14 of 14 Permanent ISO/IEC 27001 Jobs in Edinburgh

level experience as a Cyber Security Professional? Join us to shape the security technology and tooling strategy for HMRC and influence the UK Public Sector. Enjoy a healthy work / life balance while making a significant impact. HMRC are now one of the most digitally advanced tax authorities in the world and are continuing to spend the next five … strategic platforms. In addition, you may be encouraged to undertake line management responsibilities developing and managing a team. You may be expected to own and develop CSTS capabilities and / or services. Person specification Ideal candidate: A business and technology leader in the strategic selection, development and delivery of technical security controls and services. Focused expertise to develop and … encryption systems, infrastructure, risks, weaknesses and mitigations. Knowledge and Experience of Modernised Security Operations Centre including Attack Surface Management. Cloud Security & Risk applied to all service and deployment ISO standards including 27001, 27002, 27005, 270017, 27018, 22301 and NIST CSF 2.0. Technical Security within one or many of the following domains: Identity and Access Management: Expertise More ❯

to protect our organisation's assets from cyber threats and ensuring compliance with industry standards. Key Responsibilities Assist in the planning and implementation of security controls and testing to ISO27001 standards, including developing and enforcing security policies and best practices to ensure compliance. Perform business impact analyses (BIA) across key technology processes, systems and facilities and identify any gaps that … with threat assessment and work with business units in articulating impact and mitigations to reduce attack surface. Plan, schedule, conduct and report on systems security audits, ensuring any corrective / preventive actions identified are tracked to a satisfactory conclusion. Document and report enterprise risk and compliance issues according to required timelines. Assist with the management, planning & preparation of third … skills. Ability to work on own initiative. Applicants must have the Right to Work in the UK. Desirable knowledge, skills and experience Qualifications such as CompTIA Security+, CEH or ISO27001 Lead Implementer. Experience of senior management engagement and relationship management. Experience in dealing with Information Security incidents. Experience conducting penetration tests and working with vulnerability management tools. Benefits This role More ❯

You'll Do SOC Leadership & Threat Detection Lead and mentor a team of SOC analysts and engineers, ensuring high-quality coverage across all GCP workloads. Establish and maintain 24 / 7 detection and response capabilities, fine-tuning alerting rules and monitoring strategies. Deploy and maintain detection rules using Chronicle SIEM, YARA, Sigma, and GCP-native logging tools. Define and … Identity & Access Management) Cloud Logging and Monitoring Workload Identity Federation Automate security response using Python, Terraform, or XSOAR. Collaborate with infrastructure and DevOps teams to embed security into CI / CD pipelines, containers (GKE), and API services. Compliance & Risk Alignment Ensure operational alignment with PCI-DSS, ISO 27001, SOC 2, NIST, and GDPR requirements. Support … high-value fintech applications. Essential Qualifications Experience as SOC lead, cyber operations manager, or similar role. Hands-on experience in securing Google Cloud Platform (GCP) environments across multiple projects / accounts. Strong expertise in: SIEM management (Chronicle, Splunk, Elastic) Incident response and recovery Security orchestration (SOAR), preferably Chronicle + XSOAR IAM, policy enforcement, logging, and access reviews in GCP More ❯

transition and transformation engagements. • Develop knowledge base, re-usable components for GRC advisory services. • Responsible for development and enhancements of GRC services, team and delivery capabilities. • Manage 3rd party / sub-contractors as part of the GRC delivery engagement. • Manage local partners and develop partner sales channel Skills: Expertise in delivery of risk and compliance advisory services (preferable candidates … from Big4 organizations) • Should have proven capabilities of executing atleast 3-4 advisory / consulting engagements • Excellent technical capabilities around information security, business continuity and technology risk assessments. ISO 27K, NIST, AI Governance, CIS etc. • Good compliance understanding of industry domains such as BFSI – (SOX, FFIEC, PCI-DSS, BASEL, MAS etc.), Healthcare & Life-sciences – (HIPAA, Hi-Trust … Cyber Recovery, ZTA • GRC Project & Program Management • Excellent written and verbal communications skills • Should be able to travel 70%-80% on short as well as long term engagements. PLATFORM / TOOL EXPERTISE Experience on the below mentioned tools is not mandated but candidates having exposure to these will be preferred: • MetricStream, Archer, ServiceNow GRC & SecOps, OneTrust QUALIFICATIONS B.E / More ❯

of day to day security activities, achieving credibility and buy in from stakeholders across the business. You’ll advise senior leadership and the board on cyber risks, drive ISO 27001 alignment, and lead incident response and continuous improvement initiatives. This is a strategic and hands-on leadership role, ideal for someone passionate about embedding security into … include: Strategic Leadership : Develop and implement a cyber strategy aligned with business goals and regulatory expectations Risk & Compliance : Manage cyber risks, ensure compliance with GDPR, NIS2, and maintain ISO 27001 readiness. Governance & Advisory : Advise the Board and Executive on cyber threats, resilience, and strategic decisions. Incident Response : Lead response to cyber incidents, ensuring rapid recovery and More ❯

across all entities. Own the group-wide cyber security posture: set policy, oversee risk assessments, incident response, and third party vendor assurance in accordance with recognised standards such as ISO27001 and Cyber Essentials Plus. Develop and maintain a clear, transparent view of IT risks across the organisation, and implement effective mitigation strategies as a core element of technology governance. Lead More ❯

ANY Experience of conducting control testing, technical reviews or audits to understand cyber compliance needs aligned to technical and regulatory standards. Experience of cyber risk management, security frameworks (NIST, ISO27001) cyber compliance, assurance, and attestation work. Exposure to facilitating penetration testing, security risk assessments, driving the remediation of cyber vulnerabilities and remediating or mitigating cyber risks. Experience of security testing More ❯

security measures to protect organisational assets from cyber threats and ensuring compliance with industry standards. Key Responsibilities Assist in the planning and implementation of security controls and testing to ISO27001 standards. Perform business impact analyses (BIA) across key technology processes, systems, and facilities, identifying gaps in critical information gathered and recorded. Communicate significant changes in Business Continuity plans to the … Security methodologies, standards, and technologies, including ISO27001. Previous experience in an Information Security or Enterprise Risk role. Awareness of Business Continuity and IT standards, policies, and frameworks, including ISO22301 / BCMS. Business Continuity Management knowledge with proven experience in this area. Knowledge of IT with an … understanding of system architecture interdependencies, enabling effective communication with IT personnel. Strong documentation, analytical, and presentation skills. Desirable Knowledge, Skills, and Experience Qualifications such as CISA, CISM, CEH, or ISO27001 Lead Implementer / Auditor. Experience engaging with senior management and managing relationships. Previous experience handling Information Security incidents. Benefits This role offers a competitive salary based on skills and More ❯

security measures to protect organisational assets from cyber threats and ensuring compliance with industry standards. Key Responsibilities Assist in the planning and implementation of security controls and testing to ISO27001 standards. Perform business impact analyses (BIA) across key technology processes, systems, and facilities, identifying gaps in critical information gathered and recorded. Communicate significant changes in Business Continuity plans to the … Security methodologies, standards, and technologies, including ISO27001. Previous experience in an Information Security or Enterprise Risk role. Awareness of Business Continuity and IT standards, policies, and frameworks, including ISO22301 / BCMS. Business Continuity Management knowledge with proven experience in this area. Knowledge of IT with an … understanding of system architecture interdependencies, enabling effective communication with IT personnel. Strong documentation, analytical, and presentation skills. Desirable Knowledge, Skills, and Experience Qualifications such as CISA, CISM, CEH, or ISO27001 Lead Implementer / Auditor. Experience engaging with senior management and managing relationships. Previous experience handling Information Security incidents. Benefits This role offers a competitive salary based on skills and More ❯

way Work closely with digital, cybersecurity, platform, and business teams to translate strategic goals into practical technical designs Champion security-by-design and compliance with frameworks like NIS2 and ISO27001 Guide architectural decisions across Azure, Power Platform, M365, and related tools Steer innovation, solution modernisation, and cloud governance Manage a team of solution architects, developing capability and fostering a culture More ❯

DevOps Engineer (Azure / Terraform) - Edinburgh Sadly no sponsorship applications considered. This is a key role focused on enabling efficient, secure, and scalable delivery pipelines, ensuring reliable migrations from development to production environments, and contributing to the continuous improvement of systems and processes. Key responsibilities include: Setting up code repositories, access controls, and CI / CD pipelines Implementing … infrastructure using Infrastructure as Code (Terraform, ARM / Bicep) Collaborating with architects, developers, and testers to streamline deployments Monitoring application performance and proactively identifying issues Supporting security, documentation, and handover of production-ready code Contributing to the automation and enhancement of development workflows Essential skills and experience: Strong knowledge of Microsoft Azure and Azure DevOps Proficiency with scripting tools … PowerShell, Bash) Experience with Git, networking fundamentals, and Agile methodologies Familiarity with monitoring tools (Application Insights, Log Analytics) Understanding of ISO 27001 is a plus This is an excellent opportunity for someone who thrives in a dynamic environment, enjoys problem-solving, and is passionate about modern DevOps practices. Applicants must have the right to work in More ❯

across IT and OT environments. Ensure alignment with digital strategy, regulatory standards, best practices, and regulatory requirements. Manage and mentor a team of solution architects. Embed cybersecurity, compliance (e.g. ISO27001, NIS2), and future-ready design into all technical solutions. About you: Proven experience in architecture leadership within complex digital programmes Strong background in cloud platforms (ideally Azure), M365, APIs, and … system integration Deep understanding of governance, risk, and compliance in regulated / public environments Strong stakeholder engagement and team leadership skills Why apply? This is an opportunity to shape major public services through strategic technology leadership. You will contribute to a nationally important digital investment portfolio ( 40- 50M annually), with a focus on sustainability, innovation, and service improvement. Flexible More ❯

across IT and OT environments. Ensure alignment with digital strategy, regulatory standards, best practices, and regulatory requirements. Manage and mentor a team of solution architects. Embed cybersecurity, compliance (e.g. ISO27001, NIS2), and future-ready design into all technical solutions. About you: Proven experience in architecture leadership within complex digital programmes Strong background in cloud platforms (ideally Azure), M365, APIs, and … system integration Deep understanding of governance, risk, and compliance in regulated / public environments Strong stakeholder engagement and team leadership skills Why apply? This is an opportunity to shape major public services through strategic technology leadership. You will contribute to a nationally important digital investment portfolio (£40-£50M annually), with a focus on sustainability, innovation, and service improvement. Flexible More ❯

preempts ransomware and security risks, and protects the digital employee experience. Trusted by thousands of enterprises managing millions of endpoints globally, Action1 is certified for SOC 2 and ISO 27001. The company is founder-led by industry veterans Alex Vovk and Mike Walters, American entrepreneurs who founded Netwrix, which has grown into a multi-billion-dollar industry-leading More ❯