Croydon, England, United Kingdom Hybrid / WFH Options
UK Home Office
the following skills or experience in: Proficiency in implementing and managing risk management processes based on established frameworks such as NCSC Cyber Assessment Framework, NIST Cybersecurity Framework, or other relevant standards. Ability to design and implement security controls aligned with organisational requirements, whilst navigating changes and proactively responding to evolving More ❯
e.g., zero trust, defense in depth) to manage risk while meeting user requirements. Threat and risk assessment – using frameworks like ISO 27001, COBIT, or NIST to identify vulnerabilities, prioritize fixes, and justify decisions. Technical expertise – applying security concepts at a technical level, working with security tools, network security infrastructure technologies … and Information Security Management frameworks (e.g. ISO 27000, CoBIT, NIST). Penetration testing & remediation – planning or scoping tests, interpreting findings, and guiding improvements to maintain system integrity. Effective communication – translating security concepts for diverse audiences, influencing decisions, and promoting secure practices. Collaboration – partnering with architects and DevOps teams to ensure More ❯
e.g., zero trust, defense in depth) to manage risk while meeting user requirements. Threat and risk assessment - using frameworks like ISO 27001, COBIT, or NIST to identify vulnerabilities, prioritize fixes, and justify decisions. Technical expertise - applying security concepts at a technical level, working with security tools, network security infrastructure technologies … and Information Security Management frameworks (e.g. ISO 27000, CoBIT, NIST). Penetration testing & remediation - planning or scoping tests, interpreting findings, and guiding improvements to maintain system integrity. Effective communication - translating security concepts for diverse audiences, influencing decisions, and promoting secure practices. Collaboration - partnering with architects and DevOps teams to ensure More ❯
threats, and embed security into agile pipelines using tools like IaC scanning and SAST/DAST. By applying risk frameworks like ISO 27005 andNIST, you’ll communicate clear, proportionate solutions across technical and non-technical audiences. This role offers a chance to influence resilient, compliant services that balance security … responses. Oversee vendor and SaaS security evaluations, ensuring robust contractual safeguards. What you will bring Risk‐based decision‐making - expert in ISO 27001/NIST/CIS controls, able to quantify and articulate risk, then select proportionate, cost‐effective controls. Technical depth - hands‐on knowledge of cloud security, IAM, container More ❯
