23 of 23 NIST Jobs in the Midlands

and the wider estate are sufficiently tested for signs of vulnerability. Governance, Risk & Compliance (GRC) Ensure audit readiness, control effectiveness (key SOX/ITGC, NIST/ISO mappings), and remediation governance; lead policy lifecycle and attestations. Oversee the enterprise risk process (RCSA, KRIs), executive reporting, and board risk briefings. Improve ...

Information Security Manager), CISA (Certified Information Systems Auditor), CEH (Certified Ethical Hacker), or equivalent are highly desirable. In-depth knowledge of security frameworks (e.g., NIST, ISO 27001), network security protocols, firewalls, encryption, and intrusion detection systems (IDS). Strong understanding of threat landscape and risk management strategies. Proficiency in security ...

implementation of the Operational Technology security strategy across engineering and operational teams. Assist in applying recognised cyber security frameworks such as National Institute of Standards and Technology Cyber Security Framework and IEC 62443 to operational environments. Work with engineering teams to understand how operational systems such as Supervisory Control and ...

enhance risk toolkit methodologies across the supply chain risk management lifecycle (onboarding and aftercare). Lead initiatives to align supply chain risk maturity with NIST Cyber Supply Chain Risk Management (C-SCRM) principles. Deliver improvements in personnel security controls following National Protective Security Authority (NPSA) guidance. Produce risk outputs linking ...

related field (or equivalent experience) Experience or exposure to IT security, cyber risk, or control assessments Familiarity with cybersecurity frameworks and standards such as NIST, CIS, and ISO 27001 with exposure to security audits. Understanding of IT controls and risk management principles Strong analytical and problem-solving skills, with ...

issues and improve outcomes Essential Experience & Skills Proven experience delivering an assurance testing programme across recognised frameworks and regulations, including (but not limited to): NIST-CSF, Cyber Essentials, ITGC, ITACs, FRC/Corporate Governance Code, COBIT 2019, COSO Strong stakeholder management skills, with the ability to collaborate across the business ...

issues and improve outcomes Essential Experience & Skills Proven experience delivering an assurance testing programme across recognised frameworks and regulations, including (but not limited to): NIST-CSF, Cyber Essentials, ITGC, ITACs, FRC/Corporate Governance Code, COBIT 2019, COSO Strong stakeholder management skills, with the ability to collaborate across the business ...

cyber security operations, incident response, threat intelligence, and vulnerability management. In-depth knowledge of regulatory requirements, security frameworks and industry standards (e.g., ISO 27001, NIST, ITIL). Proven ability to manage and influence stakeholders at executive and C-suite level. Experience coming into 'greenfield' environment's and raising the maturity ...

security assessments and producing assurance reports. Ability to engage and influence stakeholders at all levels. Familiarity with security frameworks and standards (e.g., ISO 27001, NIST, CIS Controls). Excellent communication, planning, and organisational skills. Experience managing teams and developing talent. Ability to interpret complex technical and business information to assess ...

across: Networking, Infrastructure, Platform, Cloud, Identity & Access Management (IAM), and Application/API. Experience with designing systems inline with security frameworks including: ISO, GDPR, NIST/CIS. Able to communicate at a high level to non-technical audiences. Some experience within regulated environments would be beneficial. Certifications like CISSP, CISM ...

primary point of contact for clients during onsite assessments and GRC implementations. Key Responsibilities Project Delivery: Lead the fieldwork for Cyber Maturity assessments (NIST, ISO 27001, Cyber Essentials Plus) and Third-Party Risk Management (TPRM) reviews Client Engagement: Manage day-to-day client relationships, ensuring data collection and stakeholder interviews ...

and ensure recommendations are followed for continuous improvement Strong Incident Response Management skills including threat and vulnerability analysis Understanding of security frameworks such as NIST, and Cyber Essentials As the analyst you will work with the security manager and engineer the day-to-day running and monitoring of Information Security ...

system logs and authentication systems. Working knowledge of SIEM platforms (e.g. Microsoft sentinel, Splunk, Elastic, QRadar). Desirable: Awareness of security frameworks and methodologies (NIST CSF, MITRE ATT&CK, ISO27001). Qualifications: Desirable: CompTIA Security+, CySA+ or other entry level certification. ...

using the Purdue Model. · Strong familiarity with major OT/ICS vendors (Siemens, ABB, GE, Schneider Electric). · Experience applying frameworks such as IEC62443, NIST CSF, NIST 800‐82, NCSC CAF. · Senior-level stakeholder management experience. Certifications – Highly Desirable · OT/ICS Security/Safety Certifications · ISA/ ...

experience in vulnerability scanning tools, familiar with CVSS scoring and vulnerability prioritisation. This would suit an analyst who is familiar with frameworks such as NIST, Cyber Essentials. Working to understand and interpret findings and communicate to stakeholders, detailed orientated and can work with other cross functional teams and departments. ...

and strong stakeholder skills, including: CISM qualification (or equivalent) Strong knowledge of ISO 27001, ideally as a Lead Auditor or Auditor Working knowledge of NIST CSF and NIST SP 800-53 Excellent understanding of relevant legal, regulatory and compliance requirements Proven experience implementing and operating security management in line with ...

responsible for ensuring that all corporate and subsidiary operations comply with internal security policies, regulatory requirements, and internationally recognised frameworks such as ISO27001, NIST, SOX, GDPR, CMMC, and others.Key Responsibilities- Support the execution and enhancement of the global information security compliance program.- Conduct internal audits, third-party risk assessments, and … diligence reviews.- Ensure alignment with regulatory and industry standards including ISO27001, NIST, SOX, GDPR, SOC 2, HIPAA, CCPA, LGPD.- Collaborate with cross-functional teams across multiple jurisdictions to drive compliance initiatives.- Identify gaps in security controls and recommend corrective actions.- Maintain and update security policies, procedures, and documentation.- Monitor changes ...

protection strategies aligned to business risk and regulatory requirements Design and deliver Microsoft Purview solutions Translate regulatory and GRC requirements (eg GDPR, ISO 27001, NIST, data residency and retention) into practical, defensible data security controls Conduct data risk assessments, gap analyses, and control reviews across Microsoft 365 and wider data … with both technical teams and non-technical stakeholders The ability to balance risk, usability, and commercial realities Knowledge of frameworks such as ISO 27001, NIST CSF, ISO 27701, CAF, or DSPT Relevant certifications such as ISO 27001, CISSP, CISM, or Microsoft Security If you are a Data Security Consultant looking ...

work, gap analyses and audits Working on SIEM, EDR and Vulnerability Management tools. Working in compliance with various security frameworks (ISO27001, Cyber Essentials +, NIST, CAF.) Working alongside the MSSP to ensure that risks and alerts raised are relevant to the organisation, reducing false positives wherever possible Assisting with vulnerability …/IDS, EDR, SIEM, Vulnerability scanning - any toolsets considered. Experience working in alignment with security best practice frameworks (e.g. ISO27001, Cyber Essentials +, NIST, CAF) Experience working alongside 3rd parties to enhance security posture would be ideal (MSSPs, Auditors etc.) Experience responding to audit requirements and artefact gathering would also ...

resolved. What you bring You’ve done this before. Not just the theory - the real work of delivering assurance programmes across frameworks like NIST-CSF, ITGCs, ITACs, Cyber Essentials, or similar. You know how to work with stakeholders who don’t live and breathe compliance - and still bring them with … you. Access to teams who know their craft - Compliance, ITGC, GRC, Finance, Data Governance, InfoSec - and are worth learning from. Training that actually helps: NIST, ITGC, PCI-DSS, GDPR, and whatever else you need to stay sharp. And the space to build something better than what you walked into. ...

Ideas | People | Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's ...

people, delivery, and market presence Manage and develop client relationships, acting as a trusted advisor on cyber risk Oversee cybersecurity control assessments (e.g. against NIST, CIS benchmarks) and technical advisory work Produce and present cyber risk reports to Board and Executive-level stakeholders Collaborate with clients to understand their risk … industry. You will bring: Strong experience across IT security and cyber risk domains Proven expertise in cyber control assessments and governance frameworks (e.g. NIST, CIS) A solid technical foundation in IT, risk, or cyber security, ideally within a consultancy environment Relevant certifications such as CISSP, CISM, CCSP or CRISC Experience ...

Information Security Officer/ISO27001/NIST/GRC £40,000 - £45,000 + Benefits Worcester (Hybrid) Information Security Officer/ISO27001/NIST/GRC We're hiring an Information Security Officer to join a purpose led UK organisation, helping protect critical systems, data and customers at scale. This … across the business to drive security best practice, manage risk and strengthen governance. What you'll do Support security policies, frameworks & compliance (ISO27001/NIST) Identify risks & improve security controls Advise stakeholders on security & data protection (GDPR) Help resolve security incidents & embed a security-first culture What we're looking ...