ISO/IEC 27001 Jobs in the UK

1 to 25 of 899 ISO/IEC 27001 Jobs in the UK

Information Security Compliance Analyst

Hertfordshire, England, United Kingdom
Cpl Life Sciences
the EMEA EIT department to all relevant legislation and regulations, including but not limited to Health and Safety, Financial and Privacy laws. Main duties / responsibilities: Conduct information security, information system, and compliance-based risk assessments, evaluate responses and recommend risk treatment actions Develop and execute risk mitigation plans … in conjunction with relevant internal and external stakeholders / groups and to agreed timescales, following through to completion Support the creation, implementation and maintenance of information security policies and standards, in accordance with ISO 27001 other relevant frameworks and standards (NIST CSF, IEC … relevant Support information security and compliance audits conducted in the department Qualifications and Experience required: Degree level qualified or equivalent - highly desirable. CISM and / or CRISC or other relevant certification is highly desirable ISO 27001:2022 Lead Implementer / Auditor certification is essential. More ❯
Posted:

Information Security Compliance Analyst

hertfordshire, east anglia, United Kingdom
Cpl Life Sciences
the EMEA EIT department to all relevant legislation and regulations, including but not limited to Health and Safety, Financial and Privacy laws. Main duties / responsibilities: Conduct information security, information system, and compliance-based risk assessments, evaluate responses and recommend risk treatment actions Develop and execute risk mitigation plans … in conjunction with relevant internal and external stakeholders / groups and to agreed timescales, following through to completion Support the creation, implementation and maintenance of information security policies and standards, in accordance with ISO 27001 other relevant frameworks and standards (NIST CSF, IEC … relevant Support information security and compliance audits conducted in the department Qualifications and Experience required: Degree level qualified or equivalent - highly desirable. CISM and / or CRISC or other relevant certification is highly desirable ISO 27001:2022 Lead Implementer / Auditor certification is essential. More ❯
Posted:

Consultant - Information Security

Crawley, Sussex, United Kingdom
ENGINEERINGUK
compliance effectiveness, you'll work across functions to support operational resilience and maintain alignment with global security and regulatory frameworks including: - ISO / IEC 27001:2022 - NIST Cybersecurity Framework - PCI-DSS 4.0.1 - UK GDPR, NIS2 Directive, CAP1753, and related sector obligations . This … their ongoing security posture meets Virgin Atlantic requirements Conduct internal reviews against ISO, NIST, PCI, UK GDPR, and emerging requirements Support internal / external audits, evidence readiness, and corrective action tracking Maintain the policy and control framework, identifying non-compliance and advising on remediation or risk acceptance … and reliable protective security measures to effectively limit opportunities for attackers to compromise networks and systems is incorporated in project design. About you CRISC / CISA / CISM certification through ISACA or an equivalent professional body. ISO 27001 Lead Implementer / Auditor certification More ❯
Employment Type: Permanent
Salary: GBP Annual
Posted:

Senior Cyber Security (GRC) Analyst

London, United Kingdom
UK Power Networks
. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote. Close Date: 25 / 03 / 2025 We also provide the following additional benefits: Reservist Leave - Additional 18 days full pay and 22 unpaid. Personal Pension Plan … Information Security Management System Support: Operate and maintain the information security management system and artefacts, in compliance with ISO 27001 / 27002 including the governance forum agenda and minutes. Policies and Standards: Establish GRC policies, standards and procedures to monitor UKPN information security controls, exceptions … standards. We are looking for a detailed knowledge and practical expertise in at least 3 of the following specialist areas: Specific Industry Standards. IS / IT Operational Controls and Governance. Business Continuity Planning and Disaster Recovery. Supply Chain and 3rd Party Risk Management. Problem Solving: The role must have More ❯
Employment Type: Permanent
Salary: GBP Annual
Posted:

Information Security Analyst - Audit, Compliance & Cybersecurity

Southampton, Hampshire, United Kingdom
Hybrid / WFH Options
NICE
all about? The Information Security Analyst is primarily responsible for ensuring compliance with information security frameworks such as Cyber Essentials, Cyber Essentials Plus, ISO 27001, ISO 27701, ISO 42001, GDPR, and DORA. This role focuses on internal audits, regulatory compliance, and readiness … standards, and risk management processes. Audit Preparation: Assist internal control owners in scoping appropriate evidence and preparing for external audits. Gap Assessments: Facilitate and / or conduct internal gap assessments and audit readiness evaluations for frameworks such as ISO 27001, GDPR, and DORA. Framework Tracking … sexual orientation or any other category protected by law. Apply for this job indicates a required field First Name Last Name Email Phone Resume / CV Enter manually Accepted file types: pdf, doc, docx, txt, rtf LinkedIn Profile Do you have any first-degree relatives (spouse, parent, child, sibling More ❯
Employment Type: Permanent
Salary: GBP Annual
Posted:

Technical Project Manager

London Area, United Kingdom
Hybrid / WFH Options
Natcap
implement security procedures and policies Support audit readiness and ISO 27001 compliance What You Bring: Proven track record delivering infrastructure / security projects in fast-paced environments Experience with cloud platforms (AWS, GCP) and tools like Jira Knowledge of ISO 27001 … and / or SOC 2 certification processes Excellent communication skills, including reporting to senior stakeholders A collaborative, problem-solving mindset Nice to Have: Direct experience supporting ISO 27001 certification Familiarity with internal IT systems and Google Workspace Policy writing or compliance documentation experience What We … and trust in how you deliver Flexible working and hybrid setup (London-based) Potential for contract extension or longer-term opportunity 🔗 Apply now : https: / / careers.natcapresearch.com / jobs / 5796067-technical-project-manager-contract More ❯
Posted:

Technical Project Manager

london, south east england, United Kingdom
Hybrid / WFH Options
Natcap
implement security procedures and policies Support audit readiness and ISO 27001 compliance What You Bring: Proven track record delivering infrastructure / security projects in fast-paced environments Experience with cloud platforms (AWS, GCP) and tools like Jira Knowledge of ISO 27001 … and / or SOC 2 certification processes Excellent communication skills, including reporting to senior stakeholders A collaborative, problem-solving mindset Nice to Have: Direct experience supporting ISO 27001 certification Familiarity with internal IT systems and Google Workspace Policy writing or compliance documentation experience What We … and trust in how you deliver Flexible working and hybrid setup (London-based) Potential for contract extension or longer-term opportunity 🔗 Apply now : https: / / careers.natcapresearch.com / jobs / 5796067-technical-project-manager-contract More ❯
Posted:

GRC Information Security Risk Manager

London, United Kingdom
Alvarez & Marsal Deutschland GmbH
the Global Security Office Information Security Risk Register, its supporting processes, governance and reporting requirements. The successful candidate requires a strong understanding of ISO 27001 security controls, exposure to the OnSpring GRC Tool and can effectively assess and communicate technical security requirements to teams across the … and other business leadership teams to drive a culture of risk awareness. Ensure that all security risks align with regulatory requirements such as ISO 27001, NIST, GDPR, and other international security frameworks. Provide oversight and work closely with risk owners to manage the development and implementation … insights to executive leadership and board members. Relevant senior security certifications (e.g., CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer / Auditor) are highly desirable. More ❯
Employment Type: Permanent
Salary: GBP Annual
Posted:

Operational Technology consultant

England, United Kingdom
Cognitive Group | Part of the Focus Cloud Group
security standards and frameworks such as NCSC NIS Guidance, CAF, ISO 27001, ISO 27005, NERC CIP, ISA-99 / IEC 62443, and NIST CSF. Collaborate effectively with client stakeholders, nurturing relationships and providing strategic cybersecurity counsel. Support business development and client … with leading cybersecurity standards and frameworks : NCSC NIS Guidance, CAF ISO 27001, ISO 27005 NERC CIP ISA-99 / IEC 62443 NIST CSF Outstanding communication skills with the ability to engage both technical and non-technical stakeholders. Strong teamwork and collaboration More ❯
Posted:

Security Operations Manager

Crawley, England, United Kingdom
InfoSec People Ltd
years+ experience leading Cyber Security Defense and Operations teams. Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and / or experience. Hold an industry recognised information security qualification such as GIAC / GCIA / GCIH, CISSP or CompTIA Advanced Security Practitioner … CASP+) and / or SIEM-specific training and certification. An understanding and knowledge of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISA / IEC 62443, ISO / IEC 27001 / 27002, GDPR. Working knowledge of security technologies including but not limited to SIEM, SOAR, EDR, AV, IDS / IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics. Knowledge of adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (Mitre ATT&CK). Practical experience of incident response More ❯
Posted:

InfoSec Third Party Assurance Specialist

London, United Kingdom
Sportradar AG
reports, and evaluate technical and non-technical controls. Maintain and enhance TPRM documentation, including policies, workflows, and assessment templates aligned with ISO / IEC 27001, NIST, and other relevant standards. Track and manage third-party risks through to remediation, working directly with vendors … functional risk assessments. Support the wider GRC team with reporting, metrics, and stakeholder communications. YOUR PROFILE: 3-5 years of experience in third-party / vendor risk management, preferably within an information security, risk, or compliance team. Strong working knowledge of information security standards and frameworks such as ISO / IEC 27001, SOC 2, NIST CSF, or SIG. Familiarity with technology systems, infrastructure, and related security controls. Experience conducting vendor risk assessments, including reviewing SOC 2 reports and security questionnaires. Familiarity with GRC platforms and tools used for third-party or enterprise More ❯
Employment Type: Permanent
Salary: GBP Annual
Posted:

Chief Information Officer (CIO)

London, United Kingdom
Hybrid / WFH Options
Quinyx
and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance (e.g. ISO / IEC 27001 and SOC 2 certification). What you'll be doing Develop, implement and monitor a strategic, comprehensive enterprise … a combination of risk management, information security and IT jobs. Knowledge of common regulatory and information security management frameworks, such as ISO / IEC 27001, NIST, SOC 2 and GDPR. Excellent written and verbal communication skills and high level of personal integrity. Innovative More ❯
Employment Type: Permanent
Salary: GBP Annual
Posted:

Senior Information Security Consultant

Leeds, England, United Kingdom
TransUnion
engineering and development team to ensure in-house technologies comply with relevant security standards, regulations, and industry certifications, such as OWASP, CIS, PCI-DSS, ISO27001 to ensure security is prioritised throughout the development lifecycle Maintains current understanding of policy, regulations, and compliance standards that affect assigned areas of responsibility and … practices 3+ years of information security experience in cloud environments. In depth experience secure coding practices, threat modeling, secure architecture design, and secure SDLC / CICD pipelines In-depth technical experience with identifying and advising on the remediation of application security vulnerabilities on application platforms, including cloud and web … and information security executives and in influencing stakeholders to achieve strategic objectives Experience in working with industry frameworks and standards such as OWASP, PCIDSS, ISO27001 / 27002, CIS and NIST Information Security (CISSP, CISA, Security +) and cloud certification (preferably GCP / AWS) What’s In It For More ❯
Posted:

Security Engineer

Almondsbury, Gloucestershire, United Kingdom
Hybrid / WFH Options
Frontier Resourcing
code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 / 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security … execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience … in product or application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on More ❯
Employment Type: Permanent
Salary: GBP Annual
Posted:

Security Engineer

Bristol, Avon, South West, United Kingdom
Hybrid / WFH Options
Frontier Resourcing Ltd
code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 / 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security … execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience … in product or application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on More ❯
Employment Type: Permanent, Work From Home
Posted:

Cybersecurity Solutions Engineer

London, United Kingdom
Expleo UK LTD
cybersecurity or infrastructure security (CompTIA, ISACA, ISC2, GIAC, Microsoft, CREST, Cisco Security, or equivalent). Certifications in security governance and frameworks: ISO / IEC 27001, IEC 62443, NIST CSF, CAF, or CIS Controls. Additional vendor or platform-specific certifications (AWS, Azure … are advantageous Essential skills Strong understanding of core cybersecurity principles, including confidentiality, integrity, availability, and risk management. Practical experience implementing security controls across IT / OT infrastructure. Proficiency in system hardening techniques. Ability to conduct technical risk assessments, identify control gaps, and propose actionable remediation plans. Familiarity with enterprise … with the ability to clearly explain technical risks and solutions to technical and non-technical stakeholders. Desired skills Familiarity with UK regulatory frameworks (NIS / NIS2, Ofgem CAF, ECAF, GDPR / DPA18, ISO 27001, or Cyber Essentials Plus). Understanding secure architecture principles, including More ❯
Employment Type: Permanent
Posted:

OT Cyber Security Consultant

London Area, United Kingdom
Integrity360
to go above and beyond to ensure their needs are met. Listed multiple times on Gartner Market Guides for Managed Security Services. Job Role / Responsibilities Assisting our clients in securing their information systems (defining target objectives, developing action plans, implementing actions (organizational or technical), coordination, monitoring and managing … ISO 27005, EBIOS RM). Even better if you’re certified! You're curious and have already read cybersecurity frameworks and methodologies (ISO27001 / 2, IEC 62443, ANSSI, NIS, NIST…) Soft Skills Required: Mindset is key: you’re motivated, dynamic, and autonomous You enjoy teamwork … English (you can understand conversations, lead meetings, and write reports…) Other Requirements: Master’s degree or equivalent Certifications such as IEC 62443, ISO27001 / 2 / 5, EBIOS EM, ISC2 are a plus! Driver's license (B), useful for some travel Integrity360 Employee Benefits (UK) At More ❯
Posted:

OT Cyber Security Consultant

london, south east england, United Kingdom
Integrity360
to go above and beyond to ensure their needs are met. Listed multiple times on Gartner Market Guides for Managed Security Services. Job Role / Responsibilities Assisting our clients in securing their information systems (defining target objectives, developing action plans, implementing actions (organizational or technical), coordination, monitoring and managing … ISO 27005, EBIOS RM). Even better if you’re certified! You're curious and have already read cybersecurity frameworks and methodologies (ISO27001 / 2, IEC 62443, ANSSI, NIS, NIST…) Soft Skills Required: Mindset is key: you’re motivated, dynamic, and autonomous You enjoy teamwork … English (you can understand conversations, lead meetings, and write reports…) Other Requirements: Master’s degree or equivalent Certifications such as IEC 62443, ISO27001 / 2 / 5, EBIOS EM, ISC2 are a plus! Driver's license (B), useful for some travel Integrity360 Employee Benefits (UK) At More ❯
Posted:

Security Architect

Almondsbury, Gloucestershire, United Kingdom
Hybrid / WFH Options
Frontier Resourcing
and Experience Required Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan ). An understanding of MOD ISN 23 / 09 Secure by Design. Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP. Experience of working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Why Join? You'll gain exposure to cutting-edge defence technology and intelligence insights, alongside good … salary & benefits . The client offers flexible working options, with some hybrid / remote working. Apply now to be immediately considered for this fantastic opportunity. More ❯
Employment Type: Permanent
Salary: GBP Annual
Posted:

Security Architect

Bristol, Avon, South West, United Kingdom
Hybrid / WFH Options
Frontier Resourcing Ltd
Required Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05 139). An understanding of MOD ISN 23 / 09 Secure by Design. Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP. Experience of working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Why Join? You'll gain exposure to cutting-edge defence technology and intelligence insights, alongside good … salary & benefits . The client offers flexible working options, with some hybrid / remote working. Apply now to be immediately considered for this fantastic opportunity. More ❯
Employment Type: Permanent, Work From Home
Posted:

Product Security Architect

Greater Bristol Area, United Kingdom
Advanced Resource Managers
may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss More ❯
Posted:

Product Security Architect

Bristol, United Kingdom
ARM
may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss More ❯
Employment Type: Permanent
Salary: GBP 75,000 - 85,000 Annual
Posted:

Director, Data Security

London, United Kingdom
CLS Group
Owners, developers, and technical teams on options to mitigate risk. The candidate must have excellent verbal, written, analytical and interpersonal communication skills. Essential Functions / Major Duties and Responsibilities Strategic Provide strategic direction specific to data security management. Build and maintain a robust data security program while aligning closely … security strategy in its annual iterations. Provide strong knowledge of building security into business expectations for the utilization and hosting of critical CLS data / information assets. Work with the Security Architects to build security into infrastructure and architecture designs and guide the implementation with the Operations team. Provide … improve the overall controls around data security. Keep informed of new and updated industry frameworks and regulations: GDPR, ISO 27001 / 2, SANS Top 20 Critical Security Controls, NIST CSF, SP 800-53, PFMI, CPMI ISOCO and FFIEC handbook. Keep informed of new and emerging More ❯
Employment Type: Permanent
Salary: GBP Annual
Posted:

Head of Information Security

Reading, England, United Kingdom
Barclay Simpson
Head of Information Security required for online retail business. The role will initially be focused on ISO27001 & ISO9001 recertifications. Responsibilities Lead on information security strategy and implementation of security roadmap Develop security KPIs and track their progress Advise senior management on risk levels and any changes impacting security posture, including … Conduct risk assessments, maintain risk registers, and design risk treatment plans. Support oversight of vulnerability tooling & processes, assess risk and prioritise remediation. Lead internal / external audits (ISO 27001 and ISO 9001) and ensure compliance with regulations (GDPR). Support wider IT project … defined gates, provision of guidance and assessment of controls. As an ideal candidate, you will have a proven track record of bringing organisations through ISO27001 & ISO 9001 accreditations. ISO27001 lead implementer or auditor qualifications are essential. More ❯
Posted:

Information Security Engineer Engineering Team Bristol Office

Bristol, Gloucestershire, United Kingdom
Hybrid / WFH Options
Duel
Information Security Engineer Hybrid: Remote / Bristol Reporting to: Joe Mathews - VP of Technology Salary: £45,000 - £50,000 About Us Duel is a SaaS company on a mission to make Brand Advocacy the industry standard playbook for building brilliant retail brands. It was founded by world record breaking … a timely manner. Learn and implement security monitoring and automation solutions to detect and respond to threats. Help manage security tooling, including SIEM, IDS / IPS, and vulnerability scanning solutions. Work closely with engineers to support secure coding practices and help embed security considerations early in the development process. … as Secureframe, Drata, or Vanta. Experience working with pen testing and bug bounties a plus. Basic understanding of security tools such as SIEM, IDS / IPS, and vulnerability management solutions. Experience or knowledge of cloud security (AWS, GCP, or Azure). Awareness of security best practices in application and More ❯
Employment Type: Permanent
Salary: GBP Annual
Posted:
ISO/IEC 27001
10th Percentile
£40,950
25th Percentile
£51,250
Median
£65,000
75th Percentile
£79,693
90th Percentile
£102,500