1 to 25 of 26 Permanent ISO/IEC 27001 Jobs in Gloucestershire

by-design). Perform security code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 / 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security documentation (RMADS, Security Assurance Documents … . Testing & Assurance Design and execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience (5+ years) in product or … application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on experience with security testing tools and techniques (SAST, DAST, penetration testing). Eligible More ❯

breaches affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST 800-30, NIST 800-53 or OWASP … Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Please reach out to Lewis if you are interested or simply have some questions - E: or DD: (phone number removed) Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced More ❯

Microsoft Dynamics Nav Developer. This is an excellent opportunity to make a meaningful impact within a collaborative and forward-thinking environment. The Role at a Glance: Microsoft Dynamics NAV / BC Developer - C / AL / AL. 100% Remote UK £60,000 - £70,000 Training and Development Contributory pension scheme, Perkbox Membership Company: Leading provider of tailored … chain, inventory management and the back-office; benefiting both the NHS and healthcare suppliers Pedigree: First GS1 UK Approved Solution for inventory management in the NHS. ISO / IEC 27001:2022 Certified. ISO Certified Awards: Extensive awards in the Heath Tech, Innovation & Supply Chain Categories Other Tech Innovations: 360 Healthcare Management … Familiar with Microsoft SQL Server, XML, APIs, and other OOP languages (e.g., C#, Java). Tooling & Standards: •Experienced with DevOps, GitHub, and automated testing tools. •Knowledge of ISO9001 and ISO27001 standards and integrated management systems. Consultancy & Mentoring: •Consultancy experience in Microsoft Dynamics NAV / BC implementations. •Familiar with third-party NAV / BC tools such as Tasklet Mobile More ❯

Microsoft Dynamics Nav Developer. This is an excellent opportunity to make a meaningful impact within a collaborative and forward-thinking environment. The Role at a Glance: Microsoft Dynamics NAV / BC Developer - C / AL / AL. 100% Remote UK £60,000 - £70,000 Training and Development Contributory pension scheme, Perkbox Membership Company: Leading provider of tailored … chain, inventory management and the back-office; benefiting both the NHS and healthcare suppliers Pedigree: First GS1 UK Approved Solution for inventory management in the NHS. ISO / IEC 27001:2022 Certified. ISO (Apply online only) Certified Awards: Extensive awards in the Heath Tech, Innovation & Supply Chain Categories Other Tech Innovations … Familiar with Microsoft SQL Server, XML, APIs, and other OOP languages (e.g., C#, Java). Tooling & Standards: • Experienced with DevOps, GitHub, and automated testing tools. • Knowledge of ISO9001 and ISO27001 standards and integrated management systems. Consultancy & Mentoring: • Consultancy experience in Microsoft Dynamics NAV / BC implementations. • Familiar with third-party NAV / BC tools such as Tasklet Mobile More ❯

throughout the product development lifecycle Conduct detailed threat modelling and risk assessments using recognised tools Lead the implementation of risk management strategies based on industry best practices (NIST, ISO) Work closely with development teams to ensure secure-by-design principles are followed Identify and propose mitigations for security vulnerabilities in solution architectures Maintain and evolve internal security policies … and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO / IEC 27001, ISO 27005, OWASP, and MOD ISN 23 / 09 Ability to identify, assess and mitigate risks across software and hardware More ❯

sacrifice scheme Life Insurance (3x annual salary) Employee Assistance Programme (EAP) and workplace wellbeing initiatives Private Healthcare cash-back scheme Flexible working hours and location, open to part-time / condensed hours Flexible benefits, such as: Cycle to Work, volunteer days / opportunities and charity events Enhanced parental leave packages and enhanced sick pay Training and development opportunities … team building, company-wide events Role specifics Salary range: Market rate Reporting to: Head of Platform Key stakeholders: Technology and Product, InfoSec, Support Organisational Framework Level: 3 About you / Job Summary We are seeking a pragmatic and highly skilled DevSecOps Engineer to join our Platform team. In this role, you will be responsible for identifying, prioritising and remediating … prem systems. Define and run patch management processes for virtual machines, containers and serverless functions. Integrate vulnerability scanning (e.g. Qualys, Sonar Cloud, Tenable or Azure-native scanners) into CI / CD pipelines. Security Analysis & Incident Response Perform root-cause analysis of security incidents and vulnerabilities. Conduct threat modelling, code and infrastructure reviews. Develop and execute incident response procedures, leveraging More ❯

down to the successful candidate. You can expect: Design and manage scalable, secure cloud environments using Azure Bicep, ARM, or Terraform Lead the implementation of DevSecOps practices including CI / CD, secrets management, zero-trust security, and vulnerability management Develop secure cloud-native architectures including microservices, containers, and serverless patterns Ensure compliance with industry security and privacy standards ( e.g. … ISO 27001, SOC 2, GDPR) Secure containerised environments, including Kubernetes and Docker Collaborate with developers to integrate secure deployment pipelines across the SDLC Support deployments in client environments, including on-prem and multi-cloud Continuously improve infrastructure processes for performance, reliability, and security Where you'll be stretched (and thrive): We're growing fast: That means … skillsyou'll need to succeed in this role Deep experience in Azure infrastructure (with IaC using Bicep, ARM, or Terraform) Hands-on knowledge of DevSecOps tooling and techniques (CI / CD, secrets management, threat modelling) Experience implementing security standards across cloud and hybrid environments Familiarity with container security ( e.g. Docker, Kubernetes) A strong understanding of compliance frameworks such as More ❯

skills and experience Strong stakeholder management skills A strong understanding of enterprise ICT and security principles A strong understanding of cloud security concepts and technologies Understanding of the CI / CD process and security integrations Audit experience (eg ISO 9001 / 27001) is desirable Excellent communication and collaboration skills What we offer A competitive More ❯

security breaches. Provide security guidance and training to teams across the organization. Key Skills & Experience: Strong knowledge of security frameworks (ISO 27001, NIST 800-30 / 53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138 / 139). Proficiency in security threat More ❯

security breaches. Provide security guidance and training to teams across the organization. Key Skills & Experience: Strong knowledge of security frameworks (ISO 27001, NIST 800-30 / 53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138 / 139). Proficiency in security threat More ❯

reduce manual intervention. Support the company in integration of new technologies. Work with our IT security and compliance team to improve IT security and maintain the company's ISO 27001 certification, Cyber Essentials Plus, and BSI C5. Actively participate in on-call and platform service, troubleshooting, resolving issues, and handling escalations to other technical teams, senior More ❯

post-incident reviews and recommend improvements. Forensic Analysis Investigate incidents, perform root cause analysis, preserve digital evidence, and produce forensic reports. Security Tools Manage tools such as firewalls, IDS / IPS systems, and endpoint protection solutions; evaluate and recommend new technologies. Documentation Maintain detailed logs and reports of incidents, assessments, and analyses for internal stakeholders. Collaboration Partner with IT … What We re Looking For IT Expertise Strong knowledge of IT infrastructure, especially cloud platforms; AWS experience preferred. Security Tools Proficiency Hands-on experience with Palo Alto firewalls, IDS / IPS, and endpoint protection. Network Security Knowledge Deep understanding of VPNs, network protocols, and security architecture. Incident Management Proven ability to detect, analyse, and resolve security threats and malware. … both technical and non-technical stakeholders. Project Management Experience managing security projects and working with cross-functional teams. Certifications Relevant qualifications such as CEH, CCSP, CompTIA Security+, or AWS / Azure certs are highly desirable. This fantastic role come with a highly competitive salary which is reviewed annually, and comes with an excellent benefits package which includes a More ❯

Location: Bristol, GB, BS16 1EJ Onsite or Hybrid: Job Title: Cyber Security Lead Location: Warrington, Bristol or Leicester Compensation: Up to £58,104 + Benefits Role Type: Full time / Permanent Role ID: SF66104 At Babcock we're working to create a safe and secure world, together, and if you join us, you can play your part as a … out of the ordinary. We are looking for a Cyber Security expert with proven working experience within a complex organisation responsible for critical defence programmes. Closely working with government / MOD client, programme partners, and design collaborators, you will ensure the highest standards of cybersecurity across all stages of development. Day-to-day, you'll have the following responsibilities … entries, Risk Balance Cases, Information Asset Owner forms, Supplier Assurance Questionnaires. Experienced in relevant Security Policy and Cyber Security Frameworks including the GovS 007, MOD Secure by Design (SbD), ISO27001 - Information Security Management Systems, NIST, NCSC IA Guidance Qualifications for the Cyber Security Lead Educated to degree level or holds a relevant professional qualification or equivalent experience. Security Clearance The More ❯

network protocols, VPNs, and security architecture. Experience in incident detection, analysis, response, forensic and malware analysis. Skills in scripting and automation (Python, PowerShell). Knowledge of frameworks like ISO 27001, NIST, Cyber Essentials. Understanding of risk management, data protection, GDPR, and PII. Ability to produce clear security documentation and communicate technical info effectively. Solid organizational skills More ❯

client's risk profile and operational needs. Guide clients in developing and improving their incident response processes, including playbook creation and alignment with security frameworks like NIST and ISO 27001. Regularly review and optimise SIEM configurations to reduce false positives, improve detection accuracy, and adapt to evolving threat landscapes. Advisory & Compliance: Advise clients on aligning SIEM deployments with … of experience in SIEM consulting, SOC, or security operations roles with a focus on threat detection and response. Strong understanding of threat detection methodologies, security frameworks (e.g., NIST, ISO 27001), and compliance requirements. Experience with SIEM design and architecture, data ingestion, log management, and custom dashboard creation. Familiarity with cloud-native security solutions and knowledge of More ❯

infrastructure-as-code, you'll help us build, run, and scale with confidence. Key Responsibilities: Lead a collaborative team of infrastructure and DevOps engineers Build secure, scalable infrastructure (Windows / Linux, VMs, containers) Drive CI / CD, automation, and Infrastructure as Code practices Ensure compliance with NIST, NCSC, CIS, JSP, and ISO 27001 Oversee … in systems administration & automation Solid grasp of compliance frameworks (NIST, NCSC, JSP) Excellent communication and stakeholder management Tech Stack You'll Work With: OS: Windows Server, Hardened Linux Containers / Orchestration: Docker, Kubernetes, Portainer DevOps Tools: Jenkins, Artifactory, Jira, Azure DevOps Virtualization: Nutanix, VMware Security: Defender, Wazuh, Nessus, OPSWAT Monitoring: PRTG, Zabbix Access / Apps: Citrix Netscaler, KASM More ❯

improvement Areas of Knowledge We are looking for people who have working experience or comfortable teaching (or able to learn) in the following areas: Network Security (e.g., Firewalls, IDS / IPS, VPNs) Operating System Security (e.g., Windows, Linux hardening) Ethical Hacking and Penetration Testing (e.g., reconnaissance, vulnerability scanning, exploitation) Security Operations (e.g., SIEM, SOC analysis) Incident Response and Digital … Forensics Cryptography and Secure Communications Cloud Security (e.g., AWS, Azure, GCP security best practices) Application Security (e.g., OWASP Top 10) Compliance and Governance (e.g., GDPR, ISO 27001) Security Tools (e.g., Wireshark, Nmap, Metasploit, Kali Linux) Person Specification: Experience delivering cybersecurity training or mentoring professionals in a security capacity Strong ability to develop learners from intermediate to More ❯

not limited to requirements such as GDPR & ISO 27001. Collaborating with other areas within the company such as the Infrastructure & DevOps teams to integrate virtualisation with CI / CD pipelines and other automation frameworks. Skills: VMWare - vSphere Hyper-V Strong knowledge with automation and scripting technologies such as Python, PowerShell or Ansible. Cloud-based virtualisation (e.g., Azure … GCP, AWS) Knowledge around relevant industry standards such as ISO 27001 & GDPR. Benefits Healthcare package Life Works Gym Allowance Cycle to Work Long-Term Sickness Insurance Employee Assistance Programme Discretionary Bonus Infrastructure Engineer (DV Cleared) | £70,000-£90,000 | VMware | Hyper-V Oscar Associates (UK) Limited is acting as an Employment Agency in relation to this More ❯

ability to understand how architects and designers employ technology to build systems of interest Digitally literate (including fluency in Microsoft Office tools) Able to understand relevant NIST frameworks and ISO27001 standards and how to apply in practice Knowledge of MITRE ATT&CK Essential qualifications for the Cyber Security Risk Consultant: We value difference and we don't have a fixed More ❯

penetration testing. Ideally, a knowledge of Cloud services such as Azure or AWS. Capability to script or code in Bash, Python etc. Appreciation for Cyber Security standards such as ISO27001, PCI-DSS or CIS. This is a role with a growing, exciting organisation who can offer you a strong degree of progression and the ability to undertake testing work with More ❯

practice. Reporting to the Head of Security & Governance , the successful candidate will play a central role in delivering risk reduction across the business. You'll be responsible for maintaining ISO27001 compliance, overseeing risk assessment and mitigation, and supporting incident management across multi-entity operations. Key Accountabilities: Lead and manage a team of three security professionals , supporting their development and day … to-day delivery. Ensure ongoing ISO27001 accreditation and alignment with broader assurance frameworks (e.g. NIST CSF, Cyber Essentials). Shape and implement the company's information security strategy , including policy, tooling, and training. Conduct risk assessments, oversee remediation plans, and guide secure-by-design approaches across projects. Provide technical leadership in areas including threat intelligence, compliance reporting, and incident response … including service providers and the organisation's parent company. Required Skills & Qualifications: Demonstrable experience in information security leadership , including line management or team leadership . In-depth knowledge of ISO27001, GDPR, FCA SYSC, PCI DSS and other regulatory / compliance frameworks. Hands-on experience with security technologies: SIEM, IAM, vulnerability assessment, endpoint protection, cloud services (AWS, SaaS, IaaS) . More ❯

and tippers. Contribute to continual improvement of BT's capability to operationally exploit tools and data to better Protect BT, its business and reputation. To support and maintain the ISO27001 certificate for the SOC that is in scope of the BT Business Support certificate Responsible for working as part of the 24x7 Security Operation Centre (SOC) environment, covering 12 hr … having formal authority. Building External Relationships: partner relationships with other SOCs (peers, customers and vendors) and National Cyber Security Centre operations Basic understanding of security methodologies and processes, and / or networking knowledge. knowledge of current real world cyber-attacks and impacts and how this could relate to BT Group. Understanding of Mitre ATT&CK Framework TTP's Familiarisation … for the Role Understanding of current Cyber Security threats to our industry & motivation to protect BT from malicious adversaries. Experience working within a team Experience working within a IT / Network / SOC environment (not essential) Knowledge of MITRE ATT&CK and its importance Understanding of current Cyber Security threats to our industry Building process documentation and or More ❯

OT Cyber Security Consultant Location: UK-wide (Remote / Hybrid) Job Type: Full-time Salary: Up to 100K + Benefits (depending on experience) We are currently recruiting for two OT Cyber Security Consultants to join a leading, nationwide organisation delivering high-impact cyber advisory services across critical infrastructure and the built environment. These roles are ideal for experienced cyber … within the built environment or critical infrastructure . Strong understanding of cyber-physical systems , OT environments , and connected infrastructure . Experience applying assurance frameworks and technical standards (e.g. NIST, ISO27001, CAF). Background in governance, risk, and compliance (GRC) functions. Excellent communication and stakeholder engagement skills. Agile, analytical, and solutions-focused mindset. Experience in sectors such as energy, water, transport More ❯

understanding of cyber, technology and resilience risks to provide high quality independent assurance on the effectiveness of controls. Responsibilities include: Audit Planning: planning for a portfolio of audits, requesting / selecting resources and liaising with stakeholders to discuss and propose scope and timelines. Audit Execution: managing delivery of a portfolio of audits, delivering audits on time and within budget … ll need: Industry best-practices - Strong technical knowledge and experience of Cyber Security best practices, risks, frameworks and standards, including practical application of NIST, MITRE and ISO27001. Related cyber / information qualifications valued e.g. Certified Information Systems Security Professional (CISSP). Security testing - Knowledge and understanding of ethical hacking / security testing best practices and techniques (with hands … on experience valued). Relevant qualifications valued e.g. Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP . Audit and / or risk and controls experience - Practical experience of assessing cyber risks and key controls, documenting appropriate test plans to deliver on audit objectives. Applicants should be able to identify control gaps and clearly articulate these to senior stakeholders. More ❯

to deliver cyber services, working closely with those responsible for service delivery. Managing and coordinating all processes and work instructions documented in accordance with Jisc's certifications, including ISO9001, ISO27001, and CREST. Developing and implementing strategies to streamline the onboarding process, ensuring it is efficient and effective. Quickly addressing and resolving any issues or challenges that arise during the onboarding … bank holidays) that includes three closure days over Christmas plus the opportunity to buy up to an additional 5 days leave during the flexible benefits window A comprehensive 24 / 7 mental health support package, including coaching and appropriate counselling or specialist therapy, with no predetermined limit on the number of sessions you can access Annual Jisc performance award More ❯