21 of 21 ISO/IEC 27002 (supersedes ISO/IEC 17799) Jobs in the UK

support incident response and investigations. Responsibilities : Undertake security assessments of control effectiveness across the controls set out in ISO IEC 27002:2022, finding any vulnerabilities or weakness in controls to first line and monitoring progress on remediation recording against the risks in decision focus. Assess compliance with information security policies … Prior Financial Services Experience Risk Management Expertise – Understanding of technology risk management; familiarity with enterprise-wide risk frameworks is a plus Cyber Security Knowledge – Solid understanding of cyber / information security frameworks such as NIST and ISO / IEC 27002:2022 Strong Communication Skills – Ability to More ❯

Incident Response (CSIRT) / Security Operations Centre (SOC) Level 3 Analyst 2-3 Days onsite - Crawley 6-9 Month duration Reporting line: The Analyst will report to the Cyber Security Response Manager and work within the Information Systems directorate, based in the Crawley office. Job purpose: The role of an Incident Response (CSIRT) / SOC Level … contained and eradicated. Cyber Crisis Testing: Participate in cyber-attack simulations and scenario exercises to test resilience and improve preparedness. Reporting: Develop and improve reporting dashboards and security / performance metrics to drive continuous improvement in security operations. Security Tools Support: Support the implementation, maintenance, and configuration of security tools and systems for prevention, detection, and response. Audit … environments. SOC-specific training, qualifications, or a degree in Computer Science, Cybersecurity, IT, or a related subject. Ideally hold recognised security qualifications such as CISSP, AZ-500, GIAC / GCIA / GCIH, CASP+, CEH, or SIEM certifications. Strong knowledge of log correlation, analysis, forensics, and chain of custody requirements. Familiarity with regulatory frameworks (NCSC CAF, ISO More ❯

Incident Response (CSIRT) / Security Operations Centre (SOC) Level 3 Analyst 2-3 Days onsite - Crawley 6-9 Month duration Reporting line: The Analyst will report to the Cyber Security Response Manager and work within the Information Systems directorate, based in the Crawley office. Job purpose: The role of an Incident Response (CSIRT) / SOC Level … contained and eradicated. Cyber Crisis Testing: Participate in cyber-attack simulations and scenario exercises to test resilience and improve preparedness. Reporting: Develop and improve reporting dashboards and security / performance metrics to drive continuous improvement in security operations. Security Tools Support: Support the implementation, maintenance, and configuration of security tools and systems for prevention, detection, and response. Audit … environments. SOC-specific training, qualifications, or a degree in Computer Science, Cybersecurity, IT, or a related subject. Ideally hold recognised security qualifications such as CISSP, AZ-500, GIAC / GCIA / GCIH, CASP+, CEH, or SIEM certifications. Strong knowledge of log correlation, analysis, forensics, and chain of custody requirements. Familiarity with regulatory frameworks (NCSC CAF, ISO More ❯

Incident Response (CSIRT) / Security Operations Centre (SOC) Level 3 Analyst 2-3 Days onsite - Crawley 6-9 Month duration Reporting line: The Analyst will report to the Cyber Security Response Manager and work within the Information Systems directorate, based in the Crawley office. Job purpose: The role of an Incident Response (CSIRT) / SOC Level … contained and eradicated. Cyber Crisis Testing: Participate in cyber-attack simulations and scenario exercises to test resilience and improve preparedness. Reporting: Develop and improve reporting dashboards and security / performance metrics to drive continuous improvement in security operations. Security Tools Support: Support the implementation, maintenance, and configuration of security tools and systems for prevention, detection, and response. Audit … environments. SOC-specific training, qualifications, or a degree in Computer Science, Cybersecurity, IT, or a related subject. Ideally hold recognised security qualifications such as CISSP, AZ-500, GIAC / GCIA / GCIH, CASP+, CEH, or SIEM certifications. Strong knowledge of log correlation, analysis, forensics, and chain of custody requirements. Familiarity with regulatory frameworks (NCSC CAF, ISO More ❯

Incident Response (CSIRT) / SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT) / Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … incident response and advanced threat hunting. A degree in Computer Science, Cybersecurity, IT, or a related discipline, or equivalent professional experience. Industry-recognised certifications such as CISSP, GIAC / GCIA / GCIH, AZ-500, CEH, CASP+, or SIEM-specific training. Strong knowledge of SIEM, SOAR, EDR, IDS / IPS, NAC, DLP, and related security … technologies. Familiarity with frameworks such as MITRE ATT&CK, NIST, CIS, and ISO / IEC 27001 / 27002. Hands-on experience with tools such as FortiSIEM, Q-Radar, Microsoft Defender, Darktrace, Microsoft Sentinel, or similar platforms. Experience in forensic analysis, red-team exercises, and crisis simulation activities. Desirable More ❯

Incident Response (CSIRT) / SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract | Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT) / Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … incident response and advanced threat hunting. A degree in Computer Science, Cybersecurity, IT, or a related discipline, or equivalent professional experience. Industry-recognised certifications such as CISSP, GIAC / GCIA / GCIH, AZ-500, CEH, CASP+, or SIEM-specific training. Strong knowledge of SIEM, SOAR, EDR, IDS / IPS, NAC, DLP, and related security … technologies. Familiarity with frameworks such as MITRE ATT&CK, NIST, CIS, and ISO / IEC 27001 / 27002. Hands-on experience with tools such as FortiSIEM, Q-Radar, Microsoft Defender, Darktrace, Microsoft Sentinel, or similar platforms. Experience in forensic analysis, red-team exercises, and crisis simulation activities. Desirable More ❯

and workshops. Preferred Education Bachelor's Degree Required Technical And Professional Expertise Hands-on experience applying Secure by Design principles. Minimum 5 years of experience in cybersecurity assurance / information assurance, including ISMS development and maintenance. Proven expertise in strategic planning, risk management, or management consulting within the technology sector. Strong analytical skills, with the ability to interpret … certifications such as CISSP, CISM, or CRISC. In-depth knowledge of ISO standards (ISO 27001, ISO 27002, ISO Familiarity with NIST frameworks (e.g., NIST SP 800-53, NIST Cybersecurity Framework). More ❯

affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST 800-30, NIST … or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further! Product Security Architect Permanent role Based in Bristol More ❯

affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST 800-30, NIST … or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further! Product Security Architect Permanent role Based in Bristol More ❯

program, organisational structures, and capabilities Possess a deep technical knowledge in Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response / Next Gen Protection and Response (EDR / XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms Defensive Security Skills (desired) Experience in security operations design, engineering and … / or analysis and investigations, ideally in complex environments, with security event correlations across a variety of sources i.e. cloud, network, endpoint, logs Ability to perform detailed assessments, identify areas for improvement and make recommendations to transform an organisation's cyber security operations and capabilities to better protect, detect and rapidly respond to modern threats Demonstrated experience in … security operations capabilities such as improvements in asset visibility, threat detection capabilities, automation techniques, case management, enablement of compliance and regulatory requirements Experience in conducting threat hunting and / or compromise assessments to identify active or dormant indicators of compromise (IoCs) or evidence of unknown threats within an organisations digital environment Relevant industry certifications including GIAC Defensible Security More ❯

program, organisational structures, and capabilities Possess a deep technical knowledge in Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response / Next Gen Protection and Response (EDR / XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms Defensive Security Skills (desired) Experience in security operations design, engineering and … / or analysis and investigations, ideally in complex environments, with security event correlations across a variety of sources i.e. cloud, network, endpoint, logs Ability to perform detailed assessments, identify areas for improvement and make recommendations to transform an organisation's cyber security operations and capabilities to better protect, detect and rapidly respond to modern threats Demonstrated experience in … security operations capabilities such as improvements in asset visibility, threat detection capabilities, automation techniques, case management, enablement of compliance and regulatory requirements Experience in conducting threat hunting and / or compromise assessments to identify active or dormant indicators of compromise (IoCs) or evidence of unknown threats within an organisations digital environment Relevant industry certifications including GIAC Defensible Security More ❯

program, organisational structures, and capabilities Possess a deep technical knowledge in Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response / Next Gen Protection and Response (EDR / XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms Defensive Security Skills (desired) Experience in security operations design, engineering and … / or analysis and investigations, ideally in complex environments, with security event correlations across a variety of sources i.e. cloud, network, endpoint, logs Ability to perform detailed assessments, identify areas for improvement and make recommendations to transform an organisation's cyber security operations and capabilities to better protect, detect and rapidly respond to modern threats Demonstrated experience in … security operations capabilities such as improvements in asset visibility, threat detection capabilities, automation techniques, case management, enablement of compliance and regulatory requirements Experience in conducting threat hunting and / or compromise assessments to identify active or dormant indicators of compromise (IoCs) or evidence of unknown threats within an organisations digital environment Relevant industry certifications including GIAC Defensible Security More ❯

bring: Proficient in using SIEM technologies such as Splunk, Sentinel, and QRadar. Thorough grasp of security standard methodologies and protocols, for instance ISO 27001 / 27002, PCI DSS. Familiarity with security frameworks such as NIST, ISO, and CIS. Experience with programming languages such as Python, PowerShell, and regex. More ❯

P roficient in using SIEM technologies such as Splunk, Sentinel, and QRadar. Thorough grasp of security standard methodologies and protocols, for instance ISO 27001 / 27002, PCI DSS. Familiarity with security frameworks such as NIST, ISO, and CIS. Experience with programming languages such as Python, PowerShell, and regex. More ❯

You will chair status review sessions, maintain accreditation tracking systems, and provide regular updates to senior partners. You will manage responsibilities (including implementation) related to ISO27001, Cyber Essentials / Plus, SOC2 accreditations. You will also support audit readiness, collaborate with governance and risk teams, and integrate compliance findings into policy documentation. This is a hybrid, Nottingham-based role … reporting to the Regional Head of Client Security Assurance Summary of Primary Responsibilities Manage ISO27001, Cyber Essentials / Plus, SOC2 accreditations Lead contract negotiations, re-wording, and redlining, with a preference for UK&I and EU regulatory experience Provide regular accreditation status updates to senior partners Participate in SOC 2-related discussions with teams Oversee governance-related trackers … with policy and standards teams to integrate compliance findings into documentation Qualifications Experience with compliance, audit coordination, or information security Familiarity with ISO 27001 / 2, SOC, ISAE, PCI, NIST, CIS or similar benchmarks Experience with cloud platforms such as AWS, Azure, or GCP Experience with IT and security operations, including Windows / More ❯

Key Responsibilities . Define and implement security capabilities and governance across the platform. . Ensure compliance with the National Law Enforcement Data Portfolio Integrated Management System (IMS) (ISO27001 / 2 ISO27005 BS10008). Ensure compatibility with the Cross-Government Secure by Design (SbD) Strategy throughout the lifecycle of the cloud systems. . Embed security requirements and stage gates More ❯

be very occasional meetings in Westminster and active SC Clearance is essential. The key skills required for this AWS Security Product Owner role are: Compliance with (IMS) (ISO27001 / 2 ISO27005 BS10008) Technical Security Lead for Product Team Define and implement security capabilities and governance across the platform If you do have the relevant experience for this AWS More ❯

role is the effective operation, reporting and evidencing of their technology and information security control environment and the overall Information Security Management System (ISMS). Based in Reigate / hybrid - 2 days in the office 3 from home £40,000 - £45,000 Hybrid Eligibility for annual bonus, up to 15% 25 days holiday per annum, plus bank holidays … performing targeted information security risk assessments. Identify risks, incidents, and breaches, in accordance with company policies and department procedures. Person specification: Appropriate level of education or professional risk / compliance / Information Security related qualifications Experience within technology risk management and / or audit function would be beneficial Experience of … working in a regulated environment / awareness of requirements such as GDPR Experience in the maintenance of a certified IS027001 Information Security Management System and related controls (ISO27002) Understanding of technology and information security risk management frameworks Excellent verbal and communication skills Excellent team player who can establish strong working relationships Graduates can be considered if they have More ❯

enforce IT policies, procedures, and standards that meet operational, regulatory, and compliance requirements across all regions. Ensure full compliance with GDPR, ISO standards (27001, 27002, etc.), and global cyber regulations, including leading certification processes. Design and implement a comprehensive Information Security Management System (ISMS) and establish breach protocols, disaster recovery, and business continuity plans. … For Proven experience in senior IT roles (e.g., IT Manager, Infrastructure Lead). Strong technical knowledge in networking, cloud computing, cyber security, and Microsoft 365. Experience with ISO 27001 certification and ISMS leadership. Skilled in managing external IT vendors and service providers. Excellent communicator with the ability to explain technical concepts clearly. Project management experience in More ❯

Management and the evaluation of access models (inc. SSO, MFA, RBAC, ABAC, eIDV etc) Strong knowledge of and the ability to put into practice global Information Security Standards including ISO27002, CIS and NIST CSF What you'll get in return Salary of between £70k-£80k Fantastic training / development budget Hybrid working 2 / 3 days More ❯

of OT assets. Good understanding of incident response stages and handling. Knowledge of industry standards and regulatory requirements related to asset management, such as data protection and environmental compliance, ISO27002, CIS, NCSE CAF, NIST. Familiarity with tracking and managing lifecycle costs, working in partnership with finance and procurement teams. Ability to work independently and as part of a team. Excellent … communication and interpersonal skills. Ability to obtain UK Security Clearance What you'll get in return Salary of between £52k-£60k Hybrid working 2 / 3 days in South Wales per week Possible bonus 5% pension contribution from you, the company pays 10% Enhanced pay for parental leave And more! What you need to do now If you More ❯