14 of 14 ISO/IEC 27005 Jobs in the UK

breaches affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO … / IEC 27001, NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Please reach out to Lewis Dunn @ ARM if you are interested or simply have some questions - E: or DD: Disclaimer: This More ❯

breaches affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO … / IEC 27001, NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Please reach out to Lewis if you are interested or simply have some questions - E: or DD: (phone number removed) Disclaimer More ❯

modelling, secure-by-design). Perform security code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 / 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security documentation (RMADS, Security … . Testing & Assurance Design and execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience (5+ years) in product or … application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on experience with security testing tools and techniques (SAST, DAST, penetration testing). Eligible for UK More ❯

throughout the product development lifecycle Conduct detailed threat modelling and risk assessments using recognised tools Lead the implementation of risk management strategies based on industry best practices (NIST, ISO) Work closely with development teams to ensure secure-by-design principles are followed Identify and propose mitigations for security vulnerabilities in solution architectures Maintain and evolve internal security policies … and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO / IEC 27001, ISO 27005, OWASP, and MOD ISN 23 / 09 Ability to identify, assess and mitigate risks across software and hardware More ❯

throughout the product development lifecycle Conduct detailed threat modelling and risk assessments using recognised tools Lead the implementation of risk management strategies based on industry best practices (NIST, ISO) Work closely with development teams to ensure secure-by-design principles are followed Identify and propose mitigations for security vulnerabilities in solution architectures Maintain and evolve internal security policies … and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO / IEC 27001, ISO 27005, OWASP, and MOD ISN 23 / 09 Ability to identify, assess and mitigate risks across software and hardware More ❯

critical infrastructure Security standards relating to the sector, including: NCSC NIS Guidance and CAF ISO 27001 and ISO 27005 NERC CIP ISA-99 / IEC 62443 NIST CSF. Additional information Please note that the interview stages may be subject to change based on the specific requirements of the role. Quick call More ❯

for access governance, identity life cycle, and privileged access management in alignment with defence-grade standards Security Assurance & Compliance Ensure commission controls comply with MOD policies (eg JSP 440 / JSP 604) and security frameworks such as NIST, ISO 27005, STIGs, and UK Functional Standard 007 Vulnerability Assessment & Access Review Support regular access reviews, entitlement … DV Clearance : Must hold active Developed Vetting (DV) clearance (or immediate transfer eligibility) Access Control Expertise : Deep experience in identity & access management, particularly designing and enforcing commission controls, RBAC / ABAC models, access provisioning, and entitlement workflows. Tools & Technologies : Hands-on with identity platforms (eg Active Directory, Azure AD, Okta), PAM / IGA systems, SSO / SAML … / OAuth, and access governance tools. Security Framework Knowledge : Understanding of defence and public-sector security frameworks (JSP 440 / 604, STIGs, ISO 27001, Government Functional Standard 007) Incident & Risk Handling : Proven ability to conduct security incident investigations relevant to unauthorized access and remediate gaps. Communication Skills : Strong ability to engage with both technical teams and More ❯

tools for access governance, identity lifecycle, and privileged access management in alignment with defence-grade standards Security Assurance & Compliance Ensure commission controls comply with MOD policies (e.g. JSP 440 / JSP 604) and security frameworks such as NIST, ISO 27005, STIGs, and UK Functional Standard 007 Vulnerability Assessment & Access Review Support regular access reviews, entitlement … DV Clearance : Must hold active Developed Vetting (DV) clearance (or immediate transfer eligibility) Access Control Expertise : Deep experience in identity & access management, particularly designing and enforcing commission controls, RBAC / ABAC models, access provisioning, and entitlement workflows. Tools & Technologies : Hands-on with identity platforms (e.g. Active Directory, Azure AD, Okta), PAM / IGA systems, SSO / SAML … / OAuth, and access governance tools. Security Framework Knowledge : Understanding of defence and public-sector security frameworks (JSP 440 / 604, STIGs, ISO 27001, Government Functional Standard 007) Incident & Risk Handling : Proven ability to conduct security incident investigations relevant to unauthorized access and remediate gaps. Communication Skills : Strong ability to engage with both technical teams and More ❯

strategy, translating them into reusable templates and guardrails. Lead architecture reviews for high risk projects, providing actionable recommendations and tracking remediation through to closure. Perform and interpret threat modelling / pen test results, converting findings into road mapped improvements and measurable risk reductions. Advise on security controls for hybrid and cloud platforms (AWS, Azure, Kubernetes, serverless), balancing usability, cost … or mitigation strategies. Oversee vendor and SaaS evaluations, ensuring contracts include appropriate security clauses and ongoing assurance. Essential skills: Risk based decision making: expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost effective controls. Technical depth: hands on knowledge of cloud security, IAM, container & API security … ability to engage C suite and delivery squads alike, adapting style to gain agreement and drive secure by design culture. Mentoring & governance: experience line managing or coaching security architects / engineers and running architecture assurance or design review boards. At the Home Office, your work has real-world impact, shaping the safety and security of millions. We offer: Meaningful More ❯

function in risk committees, regulatory meetings, and board-level discussions. Risk Framework & Governance: Design and maintain a cyber risk management framework that aligns with industry standards (eg, NIST, ISO 27005, FAIR). Define and monitor key cyber risk indicators (KRIs) and risk appetite metrics. Oversee regular cyber risk assessments, scenario planning, and risk reporting. Operational Risk More ❯

todeliver against agreed targets. Who we're looking for Ideally, you'll have experience leading within a risk management role and havea good knowledge of methodologies such as IEC 62443 and ISO 27005. Knowledge ofcontrol frameworks such as NIST, IEC 62443, ISO 27001, ITIL (InformationTechnology Infrastructure Library), and SABSA is also required. More ❯

todeliver against agreed targets. Who we're looking for Ideally, you'll have experience leading within a risk management role and havea good knowledge of methodologies such as IEC 62443 and ISO 27005. Knowledge ofcontrol frameworks such as NIST, IEC 62443, ISO 27001, ITIL (InformationTechnology Infrastructure Library), and SABSA is also required. More ❯

todeliver against agreed targets. Who we're looking for Ideally, you'll have experience leading within a risk management role and havea good knowledge of methodologies such as IEC 62443 and ISO 27005. Knowledge ofcontrol frameworks such as NIST, IEC 62443, ISO 27001, ITIL (InformationTechnology Infrastructure Library), and SABSA is also required. More ❯

todeliver against agreed targets. Who we're looking for Ideally, you'll have experience leading within a risk management role and havea good knowledge of methodologies such as IEC 62443 and ISO 27005. Knowledge ofcontrol frameworks such as NIST, IEC 62443, ISO 27001, ITIL (InformationTechnology Infrastructure Library), and SABSA is also required. More ❯