101 to 125 of 665 Permanent ISO/IEC 27001 Jobs

Edinburgh, United Kingdom Posted on 04 / 08 / 2025 Are you an experienced IT & InfoSec professional looking to shape the security and compliance landscape of an innovative AI-driven company? We're looking for an IT & Information Security Manager to lead our cloud security strategy, risk management, and compliance initiatives. Aveni is an award-winning technology company. … and regulatory compliance. What You'll Be Doing IT & Cloud Security Governance - Managing security across Google Workspace, Microsoft 365, and SaaS platforms. Risk & Compliance Leadership - Ensuring alignment with ISO 27001, Cyber Essentials, and CIS 18. AI & Data Security - Driving best practices for AI-first security and compliance. Business-Focused Security Strategy - Supporting sales, contracts, and client … or a mix of both. Life insurance, income protection, and private healthcare. Freebies and discounts at a range of retailers. Emotional wellbeing (Employee assistance programme provides access to 24 / 7 employee counselling and emotional support). Cycle to work scheme. Pension scheme (employer contribution matched up to 5%). Join Us in Making a Difference At Aveni, we More ❯

procedures, and reviewing and updating existing documentation. Deploying patches on hardware, software, networks, and environments, and supporting the architecture and integration of technical solutions. Maintaining high standards in ISO 27001 and Cyber Essentials Plus accreditation. Researching and documenting major incidents and problems, including impact assessments and root cause analyses (RCAs). Person Specification Applicants should have … clustering and failover management. Advanced networking, connectivity, VPN, and firewall technologies. Hands-on experience with IT hardware and software installation, modification, maintenance, and repair procedures. Microsoft Intune, KANDJI, and / or other MDM tools. Windows PowerShell or other scripting languages. MS DPM, Azure backups, and other backup solutions. Experience with ServiceDesk, JIRA, or other ticketing systems, including escalation for … incident resolution. Strong documentation skills for reports, policies, procedures, and workflows. Applicants are also encouraged to have: ITIL v4 Foundation certification. Certifications such as MCSE / MCITP or equivalent. CCNA and / or CCNP certifications. Prince2 and / or Agile certifications. Knowledge of ISO 27001 standards. We will support your professional development to More ❯

Supporting the implementation of security processes and requirements Providing security advice and guidance to the wider technical team Liaising with stakeholders in relation to security issues and providing remediation / improvement recommendations Supporting Octopus Energy Group's audit & compliance automation programs, enabling easy demonstration of compliance as we scale Working with the wider Security team to set the security … aren't subject matter experts Experience producing or supporting the delivery of security awareness programs in different business environments Knowledge of industry and regulatory security standards, such as ISO 27001, SOC2, and GDPR A good candidate will have experience in at least some of the areas mentioned, we're not expecting any candidate to be an … What will help: Security certifications (any of the famous abbreviations) Security qualifications (e.g. apprenticeships or degrees) Experience working in organisations that maintain ISO 27001 and / or SOC 1 and SOC 2 type II certifications A wider understanding of technology, especially AWS (or other CSPs) A background in a technical role or technical knowledge through More ❯

members. Experience required Degree in Software Engineering or related discipline. Minimum of 5+ years in a software leadership or management role. Proven experience leading software teams of 20+ developers / testers. Strong software engineering background with an understanding of modern coding standards, patterns, and tools. Demonstrated success delivering complex software projects on time and within budget. Hands-on experience … with Agile / Scrum, sprint planning, backlog grooming, and release management. Proficiency in risk management, resource allocation, and stakeholder communication. Knowledge of secure software development practices essential with any experience of the cybersecurity industry desirable. Understanding of ISO 9001 / ISO 27001 quality standards. This is just a short o v er More ❯

security threats, vulnerabilities, and breaches, leading incident response and forensic investigations. Conduct regular security audits, penetration testing, and risk assessments, implementing corrective actions to strengthen defences. Oversee firewalls, IDS / IPS, endpoint protection, encryption, and secure access controls to safeguard data and systems. Ensure compliance with data protection laws and industry best practices, maintaining robust security policies and staff … training programs. Design, optimise, and maintain scalable, high-performance IT infrastructure, including LAN / WAN, cloud environments (Azure / AWS), and hybrid networks. Lead network upgrades, hardware / software deployments, and disaster recovery planning to ensure maximum uptime and resilience. Evaluate and integrate emerging technologies (AI, automation, zero-trust frameworks) to drive operational efficiency and cost savings. … solutions, ensuring seamless integration and ROI. Negotiate and oversee vendor contracts, SLAs, and procurement, ensuring cost-effectiveness and service excellence. Experience & Qualifications Proven track record in an IT leadership / management role, with expertise in cybersecurity, infrastructure, and preferably digital transformation. Network security (firewalls, VPNs, SIEM, zero-trust architecture). Cloud security (Azure, AWS, hybrid environments). Compliance frameworks More ❯

management structures, policies, and practices within Technology and Network functions. Design a fit-for-purpose Technology Risk Management Framework that aligns with business needs and industry standards (e.g. ISO 27001, NIST, COBIT). Develop practical tools such as risk registers, heatmaps, control libraries, and risk assessment templates. Stakeholder Engagement & Knowledge Transfer: Work closely with internal stakeholders … sectors, ideally telecoms. Familiarity with regulatory and compliance requirements relevant to telecom (e.g., GDPR, NIS2, national telecom regulations). Experience working with risk and control frameworks such as ISO 31000, ISO 27001, NIST CSF, COBIT, or COSO. Ability to communicate clearly and influence senior stakeholders. Self-starter, capable of driving outcomes independently in a … or equivalent. What We Offer: Immediate-start contract for 3–6 months (with potential to extend). Opportunity to shape and formalize risk practices in a key industry. Flexible / hybrid working options. Competitive day rate. More ❯

data and following secure coding practices to prevent breaches, injection, and unauthorised access. You should apply if you: ️ Have a strong background in frontend development - ideally React, TypeScript and / or Next.js Care about solving the technically challenging problems we're tackling for our customers Value shipping early and often to get customer feedback and then iterating quickly to … of the customer Have proven experience delivering large, complex software engineering systems It would also be nice if you have: Have experience with Backend development - ideally Python Have Geospatial / mapping / GIS experience Experience working with LLM's and OpenAI's API in particular Built or integrated with highly secure, fault tolerant APIs Experience building high performance … distributed systems at scale Proven experience of driving and using modern dev practices like BDD, TDD, 12 Factor, CI / CD Competitive starting salary £90,000-£110,000 Matched pension contributions and equity options in a fast growing start-up Flexible working hours and location 25 days paid holiday (plus bank holidays) Professional equipment and personal development budget along More ❯

Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). Conduct regular security risk assessments, penetration tests, and vulnerability management across cloud services. Oversee endpoint security, cloud network and API security … service, audit lead for Infra, budget ) Key 3 rd party operational infrastructure vendor management - i.e. management of managed service partners as a team extension globally, as well as service / solution delivery partners, Migration of Legacy VM based estates to SaaS and Cloud services platforms, Legacy Infra tech to Azure knowledge / experience, Prior to the last … years in Enterprise Management of a global estate / user-base, a demonstrable technical infrastructure engineering level background, working on Windows Server, AD , SQL environments, Firewalls / SDWAN, and Networks (WAN & / or LAN). The Client is based in the City of London. This is a hybrid position with 3 days in the office. The salary More ❯

of outputs and outcomes and provide reporting and feedback when required. Support, when necessary, the development of opportunities by contributing as an SME in response to client RFPs and / or the construction of proposal documents and responses. Develop timely, accurate reporting that can convey technical findings to non-technical audiences at all levels when necessary. When required, work … with the Director of Cyber Advisory and Head Consultant to continuously improve capability, enhance & integrate service offerings, and build the Professional Services team Skills / Must have: 5 years in a client-facing information / cyber security / GRC role Professional certifications including but not limited to CISSP, CCSP, CISM, CRISC, CISA, CDPSE. Experience in auditing and … implementing security standards such as ISO 27001 / 2, NIST CSF, and others. Exceptional verbal, written communication, and presentation skills. Ability to articulate technical requirements to non-technical audiences. Proven self-management skills and ability to work on multiple assignments concurrently. Ability to travel to meet business needs. Benefits: Opportunity to work with high-profile More ❯

IT Operations Manager / Software Solutions Service Delivery Manager with a background in operations or service delivery within the IT / Technology / software sector and experience managing technical or professional services teams is required for a well-established, award-winning IT Solutions Provided based in Fleet, Hampshire. Previous technical experience working with HCL, IBM, Microsoft, Domino … Lotus Notes, EDI / Electronic Data Interchange would be highly desirable. SALARY: circa. £55,000 per annum (depending on experience) + Benefits LOCATION: Hybrid Working / Fleet, Hampshire (GU51) - Whilst much of the work can be performed remotely, you must be able to commute to the office in Fleet on a regular basis JOB TYPE: Full-Time, Permanent … JOB OVERVIEW We have a fantastic new job opportunity for an IT Operations Manager / Software Solutions Service Delivery Manager with a background in operations or service delivery within the IT / Technology / software sector and experience managing technical or professional services teams. Working as a results driven IT Operations Manager / Software Solutions Service More ❯

digital transformation initiatives. Develop and deliver a compliance strategy aligned with legislation (e.g., UK GDPR, Data Protection Act 2018, PCI-DSS), internal policies, external frameworks (e.g., NIST CSF, ISO 27001) and aligned with sector-specific best practice (e.g UCISA, NCSC) Develop and deliver a Security Assurance Testing program, including internal and external audit, penetration testing and … Desirable Certifications Industry-recognised certifications such as CISSP, CISM, GIAC (e.g., GDSA, GCIH, GCIA), and CompTIA CASP+ Framework-related qualifications (e.g. ISO 27001 Lead Implementer / Auditor, NIST CSF, TOGAF or SABSA) demonstrating capability in structured security operations and strategic alignment. To learn more about this exciting opportunity and benefits we offer, please read the More ❯

Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). Conduct regular security risk assessments, penetration tests, and vulnerability management across cloud services. Oversee endpoint security, cloud network and API security … Azure: Strong experience managing Microsoft 365 (Exchange, SharePoint, Teams), Azure cloud infrastructure, and security tools such as Microsoft Defender and Sentinel. Security & Compliance: Deep knowledge of security frameworks (ISO 27001, NIST, CIS), compliance requirements (GDPR, SOC2), and risk management best practices. Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO … rd party operational infrastructure vendor management - i.e management of managed service partners, Migration of Legacy VM based estates to SaaS and Cloud services platforms, Legacy tech to Azure knowledge / experience, Prior to the last 5 years, a technical infrastructure engineering level background, working on Windows Server, AD , SQL environments, Firewalls / SDWAN, and Networks (WAN & / More ❯

Title: Security engineer with HSM / KMS ( Utimaco, Thales, Entrust) - Hybrid Location: Plano, TX / JACKSONVILLE, FL / Charlotte, NC / Chandler, AZ / Richmond, VA Length: Long term Restriction: W2 Only Description: Webcam interview; Long term project Hybrid - 3 Days Onsite Due to security reasons USC / GC only Job Description: They are … activities on KMS solutions both on prem and in the cloud. Develop client solutions to integrate and monitor cryptographic appliances and KMS offerings. Assist in POCs and other product / version certification activities. Technical Skills: Proficiency in key management systems and tools (e.g., HSMs, KMS, PKI) Strong understanding of cryptographic algorithms and protocols Experience with security standards and frameworks … experience with automation using Perl, python or PowerShell Familiarity with cloud-based key management services (e.g., AWS KMS, Azure Key Vault) Use of monitoring tools i.e. Splunk, Elastic, Prometheus / Grafana stack, ELK, etc. Proficiency in at least one programming language (e.g., Java, Go) and experience with orchestration tools (e.g., Ansible, Terraform). Experience using Utimaco, Thales, Entrust, etc. More ❯

ll play a crucial role in delivering technical excellence, leading customer engagements, and mentoring team members. Key Responsibilities: Design, implement, and manage enterprise-grade security solutions (firewalls, SIEM, IDS / IPS, endpoint protection, cloud security). Shape strategic security recommendations and collaborate on technical win plans. Maintain and update security policies, procedures, and incident response plans. Deliver security awareness … training and advise clients on best practices. Support audits and compliance initiatives (ISO 27001, NIST, GDPR, etc.). Work cross-functionally with internal and external teams, including partner engagements. Research emerging threats and recommend security framework enhancements. Mentor and support junior security team members. What We’re Looking For: A degree in Cybersecurity, IT, or equivalent … forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting / automation skills (Python, PowerShell, Bash). Deep understanding of Microsoft security technologies. Certifications such as CISSP, CEH, OSCP, CISM, or Security+ are highly desirable. Strong problem-solving, communication, and More ❯

cross-functional teams to perform threat modelling, identify security risks, and implement effective countermeasures. Proactively assess the security posture of applications through code reviews, manual penetration testing, and static / dynamic security testing (SAST / DAST). Security Tooling and Automation : Implement and maintain security tools used in the development and deployment processes (e.g., scanning tools, vulnerability management … fostering a culture of security awareness across engineering and business teams. Compliance and Standards : Ensure product security practices align with relevant security frameworks and standards (e.g., OWASP, NIST, ISO 27001, GDPR, PCI DSS). Support regulatory compliance efforts and maintain evidence to meet audit requirements. Collaboration and Communication : Function as the primary interface between security, development … and frameworks such as OWASP, BSIMM, PCI DSS, ISO 27001, and GDPR. Security Integration experience: Demonstrated ability to seamlessly integrate secure development practices into SDLC / SSDLC workflows. Skilled in implementing technical security controls and driving security automation within CI / CD pipelines. Risk Management and Compliance knowledge: Experience with identifying and managing security More ❯

Conduct secure code reviews and architectural security assessments to identify risks early in the development process. Automation & Tooling: Enhance security automation capabilities by integrating security testing tools into CI / CD pipelines. Penetration Testing & Red Teaming: Facilitate internal and external penetration testing activities, helping to triage and remediate findings. Security Champion Enablement: Collaborate with engineering teams to build security … bring? 7+ years of experience in Product Security, Application Security, or a related security engineering role. Deep expertise in secure software development, secure coding practices, and OWASP Top 10 / CWE 25. Strong technical proficiency in modern programming languages (e.g., Python, Java, JavaScript, Go, or C#). Experience with cloud-native security (AWS, Azure, GCP) and securing containerized environments … Docker, Kubernetes). Proficiency in security testing tools such as Burp Suite, Endor, Semgrep, etc. Strong background in network security, including firewalls, IDS / IPS, VPNs, and secure network design. Hands-on experience with CI / CD security automation (GitHub Actions, Jenkins, GitLab CI, etc.). Familiarity with infrastructure-as-code security (Terraform, CloudFormation) and cloud security posture More ❯

Provide guidance on zero-trust network design, micro-segmentation, DDoS mitigation, identity-based access, and threat detection. Conduct threat modelling and risk assessments across backbone and edge infrastructure, OSS / BSS systems, and service platforms. Partner with engineering and operations to embed security-by-design into network build-outs, technology refreshes, and automation initiatives. Security Product Architecture (Customer-Facing … What we're looking for Must haves 10+ years of experience in cybersecurity, with 5+ years in security architecture roles. Deep understanding of fixed-line telecom infrastructure including IP / MPLS, optical transport, SDN / NFV, and data centre environments. Strong experience designing security controls for large-scale network and cloud systems. Familiarity with security frameworks such as … services or security platforms for enterprise customers. Security certifications such as CISSP, CCSP, SABSA, TOGAF, or equivalent. Knowledge of tools and platforms in areas like DDoS defense, ZTNA, SIEM / SOAR, EDR, and identity federation. Skills IT Strategic Planning Cyber Security Architecture IT Architecture Methodologies Building and Managing Teams Supervisory Leadership Education A Masters of Bachelors degree such as More ❯

time. Responsibilities Implement security protocols and manage information security programs Report performance, exceptions, and outages to all audiences transparently. Align disaster recovery with business continuity plans. Ensure compliance with ISO27001, NIST CFS 2.0, and maintain ISMS. Identify risks, develop a comprehensive security plan. Test cyber-attacks regularly to address vulnerabilities. Monitor security trends, adapt strategies. Oversee incident monitoring, detection, response … capable of working effectively with diverse teams and stakeholders. Ability to stay current with security trends, emerging threats, and best practices in the cybersecurity landscape. Experience of manufacturing and / or supply chain industry is preferred. Able to operate in a multinational corporation with several locations. Competencies You have expertise within Customer / Relationship Management. You have excellent … or belief, or sexual orientation. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us. External recruitment services / agencies will not be used for this position. More ❯

for access governance, identity life cycle, and privileged access management in alignment with defence-grade standards Security Assurance & Compliance Ensure commission controls comply with MOD policies (eg JSP 440 / JSP 604) and security frameworks such as NIST, ISO 27005, STIGs, and UK Functional Standard 007 Vulnerability Assessment & Access Review Support regular access reviews, entitlement audits, and … DV Clearance : Must hold active Developed Vetting (DV) clearance (or immediate transfer eligibility) Access Control Expertise : Deep experience in identity & access management, particularly designing and enforcing commission controls, RBAC / ABAC models, access provisioning, and entitlement workflows. Tools & Technologies : Hands-on with identity platforms (eg Active Directory, Azure AD, Okta), PAM / IGA systems, SSO / SAML … / OAuth, and access governance tools. Security Framework Knowledge : Understanding of defence and public-sector security frameworks (JSP 440 / 604, STIGs, ISO 27001, Government Functional Standard 007) Incident & Risk Handling : Proven ability to conduct security incident investigations relevant to unauthorized access and remediate gaps. Communication Skills : Strong ability to engage with both technical More ❯

best practices Develop and support cloud security policies and technical standards Conduct security assessments, risk analysis, and contribute to security roadmaps Collaborate with teams to integrate security into CI / CD and cloud-native applications Microsoft Security Stack Configure and manage Microsoft Defender for Cloud, Defender for Endpoint, and Sentinel Deploy Microsoft Purview for compliance and information protection Manage … Work with Azure Key Vault and manage encryption and certificate strategies Collaborate with our SOC and managed Sentinel provider on incident handling Compliance & Governance Help ensure compliance with ISO 27001, SOC 2, GDPR, and NIS2 Support configuration and monitoring in Microsoft Compliance Manager Maintain security documentation and assist in audit preparation Configure insider risk management, audit … regulated industries Technical Skills Deep expertise in Azure security and Microsoft Defender suite Advanced skills in Microsoft Sentinel, Purview, Intune, and Defender for Endpoint Strong experience with Entra ID / Active Directory, Conditional Access, and PIM Hands-on with PowerShell and Microsoft Graph API for security automation Familiarity with M365 security, Zero Trust models, and Microsoft Information Protection Knowledge More ❯

and strategic delivery. Key Responsibilities Support cyber transformation projects, governance assessments, and maturity roadmaps Assist with cyber strategy documentation and recommendations for leadership teams Work across frameworks such as ISO27001, NIST CSF, NCSC CAF, GDPR, and NIS2 Contribute to reports, client workshops, presentations, and stakeholder engagement Develop knowledge of security concepts, risk appetite alignment, and digital resilience What We're … junior cyber professional to work on transformation programmes that have national and global reach. Apply now or contact Declan Bryson at Anson McCade on 07529 161950 quoting ref AMC / DB / CSC / 42 . Reference: AMC / DB / CSC / 42 #debr More ❯

Microsoft Defender suite (Defender for Endpoint, Identity, Office 365, Cloud Apps, Intune MTD) Conduct threat modeling, vulnerability management, and purple team style validation to drive continuous improvement Maintain SIEM / SOAR detections and integrate log sources into Microsoft Sentinel Compliance & Audit Readiness Lead readiness and evidence collection for ISO 27001, NIST 800171, and CMMC Level … under DFARS and FedRAMP requirements Demonstrated mastery of Microsoft Defender solutions and security hardening best practices Proven leadership of at least two successful external compliance audits (SOC 2, ISO 27001 … or CMMC) Expert level PowerShell and experience with Infrastructure as Code or deployment pipelines (e.g., Azure DevOps) Familiarity with container security, secure software supply chain Experience managing outsourced MSP / MSSP partners Certifications ITIL or PMP certification More ❯

in touch today! Responsibilities: Conducting regular security assessments and vulnerability testing. Developing and implementing security policies and procedures. Monitoring network traffic for unusual activity and potential threats using SOC / SIEM solutions. Responding to security breaches and carrying out forensic investigations. Ensuring compliance with industry standards and regulations, including ISO 27001 and GDPR. Delivering security … use of best-of-breed products. Collaborating with the IT team to design and implement secure network architectures. Generating automated security reports tailored for executive-level clients. Required Skills / Qualifications: A Bachelor's degree in Cyber Security, Information Technology, or a related field. A minimum of three years' experience in a cyber security role, infrastructure, or advanced third … line support. Strong knowledge of security frameworks and standards such as ISO 27001 and GDPR. Expertise in Microsoft 365, SharePoint, Azure architecture, security, and Entra. Proficiency in security tools and technologies, including firewalls, identity management, and layered security stacks. Experience in incident response and forensic analysis. Excellent problem-solving, analytical, and communication skills. Relevant certifications (e.g. More ❯

Leading vulnerability management efforts, penetration testing, and remediation plans. Monitoring and investigating security events, managing incident response processes end-to-end. Ensuring compliance with security standards such as ISO 27001 and supporting audits and certifications. Collaborating across teams to embed security into the core of platform and product development. Delivering internal security awareness initiatives to strengthen … experience in regulated or high-trust industries). Hands-on expertise in cloud security (preferably AWS), including securing hybrid and multi-region architectures. Practical knowledge of security tooling: IDS / IPS, SIEM, vulnerability scanners, encryption, SAST / DAST tools, OWASP ZAP, etc. Strong understanding of network security protocols and best practices. Scripting and automation experience (e.g. Python). … Proven experience with incident response and threat mitigation. Familiarity with security compliance frameworks (ISO 27001, SOC 2, etc.). Security certifications (e.g. Security+, CISSP, or equivalent) are a plus. You'll Thrive If You Are: Comfortable taking ownership and working autonomously in a high-accountability environment. Eager to learn and keep up with the latest in More ❯

Support the implementation and ongoing cadence of the GRC Component Assessment and Control Testing Processes to internal defense personnel and project teams. • Create and publish supporting documentation for new / updated processes. • Create and deliver audience specific training and communications for new / updated processes to IT and Business partners. • Work effectively with cross-functional and cross regional … stakeholders with varying levels of business / technical skills. • Collect sufficient quantitative and qualitative data to accurately describe the current state, desired state, and root cause(s) of gaps, with guidance from others. • Analyze the future needs of customers and the enterprise, and translate these actions to enhance and mature the GRC program. • Address potential business / financial … programs and large projects and support their mitigation. • Engage stakeholders to gain consensus on shared vision of project outcomes. (link removed) Anticipate up and down stream impacts and predicts / addresses obstacles. • Identify and assist in the resolution of conflicting business goals and systemic issues to enable business value realization. • Propose corrective actions to address management and governance problems More ❯