12 of 12 ISO/IEC 27002 (supersedes ISO/IEC 17799) Jobs in the UK

Location: London / Greater London / Home-based with regular travel Reports To: Certification Manager / Head of Audit and Compliance Department: Information Security Certification About Us We are a UKAS-accredited certification body delivering independent audit and certification services across multiple management system standards, including ISO 9001, ISO … in or around London to join our expanding audit team. Youll lead and conduct Information Security Management System (ISMS) audits in line with ISO / IEC 27001:2022 , ISO 17021 , and UKAS requirements. Key Responsibilities Plan, conduct, and report Stage 1, Stage 2, surveillance, and recertification … audits for ISO 27001. Assess client ISMS implementations for conformity and effectiveness against ISO / IEC 27001:2022. Lead audits independently or as part of a multi-standard team (e.g. ISO 9001, ISO 22301, ISO More ❯

Incident Response (CSIRT) / Security Operations Centre (SOC) Level 3 Analyst 2-3 Days onsite - Crawley 6-9 Month duration Reporting line: The Analyst will report to the Cyber Security Response Manager and work within the Information Systems directorate, based in the Crawley office. Job purpose: The role of an Incident Response (CSIRT) / SOC Level … contained and eradicated. Cyber Crisis Testing: Participate in cyber-attack simulations and scenario exercises to test resilience and improve preparedness. Reporting: Develop and improve reporting dashboards and security / performance metrics to drive continuous improvement in security operations. Security Tools Support: Support the implementation, maintenance, and configuration of security tools and systems for prevention, detection, and response. Audit … environments. SOC-specific training, qualifications, or a degree in Computer Science, Cybersecurity, IT, or a related subject. Ideally hold recognised security qualifications such as CISSP, AZ-500, GIAC / GCIA / GCIH, CASP+, CEH, or SIEM certifications. Strong knowledge of log correlation, analysis, forensics, and chain of custody requirements. Familiarity with regulatory frameworks (NCSC CAF, ISO More ❯

Responsibilities: Identify and integrate security requirements throughout the product and system development lifecycle. Lead threat modelling and risk assessments, applying frameworks such as ISO / IEC 27001, NIST 800-30 / 53, and ISO 31000. Advise on secure architectures and develop strategies to mitigate … identified information risks. Collaborate with multi-disciplinary teams to ensure compliance with MOD and HMG standards, including JSPs, Def Stan 05-, and ISN 23 / 09 Secure by Design. Support incident response and remediation activities for security events affecting products and systems. Produce and maintain security documentation, policies, and training materials. Communicate risk findings, recommendations, and mitigation strategies … Defence, Aerospace, or National Security sectors. Deep understanding of HMG Security Policy Framework and MOD-specific standards. Familiarity with risk management methodologies (ISO 27001 / 2, ISO 27005, NIST frameworks). Strong analytical and problem-solving abilities - able to assess complex data and provide actionable insights. A collaborative communicator who More ❯

Lead Information Security Engineer Location: London | Hybrid (3 days office / 2 WFH) Salary: Competitive + benefits Are you an experienced information security professional ready to make an impact on a global scale? Our client, a leading international law firm, is seeking a Lead Engineer – Information Security to join their London-based global technology team. This is a … environment . Strong knowledge of cloud and network security (Azure, O365). Experienced in DLP, SIEM, and incident response processes. Familiar with ISO 27001 / 27002 and governance frameworks. CISSP or CEH certification preferred. Excellent communication, stakeholder management, and documentation skills. Why Join? You’ll be joining a respected global organisation investing More ❯

bring: Proficient in using SIEM technologies such as Splunk, Sentinel, and QRadar. Thorough grasp of security standard methodologies and protocols, for instance ISO 27001 / 27002, PCI DSS. Familiarity with security frameworks such as NIST, ISO, and CIS. Experience with programming languages such as Python, PowerShell, and regex. More ❯

system security engineering, ideally in defence, space, or critical infrastructure Familiarity with MOD, NCSC, and ISO standards (e.g. ISO 27001 / 2, NIST 800-series, JSP 604) Competence in requirements engineering and systems thinking Practical experience with security in software and / or system development environments Effective communication … system architectures or satellite communications DevSecOps awareness or experience with security automation Benefits: Annual Company Bonus 25 Days holiday not including bank holidays with the option to buy / sell up to 5 days Competitive pension contribution Continuous professional development including incentives Access to online Udemy training facility Flexible working arrangements Bike to work scheme Electric car scheme More ❯

system security engineering, ideally in defence, space, or critical infrastructure Familiarity with MOD, NCSC, and ISO standards (e.g. ISO 27001 / 2, NIST 800-series, JSP 604) Competence in requirements engineering and systems thinking Practical experience with security in software and / or system development environments Effective communication … system architectures or satellite communications DevSecOps awareness or experience with security automation Benefits: Annual Company Bonus 25 Days holiday not including bank holidays with the option to buy / sell up to 5 days Competitive pension contribution Continuous professional development including incentives Access to online Udemy training facility Flexible working arrangements Bike to work scheme Electric car scheme More ❯

security architecture components and patterns. Drafting Security Solutions Design documentation. Expertise in Identity Management and access models (SSO, MFA, RBAC, ABAC, eIDV). Strong knowledge of global security standards (ISO27002, CIS, NIST CSF). Benefits: Flexible working opportunities 25 days annual leave plus bank holidays 10% employer pension contribution Life Insurance Flexible benefit scheme options including corporate gym memberships, dental More ❯

security architecture components and patterns. Drafting Security Solutions Design documentation. Expertise in Identity Management and access models (SSO, MFA, RBAC, ABAC, eIDV). Strong knowledge of global security standards (ISO27002, CIS, NIST CSF). Benefits: Flexible working opportunities 25 days annual leave plus bank holidays 10% employer pension contribution Life Insurance Flexible benefit scheme options including corporate gym memberships, dental More ❯

Monitor and review technology control effectiveness and follow up on remediation actions Evaluate compliance against internal standards, regulatory expectations and recognised industry frameworks (such as NIST and ISO) Assist with supplier due diligence and third-party technology risk assessments Support elements of the operational resilience programme and technology incident review activity Prepare clear, concise reporting and … teams Naturally inquisitive with the ability to break down detail and provide clear conclusions Comfortable working across several workstreams at once Knowledge of ISO 27002, NIST, PCI DSS, UK GDPR or cloud environments (such as Azure) would be advantageous This role would suit someone who enjoys detail, enjoys engaging with people and wants to More ❯

Monitor and review technology control effectiveness and follow up on remediation actions Evaluate compliance against internal standards, regulatory expectations and recognised industry frameworks (such as NIST and ISO) Assist with supplier due diligence and third-party technology risk assessments Support elements of the operational resilience programme and technology incident review activity Prepare clear, concise reporting and … teams Naturally inquisitive with the ability to break down detail and provide clear conclusions Comfortable working across several workstreams at once Knowledge of ISO 27002, NIST, PCI DSS, UK GDPR or cloud environments (such as Azure) would be advantageous This role would suit someone who enjoys detail, enjoys engaging with people and wants to More ❯

with all data governance, security and usage policies. - Maintain and improve appropriate documentation, procedures and best practices to ensure that firm retains appropriate accreditations (ISO27001, Cyber Essentials, Cyber essentials+, ISO27002 etc). - Act as main respondent for client audits. - Explore control deficiencies associated with IT systems and processes throughout the firm. - Ensure internal controls and regulatory compliance across IS, following More ❯