1 to 25 of 55 ISO/IEC 27002 (supersedes ISO/IEC 17799) Jobs in the UK

of belonging, hear from some of our employees as they share their story about what it's really like to work at HMRC. < / iframe> < / p> Visit our YouTube channel< / a> to watch the full series and come and discover your potential. … / p> Are you passionate about Cyber Security and Enterprise Architecture?< / p> Do you have senior-level experience as a Cyber Security Professional?< / p> Join us to shape the security technology and tooling strategy for HMRC and influence the UK Public Sector. … Enjoy a healthy work / life balance while making a significant impact. < / p> HMRC are now one of the most digitally advanced tax authorities in the world and are continuing to spend the next five years modernising our IT Landscape across Multi-Hybrid Cloud Platform. More ❯

This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote. Close Date: 25 / 03 / 2025 We also provide the following additional benefits: Reservist Leave - Additional 18 days full pay and 22 unpaid. Personal Pension … Security Management System Support: Operate and maintain the information security management system and artefacts, in compliance with ISO 27001 / 27002 including the governance forum agenda and minutes. Policies and Standards: Establish GRC policies, standards and procedures to monitor UKPN information security … We are looking for a detailed knowledge and practical expertise in at least 3 of the following specialist areas: Specific Industry Standards. IS / IT Operational Controls and Governance. Business Continuity Planning and Disaster Recovery. Supply Chain and 3rd Party Risk Management. Problem Solving: The role must have More ❯

and security policies. Monitoring and administering the installation and integration of corporate network communications, including routers, switches, firewalls, DMZ, servers, telephony and LAN / WAN communication services. Managing the IP space across the organisation ensuring VLANs, IP Subnet, DNS, DHCP, VPNs, and VoIP traffic is well designed, secure … and emergency hardware failure protocols. Providing regular service status updates to line management and agree and monitor service availability targets. Ensuring the active / active WAN bandwidth and connectivity services are sufficient, balanced and perform efficiently. Planning and testing failover of critical operational services. Researching latest networking developments … Technical IT role maintaining secure networks in a MS Windows environment in a multi-disciplined organisation. Expert knowledge of and experience in LAN / WAN / VLAN communications, VPN configuration and enterprise wireless networking. Experience of Dell switches with fibre is preferable. CCNA / More ❯

experience leading Cyber Security Defense and Operations teams. Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and / or experience. Hold an industry recognised information security qualification such as GIAC / GCIA / GCIH, CISSP or CompTIA Advanced … Security Practitioner (CASP+) and / or SIEM-specific training and certification. An understanding and knowledge of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISA / IEC 62443, ISO / IEC 27001 / 27002, GDPR. Working knowledge of security technologies including but not limited to SIEM, SOAR, EDR, AV, IDS / IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics. Knowledge of adversarial tactics, techniques, procedures (TTPs More ❯

part of the leadership team responsible for protecting a rapidly expanding global enterprise. The OT Manager, Cybersecurity, will audit the Industrial Control System / Operational Technology (ICS / OT) environment and perform risk / vulnerability assessments leading to the development of an enterprise strategy … / design plan. The OT Manager, Cybersecurity, will lead the team on implementation (hands-on configuration) of the enterprise ICS / OT systems Additional responsibilities include research, classification, and root cause analysis of security events that occur within the environment. The ideal candidate will have security … security assessments in an OT environment. Excellent leadership skills as this is a people manager role. Strong understanding of cybersecurity frameworks for ICS / OT environments Strong understanding of OT network communication protocols and industrial networking topologies. Familiarity with NIST (National Institute of Standards and Technology) Special Publication More ❯

EMEA EIT department to all relevant legislation and regulations, including but not limited to Health and Safety, Financial and Privacy laws. Main duties / responsibilities: Conduct information security, information system, and compliance-based risk assessments, evaluate responses and recommend risk treatment actions Develop and execute risk mitigation plans … in conjunction with relevant internal and external stakeholders / groups and to agreed timescales, following through to completion Support the creation, implementation and maintenance of information security policies and standards, in accordance with ISO 27001 other relevant frameworks and standards (NIST CSF, IEC … Support information security and compliance audits conducted in the department Qualifications and Experience required: Degree level qualified or equivalent - highly desirable. CISM and / or CRISC or other relevant certification is highly desirable ISO 27001:2022 Lead Implementer / Auditor certification is More ❯

to strengthen operational resilience, evaluate third-party technology providers, and support incident response and investigations. Experience: Cyber Security Knowledge – Solid understanding of cyber / information security frameworks such as NIST and ISO / IEC 27002 More ❯

to strengthen operational resilience, evaluate third-party technology providers, and support incident response and investigations. Experience: Cyber Security Knowledge – Solid understanding of cyber / information security frameworks such as NIST and ISO / IEC 27002 More ❯

Experience Required Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan ). An understanding of MOD ISN 23 / 09 Secure by Design. Knowledge of security frameworks, such as ISO / IEC … NIST 800-53 or OWASP. Experience of working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Why Join? You'll gain exposure to cutting-edge defence technology and intelligence insights … alongside good salary & benefits . The client offers flexible working options, with some hybrid / remote working. Apply now to be immediately considered for this fantastic opportunity. More ❯

Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05 139). An understanding of MOD ISN 23 / 09 Secure by Design. Knowledge of security frameworks, such as ISO / IEC … NIST 800-53 or OWASP. Experience of working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Why Join? You'll gain exposure to cutting-edge defence technology and intelligence insights … alongside good salary & benefits . The client offers flexible working options, with some hybrid / remote working. Apply now to be immediately considered for this fantastic opportunity. More ❯

include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC … NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply More ❯

include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC … NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply More ❯

include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC … NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply More ❯

include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC … NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply More ❯

reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 / 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance … penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven … product or application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / More ❯

reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 / 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance … penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven … product or application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / More ❯

not limited to: Technical & organizational security controls Cyber and digital transformation activities Remediation workstreams and roadmaps Policy & process implementation Information Security Maturity Audits / CMMI Certification or alignment with recognised industry standards Compliance with applicable regulations & legislation Building and implementing governance & risk management processes Design implementation and testing … of security tooling BC / DR & Incident response capability building and testing Production of threat intelligence reports and research Supply Chain Risk Management Consultants must possess and be able to demonstrate credibility and experience as well as currency in these fundamental skill sets. Consultants will work with industry … reporting and feedback when required. Support, when necessary, the development of opportunities by contributing as an SME in response to client RFPs and / or the construction of proposal documents and responses. Develop timely, accurate reporting that can convey technical findings to non-technical audiences at all levels More ❯

a sound understanding of cyber and information security, including frameworks like NIST and ISO IEC 27002:202. It will be great if you also know about PCI-DSS V4.0 as well. Clear Communication -You'll be able to discuss these … a range of support to help you keep yourself well. We have the thrive mental health app, our colleague assistance programme available 24 / 7, our own, in-house mental health first aiders, support groups and a dedicated team to make sure we are covering your needs There … means we treat people fairly. We welcome applications from all suitably skilled persons regardless of their gender, age, race, disability, ethnic background, religion / belief, sexual orientation, gender reassignment or marital / family status. Please also note that we have a thorough referencing process, which includes More ❯

a sound understanding of cyber and information security, including frameworks like NIST and ISO IEC 27002:202. It will be great if you also know about PCI-DSS V4.0 as well. Clear Communication -You'll be able to discuss these … a range of support to help you keep yourself well. We have the thrive mental health app, our colleague assistance programme available 24 / 7, our own, in-house mental health first aiders, support groups and a dedicated team to make sure we are covering your needs There … means we treat people fairly. We welcome applications from all suitably skilled persons regardless of their gender, age, race, disability, ethnic background, religion / belief, sexual orientation, gender reassignment or marital / family status. Please also note that we have a thorough referencing process, which includes More ❯

a comprehensive security architecture aligned with Casella's business goals, objectives, and regulatory requirements. Design and review security solutions, including firewalls, intrusion detection / prevention systems, antivirus software, and encryption protocols. Conduct regular risk assessments to identify vulnerabilities and recommend security measures through company-wide testing. Collaborate with … testing, and debugging technologies. Experience or interest in environmental and sustainability fields is a plus. Knowledge of ISO 27001 / 27002, ITIL, and COBIT frameworks is preferred. A Bachelor's Degree in IT, Cybersecurity, or Information Security, or equivalent experience, is required. More ❯

organization. The position will be responsible for the design, implementation, security, maintenance, and optimization of BRG's local and wide area networks (LAN / WAN / WLAN). This is defined as management of Datacenter and Office based MDF rooms, ownership of our 3 rd party … NOC relationship, and Business Continuity Planning and IT Disaster Recovery (BCP / DR). An overall emphasis on perimeter network security configuration as it applies to datacenter, branch office, and cloud networks to ensure the security of BRG's employees for both on-prem and cloud services through … Active Directory). Strong understanding of desktops (Windows and MacOS), networks, hardware, and cloud platforms. Familiarity with industry frameworks and standards such as SOC2, ISO27002, HIPAA, HITRUST Soft Skills: Excellent oral and written communication skills.Ability to present detailed or complicated information in an understandable way to non-technologists. Ability to More ❯

design principles. Conduct threat modelling exercises to identify and mitigate potential risks. Ensure compliance with security regulations such as ISO27001, NIST 800-30 / 37 / 53, JSP 440, 604, and Defence Standards. Develop and maintain security documentation (e.g., RMADS, Security Assurance Documents, Security Management Plans … testing, vulnerability assessments, and remediation activities. Key Skills & Experience: Strong knowledge of risk management frameworks and methodologies (ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) . Experience with defence and government security standards (JSPs, Def Stan … / 139). Proficiency in security testing tools, technologies, and techniques. Ability to analyze and mitigate security vulnerabilities effectively. Strong problem-solving, decision-making, and communication skills. Qualifications & Requirements: Degree in Cybersecurity, Computer Science, or a related field (or equivalent experience). Industry certifications such as CISSP, OSCP More ❯

design principles. Conduct threat modelling exercises to identify and mitigate potential risks. Ensure compliance with security regulations such as ISO27001, NIST 800-30 / 37 / 53, JSP 440, 604, and Defence Standards. Develop and maintain security documentation (e.g., RMADS, Security Assurance Documents, Security Management Plans … testing, vulnerability assessments, and remediation activities. Key Skills & Experience: Strong knowledge of risk management frameworks and methodologies (ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) . Experience with defence and government security standards (JSPs, Def Stan … / 139). Proficiency in security testing tools, technologies, and techniques. Ability to analyze and mitigate security vulnerabilities effectively. Strong problem-solving, decision-making, and communication skills. Qualifications & Requirements: Degree in Cybersecurity, Computer Science, or a related field (or equivalent experience). Industry certifications such as CISSP, OSCP More ❯

developers, and technical teams on options to mitigate risk. The candidate must have excellent verbal, written, analytical and interpersonal communication skills. Essential Functions / Major Duties and Responsibilities Strategic Provide strategic direction specific to data security management. Build and maintain a robust data security program while aligning closely … strategy in its annual iterations. Provide strong knowledge of building security into business expectations for the utilization and hosting of critical CLS data / information assets. Work with the Security Architects to build security into infrastructure and architecture designs and guide the implementation with the Operations team. Provide … the overall controls around data security. Keep informed of new and updated industry frameworks and regulations: GDPR, ISO 27001 / 2, SANS Top 20 Critical Security Controls, NIST CSF, SP 800-53, PFMI, CPMI ISOCO and FFIEC handbook. Keep informed of new and emerging More ❯

threat modelling, undertake risk assessment, evaluate the effectiveness of security controls Verify and evidence alignment to 'Secure by Design' principles, corporate security policy / standards as well as industry recognised frameworks and best practice What you'll be doing: Develop, deliver and continually enhance a coherent approach to … quantify and lead risk mitigation plans Work with Service Management to ensure that partners and suppliers adhere to agreed standards, policies and verify / evidence appropriate compliance and security KPIs Work closely with 1st, 2nd and 3rd lines of defence on all matters relating to cyber security, information … and technical security controls are maintained What experience you'll bring: Minimum of 5 years' experience in a multi-tiered IT enterprise environment / Governance, Risk and Compliance role Minimum of 5 years' experience in a Governance, Risk and Compliance role A track record of delivering security solutions More ❯