Watford, Hertfordshire, United Kingdom Hybrid / WFH Options
Essential Employment
the Security Operations Centre (SOC). - Support compliance with relevant standards (e.g. ISO 27001, NIST, UK GDPR). - Review security aspects of tenders and conduct third-party / vendor risk assessments to ensure alignment with organisational security requirements. - Perform additional security-related tasks as directed by the Head of Information Security You will Ideally have - - Proven experience … endpoint, and cloud security. - Ability to assess and communicate technical vulnerabilities in business terms. - Experience working with or within a SOC environment. - Familiarity with risk management frameworks?(e.g. ISO27005, NIST RMF). - Excellent communication and reporting skills. - Relevant certifications (e.g. CISSP, CISM, CRISC, CEH). - Experience with GRC tools and risk registers. - Knowledge of regulatory … You will always however hear from us by phone if we are able to take your CV forward to the next stage. You can also follow us at Twitter / Facebook / LinkedIn or via our website . More ❯
Basildon, Essex, United Kingdom Hybrid / WFH Options
Leonardo UK Ltd
SP800-30 and ISO27005) Practical experience of applying security controls (NIST SP800-53 and ISO27002) Practical experience of Secure by Design requirements (ISN 2023 / 09) Demonstrable experience of writing IA Technical Risk Assessments and the management of these Assessments Ability to interpret Penetration Test Reports and write Remediation Action Plans An appreciation of More ❯
the Security Operations Centre (SOC). Support compliance with relevant standards (e.g. ISO 27001, NIST, UK GDPR). Review security aspects of tenders and conduct third-party / vendor risk assessments to ensure alignment with organisational security requirements. Perform additional security-related tasks as directed by the Head of Information Security Essential Skills & Experience Proven experience in … and cloud security. Ability to assess and communicate technical vulnerabilities in business terms. Experience working with or within a SOC environment . Familiarity with risk management frameworks (e.g. ISO27005, NIST RMF). Excellent communication and reporting skills. Due to the volume of applications received for positions, it will not be possible to respond to all … personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website http: // proactive.it / privacy-notice /More ❯
Manchester, Lancashire, United Kingdom Hybrid / WFH Options
Manchester Digital
strategy, translating them into reusable templates and guardrails. Lead architecture reviews for high risk projects, providing actionable recommendations and tracking remediation through to closure. Perform and interpret threat modelling / pen test results, converting findings into road mapped improvements and measurable risk reductions. Advise on security controls for hybrid and cloud platforms (AWS, Azure, Kubernetes, serverless), balancing usability, cost … or mitigation strategies. Oversee vendor and SaaS evaluations, ensuring contracts include appropriate security clauses and ongoing assurance. Essential skills: Risk based decision making: expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost effective controls. Technical depth: hands on knowledge of cloud security, IAM, container & API security … ability to engage C suite and delivery squads alike, adapting style to gain agreement and drive secure by design culture. Mentoring & governance: experience line managing or coaching security architects / engineers and running architecture assurance or design review boards. At the Home Office, your work has real-world impact, shaping the safety and security of millions. We offer: Meaningful More ❯
Old Down, Gloucestershire, United Kingdom Hybrid / WFH Options
Matchtech
risks to technical and non-technical stakeholders. What We're Looking For Essential Experience: Deep understanding of security frameworks: NIST (especially 800-30, 800-53) , ISO27001 / 2, ISO27005, and OWASP. Experience with Secure by Design principles and MOD-specific guidelines (e.g. JSP, Def Stan 05-138 / 139). Familiarity with HMG security and assurance frameworks is More ❯
Luton, Bedfordshire, United Kingdom Hybrid / WFH Options
Leonardo UK Ltd
security protocols. Reporting & Documentation: Create and maintain clear, concise reports, metrics, and documentation related to security incidents, risks, and controls. What we need from you; Practical experience of ISO27001 / 27004 /27005 and NIST Risk Management Framework (RMF) Demonstrable experience of writing IA Technical Risk Assessments and the management of these Assessments Good understanding and … benefits: Access to private healthcare, dental schemes, Workplace ISA, Go Green Car Scheme, technology and lifestyle options (£500 annual allowance) Holidays: 25 days plus bank holidays, option to buy / sell leave and to accrue up to 12 additional flexi leave days per year Pension: Award winning pension scheme (up to 15% employer contribution) Wellbeing: Employee Assistance Programme with More ❯
Almondsbury, Gloucestershire, United Kingdom Hybrid / WFH Options
Frontier Resourcing
modelling, secure-by-design). Perform security code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 /27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security documentation (RMADS, Security … . Testing & Assurance Design and execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience (5+ years) in product or … application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on experience with security testing tools and techniques (SAST, DAST, penetration testing). Eligible for UK More ❯
Cambridge, Cambridgeshire, United Kingdom Hybrid / WFH Options
Cambridge University Press & Assessment (CUPA)
Head of Security Governance, Risk & Compliance Salary: £70,400 - £94,100 Location: Cambridge / Hybrid Minimum 2 days a week in the office Contract: Permanent The Head of Security GRC is a senior leadership role within the Security SMT, tasked with driving the organisation's security governance, risk, and compliance strategy. This position engages across all levels of the … and robust assurance processes to support decision-making by the Senior Leadership Team. You will deliver a robust Security Assurance Framework, oversee supplier assurance activities, and maintain relevant ISO and Cyber Essentials certifications. Additionally, you'll drive the implementation of security standards, policies, governance reporting, and audit programmes to ensure robust controls are in place. You'll play … senior governance or risk management role. Active CRISC or ISO27005 Risk Manager certification (or higher), with additional certifications such as ISO 27001 / 42001 Lead Auditor or Implementor being advantageous. Demonstrated experience in strategic governance of security, managing security risks in line with ISO27005, and implementing ISOMore ❯
Cambridge, Cambridgeshire, United Kingdom Hybrid / WFH Options
Cambridge University Press
Job Title: Head of Security Governance, Risk & Compliance Salary: £70,400 - £94,100 Location: Cambridge / Hybrid Minimum 2 days a week in the office Contract: Permanent The Head of Security GRC is a senior leadership role within the Security SMT, tasked with driving the organisation's security governance, risk, and compliance strategy. This position engages across all levels … senior governance or risk management role. Active CRISC or ISO27005 Risk Manager certification (or higher), with additional certifications such as ISO 27001 / 42001 Lead Auditor or Implementor being advantageous. Demonstrated experience in strategic governance of security, managing security risks in line with ISO27005, and implementing ISO … welcome applications from all candidates, regardless of demographic characteristics (age, disability, educational attainment, ethnicity, gender, marital status, neurodiversity, religion, sex, gender identity and sexual identity), cultural, or social class / background. We believe better outcomes come through diversity of thought, background and approach. We welcome applications from people from all backgrounds and communities, actively seeking to employ people from More ❯
Crawley, Sussex, United Kingdom Hybrid / WFH Options
Thales Group
with insight into the security solutions adapted to their needs Check compliance with applicable regulations, standards, policies and guidance on cybersecurity and information risk management (PCI DSS, NIST, ISO 27000, Privacy, etc) Support the development of appropriate and proportionate documentation to inform risk management decisions, ensuring these are expressed in terms meaningful to the business Check compliance with … applicable regulations, standards, policies and guidance on cybersecurity and information risk management (PCI DSS, NIST, ISO 27000, Privacy, etc) Support the development of appropriate and proportionate documentation to inform risk management decisions, ensuring these are expressed in terms meaningful to the business Right for this role? Ideally you'll be familiar with the main risk analysis methods (EBIOS … a leading Engineering Group In line with Thales' Baseline Security requirements, candidates will be asked to provide evidence of identity, eligibility to work in the UK and employment and / or education history for up to three years. Some vacancies may require full Security Clearance which can require further evidence to be provided. For further details of the evidence More ❯
breaches affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO … /IEC 27001, NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005/ 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further More ❯
breaches affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO … /IEC 27001, NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005/ 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further More ❯