1 to 25 of 386 Permanent NIST Jobs in the UK

and improve the organization's defences. Policy and Compliance: Establish and enforce security policies, standards, and guidelines to ensure compliance with regulatory requirements and industry frameworks (e.g., ISO 27001, NIST, GDPR). Conduct regular audits and assessments to identify gaps and ensure adherence to security policies. Reporting and Communication: Provide regular updates to senior leadership on the organization's security More ❯

successful participation in certification audits. Strong understanding of financial services regulations and their impact on information security. In-depth knowledge of information security frameworks, standards, and best practices (e.g., NIST, CIS). Experience with secure software development practices and application security testing. Strong technical understanding of network security, system security, and security architecture. Experience with risk management methodologies and tools. More ❯

/CD pipelines and cloud deployments. Manage output from cloud-native security tools (e.g., AWS GuardDuty, Azure Defender). Ensure compliance with industry regulations and standards (e.g., ISO 27001, NIST, GDPR, HIPAA). Provide security guidance on architecture, design reviews, and cloud migrations. Create and maintain cloud security documentation, training materials, and incident response playbooks. Stay current on emerging cloud More ❯

Work with IT, security, and development teams to ensure solutions meet business needs. Required Skills : Strong knowledge of cybersecurity technologies and practices Expertise in security frameworks (CIS, ISF, Mitre, NIST, or equivalent) Deep understanding of CIS18 controls and security architecture concepts Experience with incident investigation and remediation Proficiency in cloud security (Azure, AWS, or Google Cloud) Excellent stakeholder management and More ❯

to manage external security operations. Desirable Certifications: Azure Security Engineer Associate, CISSP, OSCP (Offensive Security Certified Professional), CCSP, or equivalent. Experience with container security (Docker, Kubernetes). Knowledge of NIST, ISO 27001, SOC 2 compliance frameworks. Familiarity with Zero Trust security principles. Other Stuff NB: Please only apply if you are able to work from their Debden (IG10) offices Monday More ❯

an existing vulnerability management program Strong technical expertise in implementing a Prioritizationformula to vulnerabilities and misconfigurations and translating these into risks Excellent knowledge of Vulnerability Management frameworks such as NIST/SANS The following general characteristics are required: A team player with the ability to work independently and unsupervised Ability to own delegated tasks and see them through to completion More ❯

to secure a mix of Linux, Windows, Apple & Android OS . Knowledge of network perimeter security, including firewalls, WAF, anti-virus, and O365 compliance & security centre . Familiarity with NIST (CSF Framework 2.0), ISO 27001, PCI-DSS, and GDPR . Experience operating and managing SIEM solutions , vulnerability management tools, and secure configuration tooling. Ability to use PowerShell and Python scripting More ❯

Extensive practical experience implementing and maintaining an ISO 27001 compliant ISMS. Demonstrable experience with PCI DSS compliance, including preparing for and undergoing assessments. Familiarity with information security frameworks (e.g., NIST, CIS). Proficiency in risk management methodologies. Knowledge of common security technologies (e.g., firewalls, EDR, SIEM, vulnerability scanners). Exceptional analytical, problem-solving, and decision-making abilities. Excellent communication (written More ❯

infrastructure-as-code security (Terraform, CloudFormation) and cloud security posture management. Strong understanding of identity & access management (OAuth, OIDC, SAML, JWT) and API security. Knowledge of industry frameworks like NIST, ISO 27001, and SOC 2. Experience driving developer enablement and security training initiatives. Excellent communication and collaboration skills to engage with engineering, product, and leadership teams. Preferred Qualifications Security certifications More ❯

Support incident response and remediation efforts for security breaches. Provide security guidance and training to teams across the organization. Key Skills & Experience: Strong knowledge of security frameworks (ISO 27001, NIST 800-30/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security More ❯

Support incident response and remediation efforts for security breaches. Provide security guidance and training to teams across the organization. Key Skills & Experience: Strong knowledge of security frameworks (ISO 27001, NIST 800-30/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security More ❯

with development, operations, and executive teams to ensure security practices are understood and implemented across the organization. Compliance: Ensure security architectures comply with regulations such as GDPR, ISO 27001, NIST, and other relevant standards. Requirements Education: Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred. Experience: At least 10 years in IT, with More ❯

experience in information security, with a focus on network security and architecture. Strong knowledge of malicious lateral movement techniques and mitigation strategies. Experience with security frameworks and standards (e.g., NIST, ISO 27001). Excellent communication and leadership skills. Relevant certifications such as CISSP, CISM, or TOGAF are highly desirable. Previous job roles that may indicate success include Information Security Architect More ❯

dotted-line relationship with the VP of TechOps. Responsibilities Security Strategy & Governance - Define and continuously refine the technical security roadmap that aligns with business objectives, industry best practice (e.g., NIST CSF, OWASP SAMM), and compliance frameworks (SOC 2, ISO 27001, GDPR). Secure SDLC & DevSecOps - Build and maintain guardrails for static/dynamic analysis, container and IaC scanning, SBOM management More ❯

Administration certification Cloud security certifications (Azure Security Engineer, AWS Security) Fortinet NSE certification (Level 7 or 8) Experience with security automation and orchestration Knowledge of compliance frameworks (ISO 27001, NIST More ❯

following skills and experience: Strong expertise in defining, delivering, and supporting robust, resilient, and secure enterprise infrastructure. Experience with IT audits and compliance frameworks (CIS, PCI DSS, Cyber Essentials, NIST, ISO 27001). In-depth understanding of network security and compliance in regulated environments. Proven ability to secure high-value data (PCI cardholder data, PII) and implement security best practices. More ❯

ll bring: 5+ years in InfoSec, IT Security or Ops within a regulated environment Certification required: CISSP, CISM, CRISC, or equivalent Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA Confident with security risk assessments, audit responses, and policy governance Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model Comfort with More ❯

ll bring: 5+ years in InfoSec, IT Security or Ops within a regulated environment Certification required: CISSP, CISM, CRISC, or equivalent Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA Confident with security risk assessments, audit responses, and policy governance Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model Comfort with More ❯

is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearmans strategy to lead where More ❯

is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearman's strategy to lead More ❯

EU AI Act). Experience with third-party and outsourcing risk, AI and digital transformation risks. Experience of developing and operating Technology Risk Management Frameworks such as ITIL, COBIT, NIST, ISO. Demonstrable extensive relevant experience of technology and change/operational risk in either a 1LoD or 2LoD capacity (2LoD preferable). Experience in scenario analysis and resilience impact assessments More ❯

controls, including RBAC and Conditional Access, within Azure AD and Microsoft 365. Collaborate with Risk and Compliance teams to ensure infrastructure aligns with enterprise security frameworks (e.g. ISO 27001, NIST, CIS). Support incident response, vulnerability remediation, and disaster recovery planning. Promote a culture of continuous improvement and secure-by-design principles across the technology team. Provide technical leadership and More ❯

common and emerging vulnerabilities including their manifestation in different architectures (web applications, thick clients, APIs, networked infrastructure etc) Familiarity with industry standard guidance OWASP Top 10, SANS Top 25, NIST/CSC, CIS, NCSC etc. Applied understanding of topics such as authentication, access control, encryption, cloud security, operating system security, network security, database security. Experience of writing succinct, reader oriented More ❯

this role you must have demonstrable hands-on expertise with monitoring and securing enterprise class technology estates. You will have proven experience with Cyber Security best practice including the NIST Cloud Security guidelines. You will support ISO 27001 compliance and have strong documentation skills. Experience in the Telco sector and knowledge of the UK Telecom Security Act would be advantageous More ❯

workflows. Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Operationalize policy enforcement through automated controls More ❯