5 of 5 ISO/IEC 27002 (supersedes ISO/IEC 17799) Jobs in England

Location: London / Greater London / Home-based with regular travel Reports To: Certification Manager / Head of Audit and Compliance Department: Information Security Certification About Us We are a UKAS-accredited certification body delivering independent audit and certification services across multiple management system … join our expanding audit team. Youll lead and conduct Information Security Management System (ISMS) audits in line with ISO / IEC 27001:2022 , ISO 17021 , and UKAS requirements. Key Responsibilities Plan, conduct, and report Stage

requirements throughout the product and system development lifecycle. Lead threat modelling and risk assessments, applying frameworks such as ISO / IEC 27001, NIST 800-30 / 53, and ISO 31000. Advise on secure architectures … information risks. Collaborate with multi-disciplinary teams to ensure compliance with MOD and HMG standards, including JSPs, Def Stan 05-, and ISN 23 / 09 Secure by Design. Support incident response and remediation activities for security events affecting products and systems. Produce and maintain security documentation, policies

technologies such as Splunk, Sentinel, and QRadar. Thorough grasp of security standard methodologies and protocols, for instance ISO 27001 / 27002, PCI DSS. Familiarity with security frameworks such as NIST, ISO, and CIS. Experience with programming languages such

effectiveness and follow up on remediation actions Evaluate compliance against internal standards, regulatory expectations and recognised industry frameworks (such as NIST and ISO) Assist with supplier due diligence and third-party technology risk assessments Support elements of the operational resilience programme and technology incident review activity … ability to break down detail and provide clear conclusions Comfortable working across several workstreams at once Knowledge of ISO 27002, NIST, PCI DSS, UK GDPR or cloud environments (such as Azure) would be advantageous This role would suit someone who enjoys detail, enjoys engaging

effectiveness and follow up on remediation actions Evaluate compliance against internal standards, regulatory expectations and recognised industry frameworks (such as NIST and ISO) Assist with supplier due diligence and third-party technology risk assessments Support elements of the operational resilience programme and technology incident review activity … ability to break down detail and provide clear conclusions Comfortable working across several workstreams at once Knowledge of ISO 27002, NIST, PCI DSS, UK GDPR or cloud environments (such as Azure) would be advantageous This role would suit someone who enjoys detail, enjoys engaging