you will be responsible for: Devising and implementing a strategy for Security Risk Management across our OT, IT and Digital estates, meeting multiple standards for compliance (including NIS-R, ISO 27001 and SEMD) and incorporating cyber, physical and personnel security risks. Developing and implementing a Risk Management framework/model and guiding the selection of appropriate GRC tools. Planning … Ability to work independently and act as the primary subject-matter expert on security risk management within WWSL and YTL Group. A thorough understanding of risk management requirements within ISO 27001 and NIS-R is essential, with a good working knowledge of other security standards and frameworks such as NIST, JSP 440 and Cyber Essentials. Working knowledge of ISO31000 & ISO 27005 is an advantage. Current on the latest technology and security concepts, trends and issues. A highly effective written and verbal communicator at all levels, able to communicate our risks and WWSL's security risk management vision with passion and clarity to any audience. Adept at translating complex technical or security concepts into clear and More ❯
you will be responsible for: Devising and implementing a strategy for Security Risk Management across our OT, IT and Digital estates, meeting multiple standards for compliance (including NIS-R, ISO 27001 and SEMD) and incorporating cyber, physical and personnel security risks. Developing and implementing a Risk Management framework/model and guiding the selection of appropriate GRC tools. Planning … Ability to work independently and act as the primary subject-matter expert on security risk management within WWSL and YTL Group. A thorough understanding of risk management requirements within ISO 27001 and NIS-R is essential, with a good working knowledge of other security standards and frameworks such as NIST, JSP 440 and Cyber Essentials. Working knowledge of ISO31000 & ISO 27005 is an advantage. Current on the latest technology and security concepts, trends and issues. A highly effective written and verbal communicator at all levels, able to communicate our risks and WWSL's security risk management vision with passion and clarity to any audience. Adept at translating complex technical or security concepts into clear and More ❯
gloucestershire, south west england, united kingdom
YTL Group
you will be responsible for: Devising and implementing a strategy for Security Risk Management across our OT, IT and Digital estates, meeting multiple standards for compliance (including NIS-R, ISO 27001 and SEMD) and incorporating cyber, physical and personnel security risks. Developing and implementing a Risk Management framework/model and guiding the selection of appropriate GRC tools. Planning … Ability to work independently and act as the primary subject-matter expert on security risk management within WWSL and YTL Group. A thorough understanding of risk management requirements within ISO 27001 and NIS-R is essential, with a good working knowledge of other security standards and frameworks such as NIST, JSP 440 and Cyber Essentials. Working knowledge of ISO31000 & ISO 27005 is an advantage. Current on the latest technology and security concepts, trends and issues. A highly effective written and verbal communicator at all levels, able to communicate our risks and WWSL's security risk management vision with passion and clarity to any audience. Adept at translating complex technical or security concepts into clear and More ❯
you will be responsible for: Devising and implementing a strategy for Security Risk Management across our OT, IT and Digital estates, meeting multiple standards for compliance (including NIS-R, ISO 27001 and SEMD) and incorporating cyber, physical and personnel security risks. Developing and implementing a Risk Management framework/model and guiding the selection of appropriate GRC tools. Planning … Ability to work independently and act as the primary subject-matter expert on security risk management within WWSL and YTL Group. A thorough understanding of risk management requirements within ISO 27001 and NIS-R is essential, with a good working knowledge of other security standards and frameworks such as NIST, JSP 440 and Cyber Essentials. Working knowledge of ISO31000 & ISO 27005 is an advantage. Current on the latest technology and security concepts, trends and issues. A highly effective written and verbal communicator at all levels, able to communicate our risks and WWSL's security risk management vision with passion and clarity to any audience. Adept at translating complex technical or security concepts into clear and More ❯
you will be responsible for: Devising and implementing a strategy for Security Risk Management across our OT, IT and Digital estates, meeting multiple standards for compliance (including NIS-R, ISO 27001 and SEMD) and incorporating cyber, physical and personnel security risks. Developing and implementing a Risk Management framework/model and guiding the selection of appropriate GRC tools. Planning … Ability to work independently and act as the primary subject-matter expert on security risk management within WWSL and YTL Group. A thorough understanding of risk management requirements within ISO 27001 and NIS-R is essential, with a good working knowledge of other security standards and frameworks such as NIST, JSP 440 and Cyber Essentials. Working knowledge of ISO31000 & ISO 27005 is an advantage. Current on the latest technology and security concepts, trends and issues. A highly effective written and verbal communicator at all levels, able to communicate our risks and WWSL's security risk management vision with passion and clarity to any audience. Adept at translating complex technical or security concepts into clear and More ❯
business. Assess current maturity and deliver a transformation roadmap that unifies fragmented processes into a single, clear model aligned to Trainline's risk appetite. Maintain key standards such as ISO 27001, ISO 22301, and PCI DSS, while ensuring they add real business value. Manage and develop the Risk and Compliance team, setting clear goals and cultivating an inclusive … the business. A proven record of leading and developing high performing teams, setting clear goals and cultivating accountability and continuous improvement. Deep understanding of enterprise and cyber risk frameworks (ISO 27005, ISO31000, NIST CSF) and how to communicate risk appetite in business terms. Excellent communication skills, with the ability to present complex risk and compliance information More ❯
technology risk management role. Proven track record developing and overseeing technology, security and data risk management strategies aligned to business objectives. Deep knowledge of risk management methodologies and frameworks (ISO31000, NIST, COBIT). Expertise in cybersecurity frameworks (ISO 27001, NIST CSF, CIS, COBIT). Demonstrated experience working with internal audit, external audit and regulatory bodies (FCA More ❯
start to finish. Bonus points if you bring: Experience with AppSec and DevSecOps. Hands-on knowledge of Azure, AWS, and/or Google Cloud. Familiarity with standards like ISO2700X, ISO31000, NIST800, PCI-DSS. Certifications such as CISSP, CCSP, CRISC, CISM, or SABSA. Why QBE? At My Best? At QBE, we want our people to feel rewarded and inspired to perform More ❯
Nottingham, Nottinghamshire, East Midlands, United Kingdom Hybrid / WFH Options
Experian Ltd
What you'll need to bring to the role & Experian Experience in risk, controls, or audit roles, including transformation delivery. Strong knowledge of risk and control frameworks (e.g., COSO, ISO31000); RSA Archer experience is a plus. Proven ability to lead teams and influence senior stakeholders. Excellent communication, analytical, and problem-solving skills. Comfortable working across global teams More ❯
including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23/09 Secure by Design Knowledge of security frameworks, such as ISO/IEC 27001, NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001/2, ISO27005/31000, NIST More ❯
including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23/09 Secure by Design Knowledge of security frameworks, such as ISO/IEC 27001, NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001/2, ISO27005/31000, NIST More ❯
including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23/09 Secure by Design Knowledge of security frameworks, such as ISO/IEC 27001, NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001/2, ISO27005/31000, NIST More ❯
including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23/09 Secure by Design Knowledge of security frameworks, such as ISO/IEC 27001, NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001/2, ISO27005/31000, NIST More ❯
