjunction with relevant internal and external stakeholders / groups and to agreed timescales, following through to completion Support the creation, implementation and maintenance of information security policies and standards, in accordance with ISO27001 other relevant frameworks and standards (NIST CSF, IEC … relevant Support information security and compliance audits conducted in the department Qualifications and Experience required: Degree level qualified or equivalent - highly desirable. CISM and / or CRISC or other relevant certification is highly desirable ISO27001:2022 Lead Implementer / Auditor certification is essential. More ❯
compliance effectiveness, you'll work across functions to support operational resilience and maintain alignment with global security and regulatory frameworks including: - ISO/IEC27001:2022 - NIST Cybersecurity Framework - PCI-DSS 4.0.1 - UK GDPR, NIS2 Directive, CAP1753, and related sector obligations . This … their ongoing security posture meets Virgin Atlantic requirements Conduct internal reviews against ISO, NIST, PCI, UK GDPR, and emerging requirements Support internal / external audits, evidence readiness, and corrective action tracking Maintain the policy and control framework, identifying non-compliance and advising on remediation or risk acceptance … and reliable protective security measures to effectively limit opportunities for attackers to compromise networks and systems is incorporated in project design. About you CRISC / CISA / CISM certification through ISACA or an equivalent professional body. ISO27001 Lead Implementer / Auditor certification More ❯
. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote. Close Date: 25 / 03 / 2025 We also provide the following additional benefits: Reservist Leave - Additional 18 days full pay and 22 unpaid. Personal Pension Plan … Information Security Management System Support: Operate and maintain the information security management system and artefacts, in compliance with ISO27001/ 27002 including the governance forum agenda and minutes. Policies and Standards: Establish GRC policies, standards and procedures to monitor UKPN information security controls, exceptions … standards. We are looking for a detailed knowledge and practical expertise in at least 3 of the following specialist areas: Specific Industry Standards. IS / IT Operational Controls and Governance. Business Continuity Planning and Disaster Recovery. Supply Chain and 3rd Party Risk Management. Problem Solving: The role must have More ❯
Southampton, Hampshire, United Kingdom Hybrid / WFH Options
NICE
all about? The Information Security Analyst is primarily responsible for ensuring compliance with information security frameworks such as Cyber Essentials, Cyber Essentials Plus, ISO27001, ISO 27701, ISO 42001, GDPR, and DORA. This role focuses on internal audits, regulatory compliance, and readiness … standards, and risk management processes. Audit Preparation: Assist internal control owners in scoping appropriate evidence and preparing for external audits. Gap Assessments: Facilitate and / or conduct internal gap assessments and audit readiness evaluations for frameworks such as ISO27001, GDPR, and DORA. Framework Tracking … sexual orientation or any other category protected by law. Apply for this job indicates a required field First Name Last Name Email Phone Resume / CV Enter manually Accepted file types: pdf, doc, docx, txt, rtf LinkedIn Profile Do you have any first-degree relatives (spouse, parent, child, sibling More ❯
implement security procedures and policies Support audit readiness and ISO27001 compliance What You Bring: Proven track record delivering infrastructure / security projects in fast-paced environments Experience with cloud platforms (AWS, GCP) and tools like Jira Knowledge of ISO27001 … and / or SOC 2 certification processes Excellent communication skills, including reporting to senior stakeholders A collaborative, problem-solving mindset Nice to Have: Direct experience supporting ISO27001 certification Familiarity with internal IT systems and Google Workspace Policy writing or compliance documentation experience What We … and trust in how you deliver Flexible working and hybrid setup (London-based) Potential for contract extension or longer-term opportunity 🔗 Apply now : https: // careers.natcapresearch.com / jobs / 5796067-technical-project-manager-contract More ❯
london, south east england, United Kingdom Hybrid / WFH Options
Natcap
implement security procedures and policies Support audit readiness and ISO27001 compliance What You Bring: Proven track record delivering infrastructure / security projects in fast-paced environments Experience with cloud platforms (AWS, GCP) and tools like Jira Knowledge of ISO27001 … and / or SOC 2 certification processes Excellent communication skills, including reporting to senior stakeholders A collaborative, problem-solving mindset Nice to Have: Direct experience supporting ISO27001 certification Familiarity with internal IT systems and Google Workspace Policy writing or compliance documentation experience What We … and trust in how you deliver Flexible working and hybrid setup (London-based) Potential for contract extension or longer-term opportunity 🔗 Apply now : https: // careers.natcapresearch.com / jobs / 5796067-technical-project-manager-contract More ❯
the Global Security Office Information Security Risk Register, its supporting processes, governance and reporting requirements. The successful candidate requires a strong understanding of ISO27001 security controls, exposure to the OnSpring GRC Tool and can effectively assess and communicate technical security requirements to teams across the … and other business leadership teams to drive a culture of risk awareness. Ensure that all security risks align with regulatory requirements such as ISO27001, NIST, GDPR, and other international security frameworks. Provide oversight and work closely with risk owners to manage the development and implementation … insights to executive leadership and board members. Relevant senior security certifications (e.g., CISSP, CISM, CRISC, CISA, ISO27001 Lead Implementer / Auditor) are highly desirable. More ❯
security standards and frameworks such as NCSC NIS Guidance, CAF, ISO27001, ISO 27005, NERC CIP, ISA-99 /IEC 62443, and NIST CSF. Collaborate effectively with client stakeholders, nurturing relationships and providing strategic cybersecurity counsel. Support business development and client … with leading cybersecurity standards and frameworks : NCSC NIS Guidance, CAF ISO27001, ISO 27005 NERC CIP ISA-99 /IEC 62443 NIST CSF Outstanding communication skills with the ability to engage both technical and non-technical stakeholders. Strong teamwork and collaboration More ❯
years+ experience leading Cyber Security Defense and Operations teams. Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and / or experience. Hold an industry recognised information security qualification such as GIAC / GCIA / GCIH, CISSP or CompTIA Advanced Security Practitioner … CASP+) and / or SIEM-specific training and certification. An understanding and knowledge of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISA /IEC 62443, ISO/IEC27001/ 27002, GDPR. Working knowledge of security technologies including but not limited to SIEM, SOAR, EDR, AV, IDS / IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics. Knowledge of adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (Mitre ATT&CK). Practical experience of incident response More ❯
reports, and evaluate technical and non-technical controls. Maintain and enhance TPRM documentation, including policies, workflows, and assessment templates aligned with ISO/IEC27001, NIST, and other relevant standards. Track and manage third-party risks through to remediation, working directly with vendors … functional risk assessments. Support the wider GRC team with reporting, metrics, and stakeholder communications. YOUR PROFILE: 3-5 years of experience in third-party / vendor risk management, preferably within an information security, risk, or compliance team. Strong working knowledge of information security standards and frameworks such as ISO/IEC27001, SOC 2, NIST CSF, or SIG. Familiarity with technology systems, infrastructure, and related security controls. Experience conducting vendor risk assessments, including reviewing SOC 2 reports and security questionnaires. Familiarity with GRC platforms and tools used for third-party or enterprise More ❯
and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance (e.g. ISO/IEC27001 and SOC 2 certification). What you'll be doing Develop, implement and monitor a strategic, comprehensive enterprise … a combination of risk management, information security and IT jobs. Knowledge of common regulatory and information security management frameworks, such as ISO/IEC27001, NIST, SOC 2 and GDPR. Excellent written and verbal communication skills and high level of personal integrity. Innovative More ❯
engineering and development team to ensure in-house technologies comply with relevant security standards, regulations, and industry certifications, such as OWASP, CIS, PCI-DSS, ISO27001 to ensure security is prioritised throughout the development lifecycle Maintains current understanding of policy, regulations, and compliance standards that affect assigned areas of responsibility and … practices 3+ years of information security experience in cloud environments. In depth experience secure coding practices, threat modeling, secure architecture design, and secure SDLC / CICD pipelines In-depth technical experience with identifying and advising on the remediation of application security vulnerabilities on application platforms, including cloud and web … and information security executives and in influencing stakeholders to achieve strategic objectives Experience in working with industry frameworks and standards such as OWASP, PCIDSS, ISO27001/ 27002, CIS and NIST Information Security (CISSP, CISA, Security +) and cloud certification (preferably GCP / AWS) What’s In It For More ❯
Almondsbury, Gloucestershire, United Kingdom Hybrid / WFH Options
Frontier Resourcing
code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO27001/ 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security … execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience … in product or application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO27001/ 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on More ❯
Bristol, Avon, South West, United Kingdom Hybrid / WFH Options
Frontier Resourcing Ltd
code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO27001/ 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security … execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience … in product or application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO27001/ 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on More ❯
cybersecurity or infrastructure security (CompTIA, ISACA, ISC2, GIAC, Microsoft, CREST, Cisco Security, or equivalent). Certifications in security governance and frameworks: ISO/IEC27001, IEC 62443, NIST CSF, CAF, or CIS Controls. Additional vendor or platform-specific certifications (AWS, Azure … are advantageous Essential skills Strong understanding of core cybersecurity principles, including confidentiality, integrity, availability, and risk management. Practical experience implementing security controls across IT / OT infrastructure. Proficiency in system hardening techniques. Ability to conduct technical risk assessments, identify control gaps, and propose actionable remediation plans. Familiarity with enterprise … with the ability to clearly explain technical risks and solutions to technical and non-technical stakeholders. Desired skills Familiarity with UK regulatory frameworks (NIS / NIS2, Ofgem CAF, ECAF, GDPR / DPA18, ISO27001, or Cyber Essentials Plus). Understanding secure architecture principles, including More ❯
to go above and beyond to ensure their needs are met. Listed multiple times on Gartner Market Guides for Managed Security Services. Job Role / Responsibilities Assisting our clients in securing their information systems (defining target objectives, developing action plans, implementing actions (organizational or technical), coordination, monitoring and managing … ISO 27005, EBIOS RM). Even better if you’re certified! You're curious and have already read cybersecurity frameworks and methodologies (ISO27001/ 2, IEC 62443, ANSSI, NIS, NIST…) Soft Skills Required: Mindset is key: you’re motivated, dynamic, and autonomous You enjoy teamwork … English (you can understand conversations, lead meetings, and write reports…) Other Requirements: Master’s degree or equivalent Certifications such as IEC 62443, ISO27001/ 2 / 5, EBIOS EM, ISC2 are a plus! Driver's license (B), useful for some travel Integrity360 Employee Benefits (UK) At More ❯
to go above and beyond to ensure their needs are met. Listed multiple times on Gartner Market Guides for Managed Security Services. Job Role / Responsibilities Assisting our clients in securing their information systems (defining target objectives, developing action plans, implementing actions (organizational or technical), coordination, monitoring and managing … ISO 27005, EBIOS RM). Even better if you’re certified! You're curious and have already read cybersecurity frameworks and methodologies (ISO27001/ 2, IEC 62443, ANSSI, NIS, NIST…) Soft Skills Required: Mindset is key: you’re motivated, dynamic, and autonomous You enjoy teamwork … English (you can understand conversations, lead meetings, and write reports…) Other Requirements: Master’s degree or equivalent Certifications such as IEC 62443, ISO27001/ 2 / 5, EBIOS EM, ISC2 are a plus! Driver's license (B), useful for some travel Integrity360 Employee Benefits (UK) At More ❯
Almondsbury, Gloucestershire, United Kingdom Hybrid / WFH Options
Frontier Resourcing
and Experience Required Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan ). An understanding of MOD ISN 23 / 09 Secure by Design. Knowledge of security frameworks, such as ISO/IEC27001, NIST … NIST 800-53 or OWASP. Experience of working with risk management frameworks and methodologies (e.g., ISO27001/ 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Why Join? You'll gain exposure to cutting-edge defence technology and intelligence insights, alongside good … salary & benefits . The client offers flexible working options, with some hybrid / remote working. Apply now to be immediately considered for this fantastic opportunity. More ❯
Bristol, Avon, South West, United Kingdom Hybrid / WFH Options
Frontier Resourcing Ltd
Required Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05 139). An understanding of MOD ISN 23 / 09 Secure by Design. Knowledge of security frameworks, such as ISO/IEC27001, NIST … NIST 800-53 or OWASP. Experience of working with risk management frameworks and methodologies (e.g., ISO27001/ 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Why Join? You'll gain exposure to cutting-edge defence technology and intelligence insights, alongside good … salary & benefits . The client offers flexible working options, with some hybrid / remote working. Apply now to be immediately considered for this fantastic opportunity. More ❯
may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO/IEC27001, NIST … NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO27001/ 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss More ❯
may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO/IEC27001, NIST … NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO27001/ 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss More ❯
Owners, developers, and technical teams on options to mitigate risk. The candidate must have excellent verbal, written, analytical and interpersonal communication skills. Essential Functions / Major Duties and Responsibilities Strategic Provide strategic direction specific to data security management. Build and maintain a robust data security program while aligning closely … security strategy in its annual iterations. Provide strong knowledge of building security into business expectations for the utilization and hosting of critical CLS data / information assets. Work with the Security Architects to build security into infrastructure and architecture designs and guide the implementation with the Operations team. Provide … improve the overall controls around data security. Keep informed of new and updated industry frameworks and regulations: GDPR, ISO27001/ 2, SANS Top 20 Critical Security Controls, NIST CSF, SP 800-53, PFMI, CPMI ISOCO and FFIEC handbook. Keep informed of new and emerging More ❯
Head of Information Security required for online retail business. The role will initially be focused on ISO27001 & ISO9001 recertifications. Responsibilities Lead on information security strategy and implementation of security roadmap Develop security KPIs and track their progress Advise senior management on risk levels and any changes impacting security posture, including … Conduct risk assessments, maintain risk registers, and design risk treatment plans. Support oversight of vulnerability tooling & processes, assess risk and prioritise remediation. Lead internal / external audits (ISO27001 and ISO 9001) and ensure compliance with regulations (GDPR). Support wider IT project … defined gates, provision of guidance and assessment of controls. As an ideal candidate, you will have a proven track record of bringing organisations through ISO27001 & ISO 9001 accreditations. ISO27001 lead implementer or auditor qualifications are essential. More ❯
Bristol, Gloucestershire, United Kingdom Hybrid / WFH Options
Duel
Information Security Engineer Hybrid: Remote / Bristol Reporting to: Joe Mathews - VP of Technology Salary: £45,000 - £50,000 About Us Duel is a SaaS company on a mission to make Brand Advocacy the industry standard playbook for building brilliant retail brands. It was founded by world record breaking … a timely manner. Learn and implement security monitoring and automation solutions to detect and respond to threats. Help manage security tooling, including SIEM, IDS / IPS, and vulnerability scanning solutions. Work closely with engineers to support secure coding practices and help embed security considerations early in the development process. … as Secureframe, Drata, or Vanta. Experience working with pen testing and bug bounties a plus. Basic understanding of security tools such as SIEM, IDS / IPS, and vulnerability management solutions. Experience or knowledge of cloud security (AWS, GCP, or Azure). Awareness of security best practices in application and More ❯