1 to 25 of 40 Permanent ISO/IEC 27001 Jobs in Scotland

level experience as a Cyber Security Professional? Join us to shape the security technology and tooling strategy for HMRC and influence the UK Public Sector. Enjoy a healthy work / life balance while making a significant impact. HMRC are now one of the most digitally advanced tax authorities in the world and are continuing to spend the next five … strategic platforms. In addition, you may be encouraged to undertake line management responsibilities developing and managing a team. You may be expected to own and develop CSTS capabilities and / or services. Person specification Ideal candidate: A business and technology leader in the strategic selection, development and delivery of technical security controls and services. Focused expertise to develop and … encryption systems, infrastructure, risks, weaknesses and mitigations. Knowledge and Experience of Modernised Security Operations Centre including Attack Surface Management. Cloud Security & Risk applied to all service and deployment ISO standards including 27001, 27002, 27005, 270017, 27018, 22301 and NIST CSF 2.0. Technical Security within one or many of the following domains: Identity and Access Management: Expertise More ❯

Role: IT Engineer - 2nd / 3rd Line Place of work: Glasgow, City Centre Contract type: Full-time, Permanent Working Hours: Monday – Friday, 9am – 5pm Do you thrive in a fast-paced environment and have a passion for delivering excellence in IT support? If so, Jones Whyte has an excellent opportunity for you where you will have the chance to … shine and contribute your expertise. We are seeking a skilled and proactive 2nd / 3rd Line IT Engineer to join our IT Support Team. This role blends advanced ticket-based support responsibilities with hands-on cybersecurity exposure. Why Jones Whyte? At Jones Whyte, we’re more than just a law firm—a dynamic community built on collaboration, innovation, and … a shared commitment to excellence. Joining us means stepping into a role where your expertise is valued, and your growth is a priority. The Role As a 2nd / 3rd line IT Engineer, you will be supporting the firm with advanced tasks, ensuring the smooth running of our technology. You'll be responsible for maintaining, troubleshooting, and improving our More ❯

invests in the latest industry leading technologies to facilitate the delivery of our ground-breaking business solutions. We adopt integrated ways of working such as "DevOps" and employ Agile / Scrum methodology approach to manage our work. Though this is a varied role, your key tasks will include: Manage, mentor, and help to develop the cyber security team. Using … our existing Microsoft Licensing Agreement. Work closely with the Security Operating Centre and Networking engineers, to drive security initiatives across the wider team. Participate in and deliver multi-discipline / cross team projects acting as the cyber security subject matter expert. Act as the technical lead and escalation point for all cyber security related queries. Research and advise on … from a security perspective (Defender, Azure) Vulnerability Management Web Application Filtering DLP Cloudflare Secure File Transfer Firewalls Remote Access / VPN PKI Infrastructure DNS Email Gateways Security Audits ISO27001 Azure DevOps (Scrum principles, Release Pipelines) Knowledge of Mitre Attack Framework ITIL (Supervising Service Desk Queue) Strong Interest In all aspects of security Microsoft Operating Systems (Desktop, Server) Exchange Online More ❯

and Security Operations—is key to aligning local and global security standards. You'll also drive cyber awareness and training initiatives for commercial teams, support regulatory compliance (e.g., ISO 27001, NIST SP 800-53, GDPR), and handle incident response, triage, and escalations per internal policies. You'll contribute to investigations, the annual NIST CSF 2.0 maturity … You're a proactive, analytical security professional with a strong technical background and excellent communication skills. You bring: Proven experience with ISO 27001, NIST CSF / SP 800-53, GDPR compliance, and risk management Strong technical expertise in implementing security controls aligned with ISMS Ability to create clear, audience-tailored documentation and reports Effective problem More ❯

and Security Operations—is key to aligning local and global security standards. You'll also drive cyber awareness and training initiatives for commercial teams, support regulatory compliance (e.g., ISO 27001, NIST SP 800-53, GDPR), and handle incident response, triage, and escalations per internal policies. You'll contribute to investigations, the annual NIST CSF 2.0 maturity … You're a proactive, analytical security professional with a strong technical background and excellent communication skills. You bring: Proven experience with ISO 27001, NIST CSF / SP 800-53, GDPR compliance, and risk management Strong technical expertise in implementing security controls aligned with ISMS Ability to create clear, audience-tailored documentation and reports Effective problem More ❯

to protect our organisation's assets from cyber threats and ensuring compliance with industry standards. Key Responsibilities Assist in the planning and implementation of security controls and testing to ISO27001 standards, including developing and enforcing security policies and best practices to ensure compliance. Perform business impact analyses (BIA) across key technology processes, systems and facilities and identify any gaps that … with threat assessment and work with business units in articulating impact and mitigations to reduce attack surface. Plan, schedule, conduct and report on systems security audits, ensuring any corrective / preventive actions identified are tracked to a satisfactory conclusion. Document and report enterprise risk and compliance issues according to required timelines. Assist with the management, planning & preparation of third … skills. Ability to work on own initiative. Applicants must have the Right to Work in the UK. Desirable knowledge, skills and experience Qualifications such as CompTIA Security+, CEH or ISO27001 Lead Implementer. Experience of senior management engagement and relationship management. Experience in dealing with Information Security incidents. Experience conducting penetration tests and working with vulnerability management tools. Benefits This role More ❯

a wide range of infrastructure improvements. From migrating to Azure AD and Intune, to rolling out Defender across the business and helping push toward Cyber Essentials Plus and ISO 27001 compliance - there's a lot going on, and you'll be in the thick of it. Alongside cloud migration work, you'll also be involved in … DNS, DHCP, routing, firewalls, web filtering Exposure to cloud migrations, ideally Azure (some AWS experience also fine) Experience supporting enterprise platforms like IIS & SQL Familiarity with compliance standards (ISO 27001, Cyber Essentials, NIST) Excellent problem solving and communication skills There's no on call requirement, though some flexibility around out of hours work may occasionally be More ❯

regulatory developments and changes in laws, regulations, and industry standards. Assess the organisation's compliance with applicable regulations, standards, and internal policies. Resilience Planning: Support the Senior Resilience BCP / DR Advisor in developing and maintaining IT resilience and business continuity plans to ensure the organisation's ability to respond to and recover from IT disruptions. Incident Response and … Data Protection Act) and industry-specific regulations Experience implementing compliance and control frameworks Proficiency in IT governance and quality standards Knowledge of security management frameworks like ISO / IEC 27001, ITIL, COBIT, NIST standards Strong stakeholder management skills High integrity and professionalism in handling confidential matters Familiarity with risk management tools like OneTrust More ❯

technologies and updates Writing and maintaining technical documentation Desirable Achieve and maintain vendor certification, e.g. Cisco, Palo-Alto, Juniper Knowledge of working to cybersecurity standards; Cyber Essentials Plus, IASME, ISO27001 Experience of working in an Agile or Prince2 project management framework Experience in the research, development and rollout of new services Experience of Azure / Microsoft 365 Benefits More ❯

technologies and updates Writing and maintaining technical documentation Desirable Achieve and maintain vendor certification, e.g. Cisco, Palo-Alto, Juniper Knowledge of working to cybersecurity standards; Cyber Essentials Plus, IASME, ISO27001 Experience of working in an Agile or Prince2 project management framework Experience in the research, development and rollout of new services Experience of Azure / Microsoft 365 Benefits More ❯

Cyber Essentials Plus, IASME, ISO27001. Experience of working in an Agile or Prince2 project management framework. Experience in the research, development and rollout of new services. Experience of Azure / Microsoft 365. Benefits 30 days annual leave per year (after probation). Industry training and professional development. Pension plan and Life insurance. Cycle to work & refer a friend scheme. More ❯

transition and transformation engagements. • Develop knowledge base, re-usable components for GRC advisory services. • Responsible for development and enhancements of GRC services, team and delivery capabilities. • Manage 3rd party / sub-contractors as part of the GRC delivery engagement. • Manage local partners and develop partner sales channel Skills: Expertise in delivery of risk and compliance advisory services (preferable candidates … from Big4 organizations) • Should have proven capabilities of executing atleast 3-4 advisory / consulting engagements • Excellent technical capabilities around information security, business continuity and technology risk assessments. ISO 27K, NIST, AI Governance, CIS etc. • Good compliance understanding of industry domains such as BFSI – (SOX, FFIEC, PCI-DSS, BASEL, MAS etc.), Healthcare & Life-sciences – (HIPAA, Hi-Trust … Cyber Recovery, ZTA • GRC Project & Program Management • Excellent written and verbal communications skills • Should be able to travel 70%-80% on short as well as long term engagements. PLATFORM / TOOL EXPERTISE Experience on the below mentioned tools is not mandated but candidates having exposure to these will be preferred: • MetricStream, Archer, ServiceNow GRC & SecOps, OneTrust QUALIFICATIONS B.E / More ❯

of day to day security activities, achieving credibility and buy in from stakeholders across the business. You’ll advise senior leadership and the board on cyber risks, drive ISO 27001 alignment, and lead incident response and continuous improvement initiatives. This is a strategic and hands-on leadership role, ideal for someone passionate about embedding security into … include: Strategic Leadership : Develop and implement a cyber strategy aligned with business goals and regulatory expectations Risk & Compliance : Manage cyber risks, ensure compliance with GDPR, NIS2, and maintain ISO 27001 readiness. Governance & Advisory : Advise the Board and Executive on cyber threats, resilience, and strategic decisions. Incident Response : Lead response to cyber incidents, ensuring rapid recovery and More ❯

QUALIFICATIONS Significant experience in IT security, compliance and risk management, including privacy, controls, etc. Proven and significant experience working with security reference architectures for all-in cloud deployments and / or hybrid scenarios Understanding architectural implications of meeting industry standards such as ISO 27001, UK Official Hands-on technical expertise in building AWS cloud security More ❯

matters. The opportunity Reporting to the Information Security Officer you will contribute to the efficiency, capability and profitability of the business by gathering, analysing and recommending changes to processes / systems within BUs, across multiple departments and the division as a whole. Responsibilities Contributing to the development, implementation and maintenance of internal governance frameworks, including policies, standards and procedures … including the collection and cataloguing of required evidence to the necessary standard Collaborating with Internal Audit team on the development, implementation and operation of ITGCs Supporting the implementation of ISO27001 controls and perform regular control audits to monitor compliance Developing and managing a security risk framework, aligning with the enterprise risk management approach Coordinating the performance of regular business impact … related technology-based subject, or industry-recognized certifications such as CISM, CRISC are preferred Knowledge and experience with risk management frameworks, risk assessment methodologies and cybersecurity frameworks, such as ISO27001 and NIS2 Experience of conducting risk assessments and conducting security control audits and developing effective mitigation plans Demonstrable experience of developing long-term partnerships with stakeholders and excellent communication skills More ❯

matters. The opportunity Reporting to the Information Security Officer you will contribute to the efficiency, capability and profitability of the business by gathering, analysing and recommending changes to processes / systems within BUs, across multiple departments and the division as a whole. Responsibilities Contributing to the development, implementation and maintenance of internal governance frameworks, including policies, standards and procedures … including the collection and cataloguing of required evidence to the necessary standard Collaborating with Internal Audit team on the development, implementation and operation of ITGCs Supporting the implementation of ISO27001 controls and perform regular control audits to monitor compliance Developing and managing a security risk framework, aligning with the enterprise risk management approach Coordinating the performance of regular business impact … related technology-based subject, or industry-recognized certifications such as CISM, CRISC are preferred Knowledge and experience with risk management frameworks, risk assessment methodologies and cybersecurity frameworks, such as ISO27001 and NIS2 Experience of conducting risk assessments and conducting security control audits and developing effective mitigation plans Demonstrable experience of developing long-term partnerships with stakeholders and excellent communication skills More ❯

a multi award-winning workplace, most notably recognised by Best Companies as Best Company To Work For in the UK, Tech and the South East in 2023. We are ISO27001 and ISO9001 Certified by UKAS. We are also a CREST approved penetration testing and SOC company, IASME Cyber Essentials Certification body and Cyber Essentials Plus certified. Find out more about More ❯

3rd Line Technician / Solutions Architect Tela is a fast-growing, staff-focused company. We are constantly evolving and are incredibly excited about the constant changes in technology. The way we bring these changes to market means with need a great team around us. This role is for a senior IT professional who resolves complex technical issues, supports IT … and monitoring of IT infrastructure Incident and Problem Management Analyse recurring incidents to identify underlying problems Implement solutions to prevent future occurrences and improve overall system reliability Provide training / development recommendations to the management team Support the service desk team, as requested Project Implementation and Support Assist in the planning, design, and implementation of IT projects for new … in the deployment of new systems, upgrades, and migrations Technical Documentation Create and maintain comprehensive documentation for systems, procedures, and project plans Document configurations, troubleshooting steps, and resolutions Cyber / Security Ensure IT systems and networks are secure from threats and vulnerabilities Implement and manage security measures, such as firewalls, antivirus software, and intrusion detection systems Conduct regular security More ❯

security measures to protect organisational assets from cyber threats and ensuring compliance with industry standards. Key Responsibilities Assist in the planning and implementation of security controls and testing to ISO27001 standards. Perform business impact analyses (BIA) across key technology processes, systems, and facilities, identifying gaps in critical information gathered and recorded. Communicate significant changes in Business Continuity plans to the … Security methodologies, standards, and technologies, including ISO27001. Previous experience in an Information Security or Enterprise Risk role. Awareness of Business Continuity and IT standards, policies, and frameworks, including ISO22301 / BCMS. Business Continuity Management knowledge with proven experience in this area. Knowledge of IT with an … understanding of system architecture interdependencies, enabling effective communication with IT personnel. Strong documentation, analytical, and presentation skills. Desirable Knowledge, Skills, and Experience Qualifications such as CISA, CISM, CEH, or ISO27001 Lead Implementer / Auditor. Experience engaging with senior management and managing relationships. Previous experience handling Information Security incidents. Benefits This role offers a competitive salary based on skills and More ❯

security measures to protect organisational assets from cyber threats and ensuring compliance with industry standards. Key Responsibilities Assist in the planning and implementation of security controls and testing to ISO27001 standards. Perform business impact analyses (BIA) across key technology processes, systems, and facilities, identifying gaps in critical information gathered and recorded. Communicate significant changes in Business Continuity plans to the … Security methodologies, standards, and technologies, including ISO27001. Previous experience in an Information Security or Enterprise Risk role. Awareness of Business Continuity and IT standards, policies, and frameworks, including ISO22301 / BCMS. Business Continuity Management knowledge with proven experience in this area. Knowledge of IT with an … understanding of system architecture interdependencies, enabling effective communication with IT personnel. Strong documentation, analytical, and presentation skills. Desirable Knowledge, Skills, and Experience Qualifications such as CISA, CISM, CEH, or ISO27001 Lead Implementer / Auditor. Experience engaging with senior management and managing relationships. Previous experience handling Information Security incidents. Benefits This role offers a competitive salary based on skills and More ❯

Experience working with core Linux distributions (Debian, RHEL, SUSE, Slackware) Familiarity with container orchestration technologies (EKS or AKS preferred) Experience with deployment pipeline tools such as Ansible, Jenkins, and / or GitHub Actions Proficiency working with Infrastructure as Code (IaC) A desire to adopt and implement emergent technologies and best practices Strong verbal and written communication skills in English … Administration Linux Administration Software engineering disciplines Proficiency developing for serverless frameworks such as Azure Functions or AWS Lambda Experience with compliance frameworks such as SOC 2 Type 2, ISO-27001, FedRAMP, or IRAP and privacy regulations suchas GDPR and PIPEDA Roadmap for Success 90 Days: Onboarding and role-training is complete You're building foundational knowledge of the More ❯

an incredible opportunity to be part of an experienced team, build your skills, and grow professionally. Dionach by Nomios holds impressive certifications, including CREST, CHECK, PCI QSA, and ISO 27001. With our focus on enhancing customers' security and fostering team development, you will be joining a company that prioritizes both your growth and the safety of our clients. More ❯

ANY Experience of conducting control testing, technical reviews or audits to understand cyber compliance needs aligned to technical and regulatory standards. Experience of cyber risk management, security frameworks (NIST, ISO27001) cyber compliance, assurance, and attestation work. Exposure to facilitating penetration testing, security risk assessments, driving the remediation of cyber vulnerabilities and remediating or mitigating cyber risks. Experience of security testing More ❯

Information Security Specialist Overview Ref: (phone number removed) Information Security Specialist / ISO 27001 / GDPR Exciting opportunity to join a global business that is still growing, the environment is fast paced and interesting and they really look after their people. Role Responsibilities Responsibilities will include: Providing technical expertise relating to the implementation and … leadership on security incident response and investigation Essential skills will include: Proven experience in implementing and managing security frameworks such as ISO 27001, NIST CSF / NIST SP 800-53, and GDPR Strong technical skills in designing, implementing, and maintaining security controls Excellent problem-solving skills with the ability to interpret complex security topics and … phone number removed) or (url removed) Equal Opportunities FPSG is committed to equal opportunities regardless of gender, race, disability, sexual orientation, religion or belief and age. Information Security Specialist / ISO 27001 / GDPR We are Disability Confident and neurodiverse aware. If you have a disability, please tell us if there are any reasonable More ❯

Information Security Specialist Overview Ref: (phone number removed) Information Security Specialist / ISO 27001 / GDPR Exciting opportunity to join a global business that is still growing, the environment is fast paced and interesting and they really look after their people. Role Responsibilities Responsibilities will include: Providing technical expertise relating to the implementation and … leadership on security incident response and investigation Essential skills will include: Proven experience in implementing and managing security frameworks such as ISO 27001, NIST CSF / NIST SP 800-53, and GDPR Strong technical skills in designing, implementing, and maintaining security controls Excellent problem-solving skills with the ability to interpret complex security topics and … phone number removed) or (url removed) Equal Opportunities FPSG is committed to equal opportunities regardless of gender, race, disability, sexual orientation, religion or belief and age. Information Security Specialist / ISO 27001 / GDPR We are Disability Confident and neurodiverse aware. If you have a disability, please tell us if there are any reasonable More ❯