22 of 22 ISO/IEC 27001 Jobs in Gloucestershire

code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 / 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security … execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience … in product or application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on More ❯

and Experience Required Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan ). An understanding of MOD ISN 23 / 09 Secure by Design. Knowledge of security frameworks, such as ISO / IEC 27001, NIST … NIST 800-53 or OWASP. Experience of working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) Why Join? You'll gain exposure to cutting-edge defence technology and intelligence insights, alongside good … salary & benefits . The client offers flexible working options, with some hybrid / remote working. Apply now to be immediately considered for this fantastic opportunity. More ❯

Information Security Engineer Hybrid: Remote / Bristol Reporting to: Joe Mathews - VP of Technology Salary: £45,000 - £50,000 About Us Duel is a SaaS company on a mission to make Brand Advocacy the industry standard playbook for building brilliant retail brands. It was founded by world record breaking … a timely manner. Learn and implement security monitoring and automation solutions to detect and respond to threats. Help manage security tooling, including SIEM, IDS / IPS, and vulnerability scanning solutions. Work closely with engineers to support secure coding practices and help embed security considerations early in the development process. … as Secureframe, Drata, or Vanta. Experience working with pen testing and bug bounties a plus. Basic understanding of security tools such as SIEM, IDS / IPS, and vulnerability management solutions. Experience or knowledge of cloud security (AWS, GCP, or Azure). Awareness of security best practices in application and More ❯

Management Systems and Audit Manager, you will collaborate with cross-functional teams to support the continuous improvement. Support the maintenance of existing external ISO accreditation's and the support attainment of new ISO accreditation's to support the business strategy. Key Responsibilities: Support in the implementation … of National Security Solutions Audit Schedule Support in the maintenance of existing ISO accreditation's Support in the attainment of new ISO accreditations as required Maintain the company's Integrated Management System (IMS) Audit Schedule to ensure compliance with regulatory requirements and industry standards (e.g. ISO … benefits including private health care, career development opportunities and performance bonuses. For a comprehensive list of benefits, speak to our recruitment team. Essential qualifications / experience: ISO 9001 Lead auditor Detailed knowledge of ISO 9001, ISO 27001, ISO More ❯

reviews and ensure secure-by-design principles. Conduct threat modelling exercises to identify and mitigate potential risks. Ensure compliance with security regulations such as ISO27001, NIST 800-30 / 37 / 53, JSP 440, 604, and Defence Standards. Develop and maintain security documentation (e.g., RMADS, Security Assurance Documents … vulnerability assessments, and remediation activities. The Person Key Skills & Experience: Strong knowledge of risk management frameworks and methodologies (ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53). Experience with defence and government security standards (JSPs, Def Stan … / 139). Proficiency in security testing tools, technologies, and techniques. Ability to analyze and mitigate security vulnerabilities effectively. Strong problem-solving, decision-making, and communication skills. Qualifications & Requirements: Degree in Cybersecurity, Computer Science, or a related field (or equivalent experience). Industry certifications such as CISSP, OSCP, CEH More ❯

reviews and ensure secure-by-design principles. Conduct threat modelling exercises to identify and mitigate potential risks. Ensure compliance with security regulations such as ISO27001, NIST 800-30 / 37 / 53, JSP 440, 604, and Defence Standards. Develop and maintain security documentation (e.g., RMADS, Security Assurance Documents … vulnerability assessments, and remediation activities. The Person Key Skills & Experience: Strong knowledge of risk management frameworks and methodologies (ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53). Experience with defence and government security standards (JSPs, Def Stan … / 139). Proficiency in security testing tools, technologies, and techniques. Ability to analyze and mitigate security vulnerabilities effectively. Strong problem-solving, decision-making, and communication skills. Qualifications & Requirements: Degree in Cybersecurity, Computer Science, or a related field (or equivalent experience). Industry certifications such as CISSP, OSCP, CEH More ❯

collaborate with cross-functional teams to support the continuous improvement of the company's management system, the maintenance of NGUKL's existing external ISO accreditations and the attainment of new ISO accreditations to support the business strategy. This is an excellent opportunity if you are looking … system and the CAD database Maintain the company's Integrated Management System (IMS) to ensure compliance with regulatory requirements and industry standards (e.g. ISO 9001, 20000-1, 27001, 14001) Support functions and process owners to ensure processes are up to date, efficient and align with required … required Ensure appropriate reviews have taken place, and required approvals have been obtained prior to publication We are looking for: Detailed knowledge of ISO 9001, ISO 27001, ISO 20000 and ISO 14001 standards Experience in managing libraries of process documentation More ❯

Develop and present comprehensive risk assessment reports, including clear recommendations for mitigation and investment Apply frameworks such as NIST 800-53, ISO / IEC 27001, and NCSC CAF to assess current controls and identify improvement opportunities Contribute to the development of organisational threat … can apply critical thinking to complex and ambiguous environments, making informed decisions under pressure You have strong knowledge of cyber risk frameworks (e.g. NIST, ISO27001, NCSC CAF) and experience in applying them You're experienced in one or more of: counterintelligence, human intelligence and security, physical security assessments, operational technology More ❯

ISO Audit Specialist Posting Date: 1 May 2025 Function: Risk, Compliance and Assurance Unit: Business Location: UK Wide, United Kingdom About the role As our ISO Audit Specialist, you'll lead audits across multiple ISO Standards servicing BT group (Openreach, Digital, Business, Networks, Corporate … government contracts, ideally with experience in telecommunications or technology industries. You will maintain ISO standards linked to BT Group Risks, such as ISO27001 for Cyber & Information Security, ISO22301 for Service Interruption, and ISO14001 for Major Contracts. Your role involves identifying and implementing actions to mitigate risks from non … maintenance of the ISO Certificate database and audit universe. Required experience and qualifications Lead Auditor qualification to ISO standards, primarily ISO27001, plus another ISO standard (e.g., ISO9001, ISO14001, ISO22301). Experience designing, implementing, and maintaining management systems (ISO 27001 preferred More ❯

an Infrastructure Engineer or Systems Engineer – ideally a minimum of 3 years Experience with multi-vendor enterprise IT infrastructure, installation, design, configuration and troubleshooting / support of computer, storage, networking, physical infrastructure and software. Experience managing technical service environments and delivering services in line with … internal and external SLAs. Experience of Information Security and controls to mitigate threats within secure IT environments. Experience of working to CIS, Microsoft, NCSC, ISO27001 and Cyber Essentials Plus frameworks. Networking knowledge and concepts including switching, routing, firewalls, load balancing, TCP / IP, VPN / VLAN, Routing, Enterprise … Wi-Fi, DHCP, DNS, IP Addressing, WAN, LAN. Storage knowledge of SAN, iSCSI, Multipath. Experience maintaining and troubleshooting Windows / Linux server and desktop platforms – Windows 10 / 11, Windows Server 2019 / 2022 / 2025, Ubuntu, and Debian. Experience with Active Directory, AD CS, GPO More ❯

vital role in safeguarding our cloud infrastructure and applications. - If you have expertise in AWS security, a strong understanding of security frameworks like ISO or NIST, and the ability to drive secure coding practices, we want to hear from you! The role. As an Application Security Engineer, you … such as ISO 27001, NIST, and CIS benchmarks. Collaborate with development teams to enhance secure coding practices and strengthen CI / CD pipeline security. Oversee and improve cloud security in AWS, leveraging tools such as AWS Security Hub, AWS Shield, and AWS IAM. Manage the … Familiarity with OWASP Top 10, CWE, and secure coding practices. Proficiency in using security tools such as static and dynamic analysis tools. Basic coding / scripting skills in Python, JavaScript, or similar. Strong communication skills with the ability to engage technical and non-technical stakeholders. Desirable Skills: Experience working More ❯

perform threat modelling, undertake risk assessment, evaluate the effectiveness of security controls Verify and evidence alignment to 'Secure by Design' principles, corporate security policy / standards as well as industry recognised frameworks and best practice What you'll be doing: Develop, deliver and continually enhance a coherent approach to … to quantify and lead risk mitigation plans Work with Service Management to ensure that partners and suppliers adhere to agreed standards, policies and verify / evidence appropriate compliance and security KPIs Work closely with 1st, 2nd and 3rd lines of defence on all matters relating to cyber security, information … process and technical security controls are maintained What experience you'll bring: Minimum of 5 years' experience in a multi-tiered IT enterprise environment / Governance, Risk and Compliance role Minimum of 5 years' experience in a Governance, Risk and Compliance role A track record of delivering security solutions More ❯

the operating companies. Qualifications & Experience Essential: - Degree or Higher level Degree in relevant subject. Hold CISSP, CISM or equivalent. Member of relevant professional institute. ISO27001 Lead Auditor or CISA Certified. Relevant experience at senior level in related specialism role. Range of cyber experience across HMG and OGDs. Detailed knowledge of … Legislation and Regulations relevant to the role including but not limited to; NIST / ISO Standards, CESG / NCSC technical requirements and NDA / ONR security requirements. Post holders will be required to demonstrate excellent leadership and business skills alongside robust and comprehensive technical knowledge … / expertise. Desirable: - Excellent communicator across all levels of the organisation including negotiation skills, interpersonal fluency and ability to explain and communicate complex technical issues in a way that non-specialists can understand. Experience working in any of the following industries: energy, utilities, construction, civil engineering. Hands-on experience More ❯

to teams across the organization. The Person Key Skills & Experience: Strong knowledge of security frameworks (ISO 27001, NIST 800-30 / 53, OWASP). Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138 / More ❯

or equivalent) e.g. CISSP. In-depth knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST, CIS, DSPT / CAF). Experience as a Security Architect or in a similar role, with a strong track record of designing and implementing security controls and … / or solutions and leading technical teams. Experience with architecture methodology such as TOGAF or SABSA. Experience of threat and risk modeling. Strong understanding of network security, encryption, authentication, and access control mechanisms. Experience with security technologies such as firewalls, intrusion detection / prevention systems, security information and … Google). Experience of DevSecOps. Experience of research in technology trends and ways to secure those technologies. Experience with automated deployment techniques and CI / CD pipelines. Experience working in or with Government organizations, especially within a Health and Social Care setting, including the handling of assets subject to More ❯

Information Security & Compliance : Proficiency in completing security assessments, evaluating third-party vendors' security controls, and familiarity with industry standards and regulations (e.g., GDPR, ISO 27001, NIST). Communication & Collaboration : Strong verbal and written communication skills to consult with internal teams, external consultants, and suppliers, and the More ❯

required. Practicing continuous self-learning to keep up-to-date with industry trends and developments to enhance your relevant skills. Skills & experience Essential skills / behaviours: You'll have a broad understanding of the services that the organisation provides to its customer base and be able to map this … interface at the highest level and exhibit good verbal, written and presentation skills. Experience of working within key Cyber Security principles and standards (ISO 27001, NIST, Cyber Essentials, MITRE). [i] Experience working in a customer-facing role desirable. You should have experience in managing team More ❯

from day one. What You'll Do As a DevSecOps Engineer, you'll be embedded in a fully agile team focused on secure CI / CD pipeline delivery, automated testing, and infrastructure as code. You'll bring security left, ensure functional integrity, and automate relentlessly. You Will Build and … maintain secure, scalable CI / CD pipelines Integrate functional and automation testing into every phase of delivery Embed security practices across all engineering stages Work cross-functionally with developers, testers, and architects Help define best practices and tooling for a high-stakes healthcare environment Technical Experience Proven experience in … roles Strong grasp of functional and automation testing (e.g., Selenium, JMeter, Cypress, Postman, etc.) Cloud-native tooling and containerization (Docker, Kubernetes, Terraform, etc.) CI / CD systems like GitLab CI, Jenkins, Azure DevOps Scripting skills (Bash, Python, or similar) Security mindset: static / dynamic code analysis, vulnerability scanning More ❯

IT service management system - Escalate complex issues to the 2nd Line Support team when required - Document resolutions and create knowledge articles in line with ISO27001 standards - Produce clear installation and troubleshooting instructions for other team members - Liaise with third-party suppliers to resolve technical issues and manage software licensing queries More ❯

maintained. Implement solutions in line with overall strategy and architecture. Take operational ownership of all information security management processes across projects. Ensure certification and / or network accreditation to required standards. Work closely with delivery partners and client / business stakeholders to understand their needs. Roadmap solutions to … ability to convey complex technical details to clients in a straightforward manner. Strong background in security architectures, processes and both industry and government compliances (ISO27001, CES, CES+ in particular). Background in Microsoft, AWS and / or Cloudflare security technology would be beneficial. Good knowledge of security standards, legislation More ❯

Role: Penetration Tester Type: Permanent Location: Cheltenham / Remote Clearance: SC / DV Are you an offensive security specialist who is excited about delivering the best service possible? Keen to work in a business where you stand to work alongside some very talented testers? CND are working with … of Cloud services such as Azure or AWS • Capability to script or code in Bash, Python etc • Appreciation for Cyber Security standards such as ISO27001, PCI-DSS or CIS This is a role with a growing, exciting organisation who can offer you a strong degree of progression and the ability More ❯

domains. Responsibilities include planning and delivering programs such as ISO22301:2019 certification, ensuring compliance with UK Operational Resilience regulations (FCA's SYSC15A), and maintaining ISO27001:2022 standards. Key Responsibilities: Develop and recommend resilience and continuity strategies, collaborating with the Security & Governance Manager to embed operational resilience and business continuity plans. … issues. Candidate Profile: Ideal candidates will have experience with continuity standards and operational resilience regulations (FCA & PRA), with strategic thinking and integration of legal / regulatory requirements. Strong leadership, relationship management, and communication skills are essential. Experience in legal, law firms, or insurance industries, especially within regulated … environments, is desirable. Additional skills include: Excellent communication (written, verbal, presentation) Relationship building, influencing, negotiation Adaptability for different audiences Knowledge of ISO22301:2019 and ISO27001:2022 standards Preferred qualifications and experience: Technology or resilience qualifications Operational resilience frameworks and methodologies Experience with risks related to buildings, IT, people, audits, and More ❯