26 to 50 of 291 ISO/IEC 27001 Jobs in London

as policies, standards, and procedures. Report on security performance metrics to senior leadership on a monthly basis. Ensure compliance with key frameworks including ISO 27001:2022, ISO 27701:2019, and SOC 2 across multiple international offices. Lead internal audits and manage responses to external … secure behaviours through awareness training and internal communication. Essential: Hands-on experience with ISO 27001, ISO 27701 and / or SOC 2 standards. Strong grasp of global data protection laws, particularly GDPR and CCPA. Able to work independently and coordinate with a wide More ❯

as policies, standards, and procedures. Report on security performance metrics to senior leadership on a monthly basis. Ensure compliance with key frameworks including ISO 27001:2022, ISO 27701:2019, and SOC 2 across multiple international offices. Lead internal audits and manage responses to external … secure behaviours through awareness training and internal communication. Essential: Hands-on experience with ISO 27001, ISO 27701 and / or SOC 2 standards. Strong grasp of global data protection laws, particularly GDPR and CCPA. Able to work independently and coordinate with a wide More ❯

and implement security and compliance policies and controls across infrastructure, applications, and internal systems. Lead the development and execution of the roadmap toward ISO 27001 certification and other key compliance frameworks. Collaborate with external stakeholders and customers to support security-related queries … and onboarding. Drive internal audits and prepare documentation for external assessments. Work with engineering leadership to integrate security best practices into the SDLC, CI / CD, and cloud infrastructure. Guide secure architectural decisions and deployment processes. Maintain and evolve security training, policy documentation, and incident response plans. Monitor the … UK GDPR, and industry best practices. Proven experience preparing for and leading ISO or similar audits. Solid understanding of AWS / Azure / GCP cloud security and web application security principles. Strong communication and documentation skills. Experience with tools like SIEM, CSPM, vulnerability scanners, and monitoring More ❯

but not limited to: Technical & organizational security controls Cyber and digital transformation activities Remediation workstreams and roadmaps Policy & process implementation Information Security Maturity Audits / CMMI Certification or alignment with recognised industry standards Compliance with applicable regulations & legislation Building and implementing governance & risk management processes Design implementation and testing … of security tooling BC / DR & Incident response capability building and testing Production of threat intelligence reports and research Supply Chain Risk Management Consultants must possess and be able to demonstrate credibility and experience as well as currency in these fundamental skill sets. Consultants will work with industry-leading … provide reporting and feedback when required. Support, when necessary, the development of opportunities by contributing as an SME in response to client RFPs and / or the construction of proposal documents and responses. Develop timely, accurate reporting that can convey technical findings to non-technical audiences at all levels More ❯

CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CISA (Certified Information Systems Auditor) ISO 27001 Lead Auditor / Implementer CRISC (Certified in Risk and Information Systems Control) GDPR Certification (e.g., IAPP CIPP / E, CIPM for data protection compliance) Experience Requirements … years of experience in Information Security, Compliance, or IT Risk Management. Experience with regulatory frameworks in UK & EU : GDPR (General Data Protection Regulation) ISO 27001 (Information Security Management Systems) Cyber Essentials Plus (UK government-backed security framework) DORA (Digital Operational Resilience Act) - EU financial sector PCI … understanding of data protection laws (UK GDPR, EU GDPR, DPA 2018) . Familiarity with risk management frameworks like NIST CSF, CIS Controls, and ISO 27005 . Experience with cyber security tools (e.g., SIEM, Malware Protection, Firewalls and others) is a plus. Strong reporting and communication skills-ability to More ❯

Onsite a Week) Start: ASAP Responsibilities: Security Leadership: Own and lead info security, align with business. ISO 27001 & ISMS: Maintain / evolve certification and ISMS. Risk & Compliance: Risk assessments, remediation, audits, GDPR compliance. Policies & Training: Create / manage policies, deliver security training. Security Operations … Implement controls (access, encryption, logging), lead incident response, manage pen tests / vulnerabilities. Customer / Vendor Security: Support security questionnaires / due diligence, review vendor security. Requirements: 3-5 years hands-on info security or IT risk / compliance. SaaS or fast-paced startup / scale-up experience. Good ISO 27001 knowledge (certification maintenance / achievement). Understanding of cloud (AWS preferred) and SaaS security risks. Hands-on with endpoint protection, SIEM, DLP, IAM, SSO. Clear understanding of GDPR. Familiarity with security tooling (endpoint, SSO / IAM, monitoring More ❯

definition of policies, standards and procedures for information security and data governance, moving Metro Bank towards alignment with industry good practice standards (e.g. ISO 27001, ITIL). Direct day-to-day management of information security and data controls, monitoring and incident response, with support from your … practice in Banking and the established approaches to mitigating these. A deep understanding of information and data risk and control frameworks and standards, e.g. ISO27001, PCI DSS, NIST+. Strong leadership skills and proven ability to build, inspire, direct, motivate and performance-manage a multi-disciplinary team. MSc Information Security / MCIISec / CISSP / CISM / ISO27001 Lead Auditor or equivalent. Our promise to you We will make sure that you are well-rewarded by providing you with a competitive salary, discretionary annual bonus, and a wide range of benefits, including generous holiday allowance, attractive pension More ❯

providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements , including due diligence, contract oversight, and continuity planning. Audit & Assurance: Participate in internal / external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes … risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security: Advise on vulnerability management , endpoint security (EDR / XDR) , and cloud compliance . Good understanding on IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management … Experience: 4+ years in GRC roles ; financial services or banking experience is a strong plus . Understanding of GDPR , DORA , PCI DSS, and outsourcing / third-party risk requirements. Hands-on experience with ISO 27001 implementation and third-party risk tools . Proficiency in IAM More ❯

providers, and outsourced services. Ensure compliance with DORA's outsourcing requirements , including due diligence, contract oversight, and continuity planning. Audit & Assurance: Participate in internal / external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes … risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security: Advise on vulnerability management , endpoint security (EDR / XDR) , and cloud compliance . Good understanding on IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management … years in GRC roles ; financial services or banking experience is a strong plus . Regulatory Knowledge: Understanding of GDPR , DORA , PCI DSS, and outsourcing / third-party risk requirements. Technical Skills: Hands-on experience with ISO 27001 implementation and third-party risk tools . Proficiency More ❯

in being a highly skilled Cybersecurity practitioner in primary skills associated with GRC, as well as secondary skills - Technical (e.g., IDAM, Engineering, Network, IoT / OT security). The successful candidate will play a critical role in the Practice in support of clients and their security roadmap, business G … meet the changing needs of the global landscape. Required: Industry experience working in enterprise cyber security domain Security Practitioner, which includes execution of operational / tactical as well as strategy & program cyber security. Able to support the cyber security roadmap and management inclusive of security risk management, its development … lead a team and align security measures with enterprise IT security frameworks. Understanding of Security Solutions: MS Sentinel / Defender / Entra, Zscaler ZPA ZTMA, CrowdStrike, CyberArk, SailPoint, Ping, and ability to design and build a controls dashboard from evidence outputs from MS solutions, using ISO27K, NIST, NIS More ❯

to HS2. It is an SCSJV requirement that all employees, Design House, and Supply Chains must implement and comply with the requirements of ISO 9001:2015 Quality Management System, ISO 14001:2015 Environmental Management System with guidance for use", OHSAS 18001:2017 Occupational Health and Safety Management Systems and ISO / IEC 27001:2013 Information Security Management System, Policies, Plans, Procedures and Processes, and statutory requirements as they affect the Joint … and value diversity at our company. we do not discriminate on the basis of age, disability, sex, race, religion or belief, gender reassignment, marriage / civil partnership, pregnancy / maternity, or sexual orientation SCS Railways is a Disability Confident Leader. We want to encourage disabled people to apply More ❯

Translate business, data protection and security requirements into practical and well-structured architectural designs, utilizing industry best practices and security frameworks (e.g., NIST, ISO 27001, CIS). Develop and maintain secure architectural patterns and standards, with a solid working knowledge of cloud security (AWS, Azure, GCP … cloud security, and compliance. Strong understanding of security governance, risk, and compliance frameworks such as ISO 27001, NIST 800-53 / CSF, NIS / NIS2, DORA, UK CNI / OT / IIOT compliance. Hands-on experience building credibility with external stakeholders through More ❯

Smart Building Technical Project Manager Introduction / What we do at Hereworks Hereworks is a provider of commercial Smart Building & Technology solutions throughout Ireland, UK and beyond. We offer end-to-end solutions including Smart Building Technologies, IoT, Audio Visual Solutions, Telecommunication Systems and much more. We are unique … and usable, while developing software layers for integration, aggregation and communication of the buildings systems including but not limited to: Amazon (AWS) IoT Core / Google (GCP) IoT Core Safety & Security - Intruder, Fire, Access Control, CCTV, Lifts Telecommunications & IT Systems - UC, In-Building Cellular Room, Desk & Parking Booking Systems … Compliance with Security Standards: The Project Manager is responsible for ensuring that data migration processes are conducted securely and in accordance with the ISO 27001 standard. This involves implementing and maintaining security conscious practices throughout the project lifecycle. Program Development: The role may involve contributing to More ❯

and existing applications, ensuring that all potential attack vectors are identified and mitigated. Develop and maintain security automation scripts and tools, such as SAST / DAST, to detect and respond to threats; automate security monitoring and alerting using Splunk, ELK, or Chronicle; develop security-as-code practices using Terraform … Ansible, or Kubernetes security policies. Harden and secure AWS / Azure / GCP, endpoint, and IAM environments and enforce cloud security best practices. Perform offensive activities and proactively hunt for vulnerabilities. Participate in the incident response process, providing technical expertise to manage and resolve security incidents; contribute to … to-date and effective. ️ Is This You? CISSP, CISA, or CISM certification is strongly recommended, but not required. ISO 27001 / 27701 / 42001, SOC-2, PCI DSS, and GDPR knowledge, experience, and qualifications are highly desirable. At least 5 years of relevant industry More ❯

working closely with IT to educate and enable teams across Attest. Support with compliance : partner with our Legal team to ensure adherence to ISO 27001, GDPR, and other standards. Manage risk proactively : identify and mitigate vulnerabilities across cloud environments and applications. Embed secure development : working with … 27001 security framework . Hands-on expertise in network security, application security, IAM, and incident response . Proficiency with SIEM, IDS / IPS, WAFs, EDR, and vulnerability management tools . Understanding of secure coding practices and ability to collaborate with engineering teams. Strong communication skills to … is currently an IC role, although you will have the support of other teams in the business. You have never been through an ISO 27001 or similar security audit process. You are looking for a role where you can be remote. We believe that the best More ❯

Infrastructure & Operations and Internal Audit. Qualifications: What background do I need to have? A successful candidate will have a bachelor's degree or equivalent / higher in computer science, cyber security, information security or similar, or a professional certification such as SSCP. Verification of certification will be requested during … matter expertise for transformational security improvements in a complex Technology organisation Proven experience at engaging and influencing stakeholders across departmental and organisational and global / segment stakeholders An excellent understanding of best practice within cyber security and risk management including standards such as ISO / IEC 27001, Cyber Essentials and NIST CSF Demonstrable creativity and a commitment to future-proofing processes and security controls in a fast paced, ever-changing environment A self-starter with the ability to identify, lead and drive change through an organisation without being instructed to do so More ❯

Management: Participate in risk assessments and vulnerability analyses, recommending mitigation strategies. Compliance: Ensure adherence to security policies, standards, and regulations such as GDPR, ISO 27001, etc. Documentation: Maintain accurate records of security processes, incidents, and compliance activities. Collaboration: Work with IT and other departments to ensure … architecture, especially cloud security and compliance. Knowledge of security governance, risk, and compliance frameworks such as ISO 27001, NIST, NIS / NIS2, DORA, UK CNI / OT / IIOT. Experience engaging with external stakeholders through presentations, audits, or reporting. Ability to operate security More ❯

with business stakeholders to drive our cloud security strategy and initiatives across GBST. You will assist in cloud information security related activities by supporting / leading implementation of a risk-based, sustainable and mature security controls posture to protect client data, digital trust and internal systems. As an experienced … on security and have the ability to articulate cybersecurity issues to non-technical stakeholders. Help to improve GBST's security requirements within the CI / CD pipeline and supporting infrastructure using agile DevSecOps methodology. Work closely with managed security service providers to ensure security events and incidents are investigated. … deployment experience. Strong knowledge and understanding of ISO 27001, NIST, CIS, SOC type 2, and other relevant cybersecurity frameworks. AWS / Azure Cloud security experience a must. Knowledge of SDLC and agile environments in the context of information security. Bachelor's degree in information security More ❯

Perform Pre Cable and Pre deploy duties in cases where circuits and client sites are yet to be delivered or readied by vendors. Troubleshoot / Investigate and rectify circuit connection errors & circuit / hardware down scenarios using ServiceNow ticketing system and working closely with internal teams. Participate in … a Rota system to provide out of hours migration / switch over works providing on-site support if required to client premises nationwide. Perform Hardware upgrades on legacy equipment and re-cable as instructed. Participate in on-call / out of hours duties on various planned and unplanned … order of received tickets, workload for each day. Keep in line with internal and client agreed SLAs surrounding time taken to deliver each ticket / site deployment dependent on geographical location. Maintain a professional and disciplined approach at all times when working within Exponential-e Client Premises, Data Centres More ❯

AV Support Assistant / Audio Visual Specialist / AV Engineer A fantastic opportunity has arisen for an AV Support Assistant / Audio Visual Specialist / AV Engineer to join our London based global law firm on initial 6 month contract. AV Support Assistant / Audio … Visual Specialist / AV Engineer Summary: Our clients IT team is responsible for delivery of a responsive, effective and timely IT support service to the firm’s employees and clients. They devise and implement operational processes and procedures in order to provide reliable and available IT systems to the … PowerPoint, and Excel - Knowledge of Remote Access systems and focusing on supporting remotely - Understanding of ITIL (v2 or v3), understanding of ISMS / ISO27001 would be desirable. AV Support Assistant / Audio Visual Specialist / AV Engineer More ❯

to quantify and lead risk mitigation plans Work with Service Management to ensure that partners and suppliers adhere to agreed standards, policies and verify / evidence appropriate compliance and security KPIs Work closely with 1st, 2nd and 3rd lines of defence on all matters relating to cyber security, information … 27001) within relevant geographic boundaries. Performs focused information risk assessments of existing or new services and technologies, alongside the Operational / Service Management team and technology subject matter experts. As required, will extend the assessment of existing and proposed services to third party suppliers, including … to risk management Maintains strong working relationships with individuals and groups involved in managing information risk across the in-scope services and aligned suppliers / 3rd parties Chairs and co-ordinates Security Working Groups (SWG) and actively participates in supporting / governing forums What experience you'll bring More ❯

to the sector, including: NCSC NIS Guidance and CAF ISO 27001 and ISO 27005 NERC CIP ISA-99 / IEC 62443 NIST CSF. Additional information Please note that the interview stages may be subject to change based on the specific requirements More ❯

to the sector, including: NCSC NIS Guidance and CAF ISO 27001 and ISO 27005 NERC CIP ISA-99 / IEC 62443 NIST CSF. Additional information Please note that the interview stages may be subject to change based on the specific requirements More ❯

Must have experience working on Tenable.IO, analysed vulnerabilities form penetration testing reports, work with vendors to remediate vulnerabilities, has patch management experience, has patched / worked on windows, Linux and Azure cloud systems, analyse and remediate SOC / NOC alerts. Our Client is a globally recognised, successful bank … who provide world-class services to various institutions and individuals. Offering a comprehensive range of retail and corporate financial services / products, this thriving business boasts over 10 million active customers in over 700 business locations. Due to business requirements, we are now looking to acquire the services of … CMSS) Incident / Response & Forensic Management Skills IT Technical Admin Support - Azure, Oracle Cloud Infrastructure (OCI Cloud) Microsoft Windows Support & administration, CE+, ISO27001 Email and Information Security Filtering / Monitoring Solutions, Egress Hands on experience on Linux and Mac Administration Support Good understanding of Windows and Linux More ❯

Security Ownership & Leadership: Own and lead HowNow's information security function, working cross-functionally to align with business needs. Maintain and evolve our ISO 27001 certification and manage the ISMS lifecycle. Governance, Risk & Compliance: Perform regular risk assessments, manage remediation plans, and conduct internal audits. Ensure … risks. The key qualities we're looking for in applicants: 3-5 years of hands-on experience in an information security or IT risk / compliance role. Experience working at a SaaS company or fast-paced startup / scale-up. Good working knowledge of ISO 27001 … endpoint protection, SIEMs, DLP, IAM, and SSO. Clear understanding of data privacy laws (especially GDPR). Familiarity with security tools (e.g., endpoint protection, SSO / IAM, monitoring / logging, vulnerability scanning). Experience with risk assessments, incident response planning, and writing security policies. Strong communication skills, with the More ❯