1 to 25 of 39 Permanent Risk Management Jobs in Gloucestershire

the job Job summary Within the Digital, Data & Technology area of the NCA, as are constantly evolve and expand our capabilities we need people with strong experience of service management practices to ensure that new Services are designed to support our end users in the delivery of their functions. The quality of the services delivered by the NCA directly … privacy policy notice for details on how your data is handled.Privacy Policy Notice Your role will sit within the Service Design & Transition team and you will utilise your Service Management experience and knowledge to provide expertise to project teams, ensuring incoming services align to ITIL-based processes. Your role will involve translating the project's technical service and end … internal and/or external) functions: Will adhere to and respect Service Design & Transition processes, as well as any processes outside of the Service Design & Transition practice (e.g. project management office, enterprise design assurance - technology, change enablement. Collaborating with stakeholders to translate customer requirements, business requirements and contractual obligations into end-to-end service design: Collaborating with internal and More ❯

and sometimes challenging situations. You'll be one of our Senior Project Managers, overseeing and delivering complex projects across a number of engineering contracts. Providing day-to-day operational management of a team of project staff, you'll be responsible for the timely and cost-effective delivery of products and services to our customers. You'll play a key … levels of responsibility and the opportunity to work at the front of delivering some key UK Defence and Security contracts. Your responsibilities will include: Providing overall operational and strategic management of assigned tasks projects within your project team. Project management of complex engineering projects ensuring that the delivery teams understand cost, time and quality requirements and remain coordinated … the project lifecycle, you'll also be responsible for supporting with requirement capture, scoping, technical and commercial solutions and the generation of pricing models and proposal documents. Providing effective risk management to ensure that the business' risk exposure is kept to a minimum and is effectively managed throughout the project. Ensuring that effective change management is More ❯

responsible for designing, implementing, and overseeing security infrastructure to protect products and systems from security threats. This role ensures security controls are integrated throughout the software development lifecycle, performs risk assessments, and collaborates with stakeholders to mitigate vulnerabilities. The Security Architect will also contribute to security compliance and best practices, ensuring products meet regulatory and industry standards. Key Responsibilities … Identify security requirements and integrate controls into product development. Conduct risk assessments, threat modeling, and vulnerability analysis. Develop and implement risk management strategies using security frameworks. Collaborate with development teams to ensure security best practices and secure-by-design principles. Identify and mitigate security risks in solution architectures. Create security documentation (e.g., RMADS, Security Assurance Documents). … Provide security guidance and training to teams across the organization. Key Skills & Experience: Strong knowledge of security frameworks (ISO 27001, NIST 800-30/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security threat modeling and risk assessments. Knowledge More ❯

responsible for designing, implementing, and overseeing security infrastructure to protect products and systems from security threats. This role ensures security controls are integrated throughout the software development lifecycle, performs risk assessments, and collaborates with stakeholders to mitigate vulnerabilities. The Security Architect will also contribute to security compliance and best practices, ensuring products meet regulatory and industry standards. Key Responsibilities … Identify security requirements and integrate controls into product development. Conduct risk assessments, threat modeling, and vulnerability analysis. Develop and implement risk management strategies using security frameworks. Collaborate with development teams to ensure security best practices and secure-by-design principles. Identify and mitigate security risks in solution architectures. Create security documentation (e.g., RMADS, Security Assurance Documents). … Provide security guidance and training to teams across the organization. Key Skills & Experience: Strong knowledge of security frameworks (ISO 27001, NIST 800-30/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security threat modeling and risk assessments. Knowledge More ❯

with cutting-edge technology in partnership with some of the most brilliant minds. The Role: As a Principal Cyber Security Consultant you will join our Information Assurance and Cyber Risk team that provides expert risk assessments, analysis and advice to clients within the Defence Sector. Day-to-day, you'll be a key stakeholder in the Security Risk Management process, working closely with our clients to identify and respond to cyber threats and security risks. Your responsibilities will include: Leading cyber security consultancy with key customers at a senior level providing subject matter expertise, advice and guidance on security matters Implementing Secure by Design for systems across live, test and training environments Monitoring and reporting on … system security requirements and vulnerabilities, escalating unresolved vulnerabilities when appropriate Managing the effective coordination of all security-related activities, including but not limited to, queries, incident management, document reviews and testing Modelling Cyber security risks using established and novel frameworks Essential experience of the Principal Cyber Security Consultant: In-depth knowledge of MoD Security policy In-depth knowledge of More ❯

a leading, nationwide organisation delivering high-impact cyber advisory services across critical infrastructure and the built environment. These roles are ideal for experienced cyber professionals who are passionate about risk management, resilience, and embedding security into complex, real-world systems. You will work closely with internal teams and external clients to identify and manage cyber risks, applying industry … to embed security into the full project lifecycle. Engage with clients across sectors such as energy, water, transport, and smart infrastructure. Share knowledge and support internal awareness of cyber risk across the wider business. Required Skills & Qualifications: Proven experience in cyber risk management and advisory, ideally within the built environment or critical infrastructure . Strong understanding of … cyber-physical systems , OT environments , and connected infrastructure . Experience applying assurance frameworks and technical standards (e.g. NIST, ISO27001, CAF). Background in governance, risk, and compliance (GRC) functions. Excellent communication and stakeholder engagement skills. Agile, analytical, and solutions-focused mindset. Experience in sectors such as energy, water, transport, or smart cities is highly desirable. Relevant certifications (e.g. CISSP More ❯

be responsible for Identify security requirements and ensure the integration of security controls during the product development lifecycle Some of what you will be involved in: Develop and implement risk management strategies Perform security threat modelling and risk assessments applying security controls to mitigate any threats identified Collaborate with the development teams to ensure the adoption of … of MOD ISN 23/09 Secure by Design Knowledge of security frameworks, such as ISO/IEC 27001, NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001/2, ISO27005/31000, NIST 800-30, NIST 800-53) Please reach out to Lewis if you are interested or … is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically More ❯

per week, or 40% of our time, at one of our office sites. About this opportunity We have an exciting opportunity to join the SOX team within Group Finance Risk (GFR). The team are responsible for providing SOX expertise and reporting to the Group, including methodology, guidance and training, and assurance testing of SOX controls across the Group. … As we enhance our approach to SOX IT controls assurance, we are building our IT risk and controls expertise, across a number of roles. This role provides a perfect opportunity to use your IT risk and controls expertise and natural desire for change to continue to evolve our approach to assurance, and strengthen the IT control environment, including … approaches and build on the quality of our assurance processes; identifying, recommending, and delivering on areas for improvement, including through the use of technology; to deliver effective and efficient risk-based assurance. Support & coach less experienced team members. Share challenge and insight with partners across the Group, acting as a trusted advisor on areas of expertise. Support Senior Managers More ❯

scheme Employee assistance program providing mental health and wellbeing support Professional membership reimbursement (discretionary) What the role will involve Are you looking for the next step in your project management career and seeking a Project Manager role? We have a new opportunity for a developing project management professional to join our Intelligence & Cyber EMEA division. The role will … will run one or more projects with The responsibilities of your role will include the following: To plan, specify and manage the production of bid submissions working with bid management and also maintain future opportunity/demand schedules. Work closely with and provide support to the sales & marketing department to capture targeted customer funded business in accordance with company …/product roadmap ensuring benefits align, including Business Case generation. To create baseline and forecast plan and schedules, specify and manage resources across identified projects. To create a detailed Risk Assumptions Issues and Dependency (RAID) log for the project. Plan the projects and monitor their overall progress, manage risks, resolve issues and initiate corrective action as appropriate to ensure More ❯

and ensure successful project delivery with minimal risk. Key Responsibilities: Develop project scopes and objectives involving all relevant stakeholders and ensuring technical feasibility Facilitate workshops and meetings such as risk analysis, pre-mortems, technical design workshops, requirements elicitation Design and plan the whole lifecycle approach for complex projects and programmes Train and advise clients in System Engineering best practice … parties/vendors for the flawless execution of projects, including delivery assurance and integration Oversee the effective delivery of projects, ensuring they remain within scope and budget with managed risk Delivery and management of System Engineering documentation, such as SEMPs Creation and maintenance of System Engineering artefacts such as system models, plans, requirements, integration logic, test methodologies, etc. … Manage changes in project scope, schedule, and costs with the help of appropriate verification techniques Prepare reports and present them to senior management as needed Maintain strong relations with the client and all stakeholders Analyse and manage risks to minimise negative effects on a project Build and maintain relationships with third parties/vendors Prepare and review comprehensive project More ❯

global offices, depending on future M&A activity. Key areas of responsibility will include: Project planning and coordination : Developing detailed project plans, including timelines, milestones, and resource allocation. Stakeholder management : Engaging with stakeholders across the organisation to gather requirements, provide updates, and ensure alignment with business objectives. Risk management : Identifying potential risks and developing mitigation strategies to … address them proactively. Budget management : Monitoring project budgets, ensuring that the implementation stays within financial constraints. Team leadership : Leading and motivating project teams, providing guidance and support to ensure successful project execution. Training and support : Overseeing the development and delivery of training programs for end-users to ensure smooth adoption of the new ERP system. Quality assurance : Ensuring that … Adaptability : Flexibility to adapt to changing project requirements and environments. Attention to detail : Keen eye for detail to ensure accuracy and quality in all aspects of the project. Time management : Effective time management skills to ensure project milestones are met on schedule. Customer focus : Commitment to understanding and meeting the needs of end-users and stakeholders. Conflict resolution More ❯

product portfolio-encompassing software, hardware, and services-by embedding robust security controls throughout the development lifecycle, identifying and mitigating risks, and ensuring compliance with defence-grade standards. Key Responsibilities Risk Assessments & Vulnerability Management Conduct comprehensive security risk assessments at each product phase (design, implementation, deployment). Identify vulnerabilities in architectures, codebases, and configurations; drive remediation with development …/27005, NIST 800-30/53, JSP 440/604, Def Stan 05-series). Lead the creation and maintenance of security documentation (RMADS, Security Assurance Documents, Security Management Plans). Testing & Assurance Design and execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation … and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience (5+ years) in product or application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001/2/5/31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138/139). Hands-on experience with More ❯

Strategy, Programme, Digital, Programme Leadership and Human Centred Transformation to better anticipate, shape and manage change in Major Programmes. It empowers project leaders to effectively anticipate and manage change, risk and uncertainty across a programme's lifecycle, shaping its success. Our practice comprises a blend of those who have worked previously in industry (in both technical and non-technical … Financial Services practice means that we are looking to grow the team further by recruiting individuals with experience from across Retail and Commercial Banking, Building Societies, Wealth and Asset Management, Capital Markets, Insurance and Reinsurance. Your role: Take the lead in partnering with clients to solve complex issues, through leading teams to design, shape and deliver strategically significant projects … shape and manage delivery through the cycle Programme set-up; delivery/operating model design, commercial model structure, definition and mapping of programme outcomes Programme delivery; project and programme management, programme controls/assurance, risk management, and operational readiness Programme recovery; executive level engagement, recovery planning, and experience reshaping programmes Commercial and contract management, and strong More ❯

Strategy, Programme, Digital, Programme Leadership and Human Centred Transformation to better anticipate, shape and manage change in Major Programmes. It empowers project leaders to effectively anticipate and manage change, risk and uncertainty across a programme's lifecycle, shaping its success. Our practice comprises a blend of those who have worked previously in industry (in both technical and non-technical … Financial Services practice means that we are looking to grow the team further by recruiting individuals with experience from across Retail and Commercial Banking, Building Societies, Wealth and Asset Management, Capital Markets, Insurance and Reinsurance. Your role: Take the lead in partnering with clients to solve complex issues, through leading teams to design, shape and deliver strategically significant projects … to solve, and often in unique contexts. You should have strong experience in leadership roles across large-scale transformation programmes and portfolios, including: Deep expertise in programme/portfolio management, experience with delivering large transformation programmes using traditional and/or agile methodologies with a strong understanding of digital/technology enabled change Experienced in delivering at least one More ❯

our organisation and opportunity contribute towards the growth of NCC in the defence sector. Specifically you'll focus on the following activities; Own delivery - control scope, schedule, cost and risk across the full six-phase lifecycle - from initiation to closure - using NCC's project management framework. Plan with rigour - convert technical statements of work into credible resource-loaded … pipeline projects. Lead the team - give every team member clarity on tasks and booking codes; track effort in real time; and foster a culture where knowledge-sharing and proactive risk management thrive. Be the customer's go-to - run structured reviews, provide transparent progress reports and build long-term relationships based on delivery excellence. Generate tomorrow's work … a project manager or project engineering. Sector experience in defence, aerospace or a similarly regulated, high-integrity sector. Ability to gain security clearance. Familiarity with gated life-cycle governance, risk and opportunity management, and stakeholder negotiation. Evidence of identifying and helping secure follow-on work, authoring winning bids or proposals. Working knowledge of MS Project (or equivalent). More ❯

Strategy, Programme, Digital, Programme Leadership and Human Centred Transformation to better anticipate, shape and manage change in Major Programmes. It empowers project leaders to effectively anticipate and manage change, risk and uncertainty across a programme's lifecycle, shaping its success. Our practice comprises a blend of those who have worked previously in industry (in both technical and non-technical … Financial Services practice means that we are looking to grow the team further by recruiting individuals with experience from across Retail and Commercial Banking, Building Societies, Wealth and Asset Management, Capital Markets, Insurance and Reinsurance. Your role: Take the lead in partnering with clients to solve complex issues, through leading teams to design, shape and deliver strategically significant projects … to solve, and often in unique contexts. You should have strong experience in leadership roles across large-scale transformation programmes and portfolios, including: Deep expertise in programme/portfolio management, experience with delivering large transformation programmes using traditional and/or agile methodologies with a strong understanding of digital/technology enabled change Experienced in delivering at least one More ❯

and all programme partners. Foster strong working relationships with design and programme teams to integrate security measures seamlessly with alignment of cybersecurity strategies with client and partner goals. Conduct risk assessments and vulnerability analyses across all digital systems. Providing mitigation strategies to address security risks, monitoring threats and vulnerabilities. Oversee the secure architecture, design, and implementation of all programme … MOD IT Domain, including knowledge of Government/MOD IA policy and process including JSP440, JSP453, JSP628, DIANs and NCSC IA guidance. Able to demonstrate the application of contextualised risk management in the application of technical/procedural/physical security controls within the risk/cost/benefit space. Security Documentation management to include - but … not limited to - review and update of related IA documents including RMADS, Security Cases, SyOPs, Business Impact Assessments, Data Protection Impact Assessments, Risk Registers, DART/Oculus entries, Risk Balance Cases, Information Asset Owner forms, Supplier Assurance Questionnaires. Experienced in relevant Security Policy and Cyber Security Frameworks including the GovS 007, MOD Secure by Design (SbD), ISO27001 - Information More ❯

Security Tools Proficiency Hands-on experience with Palo Alto firewalls, IDS/IPS, and endpoint protection. Network Security Knowledge Deep understanding of VPNs, network protocols, and security architecture. Incident Management Proven ability to detect, analyse, and resolve security threats and malware. Vulnerability Management Experience in identifying and mitigating system vulnerabilities. Automation Skills Proficiency in security automation using scripting … tools like Python or PowerShell. Frameworks & Compliance Familiarity with ISO 27001, NIST 800-53, Cyber Essentials, and GDPR. Risk Management Strong grasp of risk assessment methodologies and security control frameworks. Communication Able to communicate technical concepts clearly to both technical and non-technical stakeholders. Project Management Experience managing security projects and working with cross-functional teams. More ❯

Keynes, Reading, Southampton Business Line Enabling Functions Job Type Permanent/FTC Date published 28-Jul-2025 19749 Connect to your Industry The role will report to the Safety, Risk & Compliance Manager. The Assistant Manager, Technical Services & Compliance plays a vital role in supporting the operational delivery of technical services and ensuring compliance with all relevant health, safety, security … and environmental legislation. This involves collaborating with internal stakeholders, external service providers, and the wider Workplace Services team to maintain a best-in-class workplace environment. Supporting the Integrated Management System and oversee the maintenance and updating of associated policies and standard operating procedures. Developing improvement initiatives to ensure continuous best in class delivery. Connect to your career at … lead every decision wemake and action we take, guiding us to deliver impact how and where it mattersmost . Connect to your opportunity Technical Operations Support: Assist in the management of the technical services supply chain, including performance monitoring, contract compliance, and service delivery. Support the identification and implementation of cost-saving initiatives and efficiency improvements. Contribute to the More ❯

effective security solutions Provide advisory and consultancy services to ensure achievement of business goals Provide oversight to secure solutions that are scalable and portable across the business Support security risk assessment and problem mitigation Deliver technical consultancy on 3rd party and vendor involvement Build up expertise in a range of subject matter areas Champion future proofing and threat mitigation … functions such as Security Architect, Security Project Lead, Security Technical expert, DevSecOps A technical breadth to include enterprise, distributed systems and cloud technologies. Strong practical understanding of Information Security risk management processes and best practice Advanced communication and interpersonal skills, including the ability to negotiate and resolve conflict, and to engage effectively with a mixed technical, non-technical … and business community Strong demonstrable stakeholder management skills, (internal and external) Desirable to hold security certification such as CISSP, CISM Desirable to hold PenTest certification such as CEH, GIAC Desirable to understand risk driven architecture such as Sherwood/SABSA/SANS Highly desirable to have exposure to DevSecOps functions. For clarification: This role is NOT GRC, neither More ❯

working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1 . If you're an experienced professional with strong capabilities in threat modelling , risk assessment , and secure systems architecture , we want to hear from you. Role Responsibilities: Integrate security controls throughout the product development lifecycle Conduct detailed threat modelling and risk assessments … using recognised tools Lead the implementation of risk management strategies based on industry best practices (NIST, ISO) Work closely with development teams to ensure secure-by-design principles are followed Identify and propose mitigations for security vulnerabilities in solution architectures Maintain and evolve internal security policies, documentation, and awareness training Support incident response efforts and coordinate remediation actions … MOD ISN 23/09 Ability to identify, assess and mitigate risks across software and hardware product ecosystems Strong written and verbal communication skills, including the ability to convey risk to non-technical audiences Ideal Candidate Traits: Analytical thinker with strong problem-solving skills Detail-oriented with excellent planning and organisational abilities Resilient, proactive, and capable of driving initiatives More ❯

and communication across the business as appropriate. Operational Security Supervise the response to all technical alarms and periodic audits to ensure compliance with agreed controls. Oversee the investigation and management of operational security incidents and alerts to assist in the design of prevent and detect controls within the business. Ensure all incidents are resolved in a timely manner. Provide … of SIEM systems and security penetration testing as a minimum. Desired Previous Experience: Extensive experience of working within a Cyber Security function, specifically with experience of Operational Security or management of a Security Operations Centre (SOC). Proven knowledge and experience of industry standards and best practice e.g. ISO 27000 series, OWASP, NIST cyber security framework. Knowledge of risk management frameworks and methodologies. Good understanding of GDPR, and data protection. Experience of implementing or delivering security awareness and education. Experience of building strong and effective relationships with teams, stakeholders, customers, partners and delivering excellent customer service. Fluent in business English - written and verbal. Financial Services' experience advantageous. Education and Technical Ability: Degree educated or equivalent experience. Hold More ❯

insight and workforce analysis and understanding. Lead complex, large-scale Technology & Transformation projects for top Financial Services institutions. Help clients adapt to the changing landscape of digital banking, new risk models, and innovative distribution channels. As an Associate Director, you will: Lead complex, large-scale transformation projects for leading Financial Services organisations, focusing on organisational design, transformation and the … roles, and organisations for functions within Financial Services - This could include experience with Digital Transformation initiatives, Mergers and Acquisitions, or new operating models in areas such as Banking, Asset Management, or Insurance Demonstrate a strong understanding and experience of applying emerging technology context to organisation transformation such as the growing capability of AI and GenAI Acute awareness of risk management and managing risks associated with people, processes, systems, change, and commercials. Strong analytical, problem-solving, and communication skills. Passion for innovation and driving change in a dynamic environment. Innovative mindset and keen interest in the newest thinking around transformation, the future of work, and technology disruptors. Ability to explore options in a structured way, deploying techniques such More ❯

Experience in incident detection, analysis, response, forensic and malware analysis. Skills in scripting and automation (Python, PowerShell). Knowledge of frameworks like ISO 27001, NIST, Cyber Essentials. Understanding of risk management, data protection, GDPR, and PII. Ability to produce clear security documentation and communicate technical info effectively. Solid organizational skills and ability to work in a team environment. … Extensive experience in cybersecurity roles, especially in security operations and incident management. Project management experience and relevant certifications (CCSP, CEH, Security+, AWS, Azure) are highly desirable. What You ll Get in Return Discretionary annual bonus 25 days' holiday, holiday buying scheme, long service extra days Generous pension contributions (5-11%) Health and wellbeing benefits including Healthcare Cash Plan, Employee More ❯

Overview Expleo is a trusted partner for end-to-end, integrated engineering, quality services, and management consulting for digital transformation. We help businesses harness unrelenting technological change to deliver innovations that provide a competitive advantage and improve everyday life worldwide.As part of the Expleo Digital and Emerging Technology (DET) team, you will report to the Head of Cybersecurity and … certification artefact production aligned to EASA and UK CAA expectations. Lead the development and review of cybersecurity documentation, including the PSecAC (Airworthiness Security Process Plan), PASRA (Preliminary Aircraft Security Risk Assessment), ASAM (Aircraft Security Architecture Model), and Security Verification Methods. Provide input into the AWSP frameworks, including the tailoring of compliance checklists, activity outcomes, and document templates. Ensure traceability … between security risk assessments, controls, and compliance objectives across the aircraft systems and software architecture. Coordinate the development of cybersecurity methods and processes, contributing to their alignment with recognised standards. Engage with DAG's internal stakeholders, including engineering, safety, and systems integration teams, to embed cybersecurity into the design and certification lifecycle. Act as the primary technical interface for More ❯