and compliance standards Conduct threat modelling, risk assessments, and recommend effective security controls following "Secure by Design" principles Develop security documentation, reference architectures, and governance frameworks aligned with NIST, NCSC, and ISO standards Collaborate with stakeholders across all defence lines to ensure regulatory, privacy, and risk compliance Mentor junior consultants and support the growth of the Security Practice … through knowledge sharing and proposal development Drive continuous improvement through the review of existing controls, KPIs, and compliance measures What you'll bring: Knowledge of frameworks such as NIST CSF, NIST800-53, and NCSC CAF Strong understanding of networking, cloud security (AWS/Azure), IAM, and vulnerability management Familiarity with ISO 27001/ More ❯
Managing sales, pre-sales and delivery team of consultants for all regional engagements • Designing solutions related to Cyber Risk engagement on assessment and implementation of frameworks such as NIST800-53 r5, NIST CSF2.0, CIS, ISO27K • Designing solutions related to advisory & consulting engagements around regulatory risk & compliances such as DORA, NIS2, GDPR, SOX ITGC … preferable candidates from Big4 organizations) • Capabilities of executing atleast 3-4 advisory/consulting engagements. • Technical Knowledge around information security, business continuity and technology risk assessments. ISO 27K, NIST, AI Governance, CIS etc. • Good compliance understanding of industry domains such as BFSI – (SOX, FFIEC, PCI-DSS, BASEL, MAS etc.), Healthcare & Life-sciences – (HIPAA, Hi-Trust, FDA CFR, GxP … Compliance), Telecom, Retail, Data Privacy (GDPR, CCPA) Energy & Utilities (NERC, FERC) Information Security (ISO 27000, NIST, CIS) TPRM • Business Resiliency & Cyber Recovery, ZTA • GRC Project & Program Management • Excellent written and verbal communications skills • Should be able to travel 70%-80% on short as well as long term engagements. PLATFORM/TOOL EXPERTISE • Experience on the below mentioned tools More ❯
Managing sales, pre-sales and delivery team of consultants for all regional engagements • Designing solutions related to Cyber Risk engagement on assessment and implementation of frameworks such as NIST800-53 r5, NIST CSF2.0, CIS, ISO27K • Designing solutions related to advisory & consulting engagements around regulatory risk & compliances such as DORA, NIS2, GDPR, SOX ITGC … preferable candidates from Big4 organizations) • Capabilities of executing atleast 3-4 advisory/consulting engagements. • Technical Knowledge around information security, business continuity and technology risk assessments. ISO 27K, NIST, AI Governance, CIS etc. • Good compliance understanding of industry domains such as BFSI – (SOX, FFIEC, PCI-DSS, BASEL, MAS etc.), Healthcare & Life-sciences – (HIPAA, Hi-Trust, FDA CFR, GxP … Compliance), Telecom, Retail, Data Privacy (GDPR, CCPA) Energy & Utilities (NERC, FERC) Information Security (ISO 27000, NIST, CIS) TPRM • Business Resiliency & Cyber Recovery, ZTA • GRC Project & Program Management • Excellent written and verbal communications skills • Should be able to travel 70%-80% on short as well as long term engagements. PLATFORM/TOOL EXPERTISE • Experience on the below mentioned tools More ❯
Managing sales, pre-sales and delivery team of consultants for all regional engagements • Designing solutions related to Cyber Risk engagement on assessment and implementation of frameworks such as NIST800-53 r5, NIST CSF2.0, CIS, ISO27K • Designing solutions related to advisory & consulting engagements around regulatory risk & compliances such as DORA, NIS2, GDPR, SOX ITGC … preferable candidates from Big4 organizations) • Capabilities of executing atleast 3-4 advisory/consulting engagements. • Technical Knowledge around information security, business continuity and technology risk assessments. ISO 27K, NIST, AI Governance, CIS etc. • Good compliance understanding of industry domains such as BFSI – (SOX, FFIEC, PCI-DSS, BASEL, MAS etc.), Healthcare & Life-sciences – (HIPAA, Hi-Trust, FDA CFR, GxP … Compliance), Telecom, Retail, Data Privacy (GDPR, CCPA) Energy & Utilities (NERC, FERC) Information Security (ISO 27000, NIST, CIS) TPRM • Business Resiliency & Cyber Recovery, ZTA • GRC Project & Program Management • Excellent written and verbal communications skills • Should be able to travel 70%-80% on short as well as long term engagements. PLATFORM/TOOL EXPERTISE • Experience on the below mentioned tools More ❯
london (city of london), south east england, united kingdom
HCLTech
Managing sales, pre-sales and delivery team of consultants for all regional engagements • Designing solutions related to Cyber Risk engagement on assessment and implementation of frameworks such as NIST800-53 r5, NIST CSF2.0, CIS, ISO27K • Designing solutions related to advisory & consulting engagements around regulatory risk & compliances such as DORA, NIS2, GDPR, SOX ITGC … preferable candidates from Big4 organizations) • Capabilities of executing atleast 3-4 advisory/consulting engagements. • Technical Knowledge around information security, business continuity and technology risk assessments. ISO 27K, NIST, AI Governance, CIS etc. • Good compliance understanding of industry domains such as BFSI – (SOX, FFIEC, PCI-DSS, BASEL, MAS etc.), Healthcare & Life-sciences – (HIPAA, Hi-Trust, FDA CFR, GxP … Compliance), Telecom, Retail, Data Privacy (GDPR, CCPA) Energy & Utilities (NERC, FERC) Information Security (ISO 27000, NIST, CIS) TPRM • Business Resiliency & Cyber Recovery, ZTA • GRC Project & Program Management • Excellent written and verbal communications skills • Should be able to travel 70%-80% on short as well as long term engagements. PLATFORM/TOOL EXPERTISE • Experience on the below mentioned tools More ❯
day-to-day operations to major transformation projects. Main responsibilities: Leading security assurance, assessments, and advisory for IT and business projects (both Cloud and On-Prem), aligned to NIST800-53 standards. Partnering with security architecture and other teams to define and embed security patterns and controls. Developing non-functional security requirements and guiding their integration … to finish. Bonus points if you bring: Experience with AppSec and DevSecOps. Hands-on knowledge of Azure, AWS, and/or Google Cloud. Familiarity with standards like ISO2700X, ISO31000, NIST800, PCI-DSS. Certifications such as CISSP, CCSP, CRISC, CISM, or SABSA. Why QBE? At My Best? At QBE, we want our people to feel rewarded and inspired to perform at More ❯
Strong experience working with advanced penetration test and audit tools notably Kali Linux. Knowledge and experience working with at least one of the IT security frameworks such as NIST800series/ISO27001/CIS control suites. Offensive Security mindset. Proven excellent customer service skills. Sound relationship management and communication skills. Excellent working knowledge of core More ❯
Assurance Risk Assessment and Risk Treatment Plans Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, implementing security standards such as ISO 27000 series, NIST, CSF, and CSA Identify and deliver appropriate controls based on industry standards (e.g. CCM) to drive cloud and customer security solutions framework based on business risk and cloud native … IAM Cloud security concepts, technologies and best practices for delivering security across IaaS, PaaS, SaaS and Serverless architectures Implementing Information Security and Privacy Standards and Frameworks (e.g. ISO 27k, NIST800-53, CIS, GDPR) Leading security working groups and external security testing (ITHC, Penetration Testing, etc) of cloud solutions at high HMG classification levels (OFFICIAL required, SECRET desirable) or equivalent in More ❯
and manage Google Cloud services (Compute Engine, Storage, IAM, VPC, Kubernetes, Databases) for isolated and highly secure environments. Implement and enforce robust security, governance, and compliance controls (e.g., NIST, FedRAMP, ITAR, HIPAA, GDPR, or similar frameworks). Troubleshoot and optimize workloads in mission-critical, resource-constrained, or disconnected environments. Deliver hands-on technical workshops, knowledge transfer sessions, and … Cloud Engineer or Cloud Architect) preferred. Preferred Qualifications Experience working in classified environments or with security clearances. Familiarity with compliance frameworks (e.g., FedRAMP High, DoD IL5/IL6, NIST800-53, ITAR). Knowledge of secure enclave operations, hardened systems, and cross-domain solutions. Background in system hardening, encryption technologies, and identity/access control in More ❯
the delivery of business objectives while managing risk. Key Responsibilities - Develop, implement, and maintain information security assurance programs. Ensure compliance with regulatory requirements and standards (e.g., ISO 27000, NIST SP800 series, CSF). Conduct risk assessments and vulnerability management activities. Maintain robust security controls across enterprise assets, software, networks, and applications. Support incident response and recovery processes, including … monitoring strategies. Qualifications & Experience - Mandatory: At least 5 years' experience in information security assurance roles. Proven experience with information security management frameworks and regulatory compliance (e.g., ISO 27000, NIST). Strong understanding of security controls across data, networks, applications, devices, and users. Desirable: Familiarity with regulations in the Nuclear industry across operational geographies (US, UK, Netherlands, Germany). More ❯
the delivery of business objectives while managing risk. Key Responsibilities - Develop, implement, and maintain information security assurance programs. Ensure compliance with regulatory requirements and standards (e.g., ISO 27000, NIST SP800 series, CSF). Conduct risk assessments and vulnerability management activities. Maintain robust security controls across enterprise assets, software, networks, and applications. Support incident response and recovery processes, including … monitoring strategies. Qualifications & Experience - Mandatory: At least 5 years' experience in information security assurance roles. Proven experience with information security management frameworks and regulatory compliance (e.g., ISO 27000, NIST). Strong understanding of security controls across data, networks, applications, devices, and users. Desirable: Familiarity with regulations in the Nuclear industry across operational geographies (US, UK, Netherlands, Germany). More ❯
