London, England, United Kingdom Hybrid / WFH Options
WSP
although some interaction with clients and third parties may be required. This position requires a senior management professional with relevant experience and a strong working knowledge of IT security, risk management, regulatory compliance, information and public cloud service technology, IT operations management principles, and third-party security management. A little more about your role... Specific areas of responsibility may … implementation and maintenance of its ISO27001 aligned Data and Information Security Management System. Establish and maintain the Information Security Governance framework; including running the Information Security Committees; coordinating IS risk management, executive reporting and participate in other forums where information security input and approval is required based on documented policies and processes. Risk Management: Oversee the identification, reporting … assessment, and mitigation of information security risks. Work closely with cross-functional teams to ensure risk management practices are embedded in business processes and projects. Monitor the effectiveness of risk mitigation measures and drive continuous improvement. Security Awareness and Training: Develop and deliver comprehensive security awareness and training programs to promote a security-conscious culture. Collaborate with stakeholders More ❯
systems, data, and infrastructure from threats and attacks. Key Responsibilities: Design and implement enterprise security architecture across systems, applications, networks, and cloud platforms. Conduct security assessments, threat modeling, and riskanalysis for new and existing systems. Develop and maintain security policies, standards, and best practices aligned with industry frameworks (e.g., NIST, ISO 27001, CIS Controls). Collaborate with More ❯
Milton Keynes, Buckinghamshire, South East, United Kingdom Hybrid / WFH Options
In Technology Group Limited
real-time. Design and implement security solutions and controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection. Perform regular vulnerability assessments, penetration testing, and risk analysis. Collaborate with IT and development teams to ensure secure system architecture and application development. Maintain and enhance incident response procedures and disaster recovery plans. Investigate and document security … breaches, providing root cause analysis and remediation plans. Conduct security awareness training for staff and ensure compliance with internal policies and regulatory requirements (e.g., FCA, GDPR, ISO 27001). Stay up to date with the latest security technologies, trends, and threat intelligence. Essential Skills & Qualifications: Proven experience in a cyber security or information security engineering role. Strong knowledge of More ❯
London, England, United Kingdom Hybrid / WFH Options
CloudBees
CI/CD workflows and providing evidence as a service. According to Gartner, by 2026, 70% of enterprises will have integrated compliance as code into their DevOps toolchains, reducing risk management and improving lead time by at least 15%. Hence this is a significant opportunity to drive a positive transformation across the DevSecOps landscape delivering value to our … like NIST and FedRAMP and the audit process around demonstrating compliance effectively. Practical experience of the System Development Life Cycle, Software Development Life Cycle, and Agile framework Expertise in riskanalysis, threat modeling, and vulnerability assessments Experience in coordinating with diverse cross-functional teams, including software engineers, designers, and stakeholders to drive the necessary outcomes. Strong technical abilities … reusable platform capability. It would be desirable , but not essentia l, if you also had one or more of Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF); Experience in security accreditation e.g. PCI-DSS, FedRAMP, SSDF (NIST SP800-218), FISMA/NIST SP800-53, ISO 27001, DORA Cyber security certification e.g. Certified Information More ❯
London, England, United Kingdom Hybrid / WFH Options
CloudBees
CI/CD workflows and providing evidence as a service. According to Gartner, by 2026, 70% of enterprises will have integrated compliance as code into their DevOps toolchains, reducing risk management and improving lead time by at least 15%. Hence this is a significant opportunity to drive a positive transformation across the DevSecOps landscape delivering value to our … like NIST and FedRAMP and the audit process around demonstrating compliance effectively. Practical experience of the System Development Life Cycle, Software Development Life Cycle, and Agile framework Expertise in riskanalysis, threat modeling, and vulnerability assessments Experience in coordinating with diverse cross-functional teams, including software engineers, designers, and stakeholders to drive the necessary outcomes. Strong technical abilities … reusable platform capability. It would be desirable , but not essentia l, if you also had one or more of Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF); Experience in security accreditation e.g. PCI-DSS, FedRAMP, SSDF (NIST SP800-218), FISMA/NIST SP800-53, ISO 27001, DORA Cyber security certification e.g. Certified Information More ❯
related to cloud security breaches and misconfigurations. Implement SIEM and security monitoring tools for real-time threat detection. Cloud Security Assessments & Compliance Conduct cloud security assessments, penetration testing, and riskanalysis . Ensure compliance with ISO 27001, NIST, CIS Benchmarks, GDPR , and other security standards. Collaborate with DevOps teams to integrate security into CI/CD pipelines. Security More ❯
London, England, United Kingdom Hybrid / WFH Options
Aztec
We can consider hybrid or fully remote work in the UK. We’re looking for a self-motivated and driven individual with a passion for technology risk management who is looking for an exciting role as a technology risk subject matter expert within the second line of defence (2LoD) Chief Risk Office. You will provide expertise, advice … and independent challenge around the Technology risk and control environment and play a crucial role in developing the technology risk strategy to protect Aztec from technology-related threats while enabling business growth and innovation. This role offers the successful candidate extensive opportunities for development and the opportunity to apply their knowledge of technology risk at a senior … level within a financial services environment. Key responsibilities: Development and delivery of Aztec’s technology risk strategy in line with the ERMF and the Chief Risk Office roadmap, regulatory requirements and industry best practice, such as COBIT5/ITIL. Ensure that key strategic risks and controls associated with cloud infrastructure, AI, data management, and wider digital transformation are More ❯
Southampton, England, United Kingdom Hybrid / WFH Options
Aztec
We can consider hybrid or fully remote work in the UK. We’re looking for a self-motivated and driven individual with a passion for technology risk management who is looking for an exciting role as a technology risk subject matter expert within the second line of defence (2LoD) Chief Risk Office. You will provide expertise, advice … and independent challenge around the Technology risk and control environment and play a crucial role in developing the technology risk strategy to protect Aztec from technology-related threats while enabling business growth and innovation. This role offers the successful candidate extensive opportunities for development and the opportunity to apply their knowledge of technology risk at a senior … level within a financial services environment. Key responsibilities: Development and delivery of Aztec’s technology risk strategy in line with the ERMF and the Chief Risk Office roadmap, regulatory requirements and industry best practice, such as COBIT5/ITIL. Ensure that key strategic risks and controls associated with cloud infrastructure, AI, data management, and wider digital transformation are More ❯
products and services, recommending best-fit solutions. Support incident investigations and security control enhancements. Ensure security architectures align with industry frameworks such as TOGAF and SABSA. Key Deliverables Gap Analysis Report: Assessing current security posture against NIST 800-53. Security Control Mapping: Documenting alignment of existing controls with compliance frameworks. Implementation Plans: Designing and deploying new security controls. … least 2 years in a similar role. Strong knowledge of NIST 800-53, ISO27001, PCI DSS, and COBIT. Experience with security frameworks (SABSA, TOGAF). Understanding of threat and riskanalysis methodologies. Experience in cloud security (Azure, AWS, Google). Ability to work in high-security HMG and MOD environments. Desirable Certifications CompTIA Security+, CISSP, CISM, CCSP, TOGAF … SABSA SCF. CESG Certified Cyber Professional (CCP) in Security Architecture or Risk Management. ISO27001 Lead Auditor. More ❯
designs. Conduct security reviews and assurance activities to validate security compliance across IT and OT systems. Provide security guidance and direction to stakeholders, ensuring alignment with security frameworks and risk management practices. Participate in cyber analysis activities, assessing outputs to help shape security direction and strategy. Implement security tools and technologies, supporting their integration into existing security architecture. … the utilities sector or similar critical infrastructure environments. Strong understanding of how enterprise security architecture fits into broader business and IT strategies. Hands-on experience conducting security assessments and riskanalysis within IT and OT environments. Seniority level Mid-Senior level Employment type Contract Job function Information Technology Industries Utilities and IT Services and IT Consulting #J More ❯
meaningful security transformation. Key Responsibilities As part of a versatile consulting team, you’ll support clients across various industries with end-to-end security services. Responsibilities include: Security Assessments & Risk Management : Conduct security assessments, riskanalysis, and provide incident response guidance. Identify and prioritise remediation actions. Security Solution Design : Design and implement bespoke cyber security solutions using More ❯
Plymouth, Devon, United Kingdom Hybrid / WFH Options
Thales Group
and guidance to develop reliable, secure, and compliant security solutions tailored to project needs. Your responsibilities include: Advising on high-level security architecture and contributing to design processes, including risk assessments Consulting on security component architectures (e.g., SIEM, IAM, gateways) Evaluating architectures against policies and standards (NIST, ISO, JSP) Justifying architectural decisions Coordinating across multidisciplinary teams Presenting solutions to … recognized as a valuable contributor to sensitive programs. COMPETENCIES: You can independently define architectures, are proficient in Infrastructure Security, Security Supervision, and Information Systems Security. You are familiar with RiskAnalysis, Network Security, Cryptography, IAM, cloud technologies, and compliance monitoring. You excel in working with customers and technical teams. NICE TO HAVE: Domain expertise in Defence, Nuclear, Government … Aerospace, CNI, Transport; experience in Risk Management and Accreditation. CAREER DEVELOPMENT: Thales offers opportunities to explore different domains, roles, and international careers. We support personal growth, talent development, and career flexibility within our global organization. Candidates must provide proof of identity, work eligibility, and employment/education history for up to three years. Some roles may require full Security More ❯
or efficiency, of the Cyber Security team, by identifying innovative, problem-solving solutions. Create and maintain appropriate standard operating procedures for the Cyber Security and information protection. Support on Analysis & Planning Activities Identify, respond, predict and analyse security breaches and threats to determine their root cause and report findings to relevant stakeholders on cyber-security threats, attacks, incidents, and … Information Security Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction within mandate Assessment of the organisation's technology risk exposure and measurement of the various parameters that make up technology risks. Support the Design for your area of responsibility Work closely with other stakeholders to design, architect, consult … the desired outcomes and success criteria which is to be the baseline for post project review and benefit realisation validation, as well as measuring positive effects. Contribute to project risk management consulting and technical reviews, drafting mitigation plans and delivering on any actionable items allocated Draft procedures and or policies with regards to cyber security submitting them to the More ❯
Crawley, England, United Kingdom Hybrid / WFH Options
Thales
with customers to define and implement Cyber Security Operations capabilities within their organisations. Assists customers in the routine application and interpretation of SOC security legislation, standards, policies and practices. Risk Assessment and Vulnerability Analysis: Perform thorough assessments of clients’ SOC systems, identifying security gaps, and vulnerabilities. Conduct risk analyses to determine potential impacts on operations and prioritize … Understanding of SOC/SIEM configurations and possesses the ability to test, diagnose, configure and maintain SOC systems. Produce security architecture design documents that have been created through an analysis of the potential risks, which has taken into account threats and likely attack routes to a system and produces pragmatic security controls. Selection of appropriate security components to provide … department policies. Ability to analyse information and produce reports, network diagrams and recommendations on how to improve security monitoring and detection. Ability to plan, control, report and manage the risk for a defined package of work to ensure delivery of on-time, budget and quality products. This role will require SC Clearance. It would be advantageous if currently held More ❯
Cyber Security operation's function is responsible for the day-to-day provision of enterprise cyber security services to support the business. These services include all aspects of Cyber Risk Management, implementation and maintenance of technical security controls, vulnerability and patch management and operate effective incident management and cyber investigations. The department’s key objective is to ensure Insight … policies and standards • Supporting internal and external audits evidence gathering of cyber security • Chairing Vulnerability management meetings and following through on reports and remediations with the tech teams. Performing riskanalysis on when vulnerability management incidents • Being integral to projects related to Security Operations • Staying up to date with the latest threat intelligence and threat hunting methodologies to More ❯
Bristol, England, United Kingdom Hybrid / WFH Options
UK Ministry of Defence
and improve the user experience. This role plays a critical role in supporting the successful delivery of projects within BMfS by applying robust Project Controls processes across planning, scheduling, risk, cost, and resource management. This role ensures integration and coherence across multiple projects, enabling effective control, informed decision-making, and alignment with the overall programme strategy. The post holder … to HEO Project Control Managers, ensuring consistency in approach and contributing to the achievement of programme objectives. The role oversees the development and maintenance of integrated schedules, supports schedule riskanalysis, and ensures that milestone tracking and interdependencies are effectively managed. In addition, the Senior Project Controls Manager will provide expert advice to senior leaders, support governance and … assurance activities, and promote a culture of proactive risk and issue management. The role requires extensive experience in Project Controls and programme environments, with a strong understanding of transformational change, stakeholder engagement, and the application of best practice methodologies. This role will have line management responsibilities. This position is advertised at 37 hours per week. Job Description Schedule and More ❯
support the continued development of a robust security programme across cloud-based IT services and managed environments (particularly Microsoft 365 and Azure). This role spans security operations, governance, risk, and assurance , and will suit someone with a blend of hands-on technical skills and strategic thinking. What You'll Be Doing: Support and improve day-to-day security … operations, incident response, and vulnerability management. Lead on security investigations and ensure remediation is aligned with industry best practices. Conduct risk assessments and provide security consultancy for technical projects and service design. Help maintain ISMS policies and ensure regulatory compliance (e.g. PCI-DSS, GDPR, FCA). Play a key role in cloud security strategy across Azure/M365 and … in a security-focused role with exposure to frameworks like PCI, ISO27001, or FCA compliance. Deep understanding of Microsoft cloud environments and hands-on experience with technical controls. Excellent riskanalysis, stakeholder engagement, and documentation skills. Relevant qualifications such as CISSP, CompTIA Security+, AZ-500, or MS-500 are highly desirable. Seniority level Seniority level Mid-Senior level More ❯
Consultant EBRD London, United Kingdom Apply now Posted 21 hours ago Permanent Competitive Information Security and Privacy Consultant Requisition ID 35706 Office Country United Kingdom Office City London Division Risk Management Contract Type Short Term Contract Length 12 months Posting End Date 03/06/2025 About the Role The European Bank for Reconstruction and Development (EBRD) is … ensure that the Bank maintains high standards of security, privacy, and compliance, contributing to our mission of promoting sustainable development across our regions of operation. About the Department Operational Risk Management (ORM) is part of the Bank's Risk Management group and forms the second line of defence . ORM is responsible for independently identifying, assessing, and supporting … data subject requests and support the Personal Data Review Panel on personal data-related complaints. Advise on IT and business projects with respect to InfoSec and privacy risks. Maintain risk registers , provide ongoing riskanalysis, and contribute to risk mitigation plans. Support completion and review of Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs More ❯
Crawley, England, United Kingdom Hybrid / WFH Options
Thales
development of high level security compliant architecture and contribution to the design of the preliminary and detailed designs of the solution: it includes the study of alternatives and a risk assessment Consult on potential security components architectures (e.g. SIEM, IAM, gateways, detection and deception capabilities...) Evaluate architectures against Business Line policy and major cyber security standards & regulation frameworks (NIST … You are proficient with Infrastructure Security Design, Security Supervision Design, and Information Systems Security (ISS) You can advise and give support to the rest of the team Familiar with RiskAnalysis, Network Security, Cryptography, Identity & Access Management (software/hardware development, the NIST Cybersecurity Framework, cloud technologies) Able to monitor and measure risk as well as compliance … You have the ability to work with customers and technical teams NICE TO HAVE: Domain knowledge – Defence, Nuclear, Government, Aerospace, CNI, Transport Risk Management and Accreditation YOUR CAREER AT THALES Future opportunities will allow you to discover other domains or sites. You will be able to evolve and grow your competences in different areas: Room and attention to personal More ❯
Key Responsibilities: Implement and manage security technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), SIEMs, and endpoint protection Conduct threat and vulnerability assessments, penetration testing, and riskanalysis activities Design and deploy security controls that align with enterprise architecture and regulatory requirements Support secure configuration and hardening of systems, applications, and infrastructure Monitor and respond More ❯
Ensure security is prioritised through automation tools, security testing, and vulnerability scanning as part of the continuous delivery process. Security Assessments & Incident Response : Conduct security assessments, vulnerability scans and risk analyses to identify and address potential security weaknesses within cloud environments. Support the security operations team in incident response efforts related to cloud security incidents, ensuring timely detection, containment More ❯
security vulnerabilities and threats through automation and proactive monitoring. Define and enforce security policies and best practices for cloud usage across the organization. Conduct regular security assessments, audits, and riskanalysis on cloud-based systems. Collaborate with DevOps to integrate security into CI/CD pipelines (DevSecOps). Manage identity and access controls (IAM) to enforce least privilege … principles. Respond to security incidents and lead root cause analysis for cloud-related security breaches. Stay current with the latest cloud security trends, threats, and technologies. Required Qualifications Bachelors degree in Computer Science, Cybersecurity, or a related field (or equivalent experience). 3+ years of experience in cybersecurity with at least 2 years focused on cloud security. Hands-on More ❯
and requirements, such as: Working with AWS Cloud Infrastructure team to secure our cloud infrastructure Working with the development team in embedding security in the SDLC Provide assistance in risk management activities Support security-related incidents Support our log monitoring operations Take part in threat modelling sessions Support the teams in riskanalysis of technical vulnerabilities Support More ❯
ongoing threat detection and response. Integrate Security in SDLC: Collaborate with product and engineering teams to integrate security into every stage of the software development lifecycle. Threat Modeling and RiskAnalysis: Perform structured threat modeling using frameworks such as STRIDE and PASTA to proactively mitigate security risks. Champion Developer Education: Promote secure development practices by educating engineers on More ❯
performance strategy and ensuring best practices Participate actively in functional, system and regression testing activities Capture quality assurance data and metrics to provide insights and conclusions Estimate and perform riskanalysis for quality delivery Should contribute in programming using Python/C#/Java or Tosca Design and develop the automated tests using automation tools using Pyraft/ More ❯