1 to 25 of 29 NIST Jobs in the Thames Valley

of incident response workflows, timelines, and action items for continuous improvement. Compliance and Risk Management: Ensure all incident response activities align with industry standards, regulations, and best practices (e.g., NIST, ISO 27001, GDPR, HIPAA). Work with legal and compliance teams to manage incidents within the scope of data privacy laws and regulations. Your Profile Essential skills/knowledge/ More ❯

/PCI DSS/CISSP/CISM/CISA/Azure Security/AWS Security/DevSecOps/Cybersecurity/Application Security/Security Compliance/Risk Management/NIST/OWASP/CIS Controls/Data Protection/Information Governance/Cloud Infrastructure Security More ❯

equivalent. Experience in or supporting the higher education sector. Strong understanding of multi-tenant SaaS security. Knowledge of DevSecOps and integrating security in CI/CD pipelines. Familiarity with NIST, CIS Controls, OWASP, and other security frameworks. Awareness of global data protection and multi-jurisdictional privacy requirements. Experience supporting enterprise sales cycles with security expertise and assurance. Benefits: 25 days More ❯

as CyberArk, BeyondTrust, or Delinea Strong understanding of Active Directory, LDAP, and authentication protocols Experience with scripting (PowerShell, Python) for automation and reporting Familiarity with compliance frameworks (ISO 27001, NIST, GDPR) Excellent problem-solving, communication, and documentation skills Desirable Skills/Experience: Although not essential, the following skills are desired by the client: Preferred Qualifications Relevant certifications (e.g., CyberArk Defender More ❯

or related field (master’s preferred). Experience in cybersecurity with 3+ years in a security architect or solution designer role. Familiarity with industry standards and frameworks such as NIST, ISO 27001, TOGAF. Strong documentation skills with experience writing SDDs, architecture diagrams, and technical specifications. Certifications such as CISSP, SABSA, TOGAF, CCSP, or AWS/Azure Security are a plus. More ❯

and compliance roles. Strong understanding of security best practices, standards, and control frameworks. Knowledge of GRC principles, security auditing, and compliance validation. Experience with security frameworks and regulations (ISO27001, NIST, PCI, GDPR). Excellent communication skills, able to translate technical concepts for diverse audiences. Strong relationship-building and stakeholder management skills. Desirable: Experience in the real estate sector is desirable. More ❯

security role. Hands-on experience with the Microsoft Security Stack and other leading security tools. Familiarity with network and application firewalls. Working knowledge of security frameworks such as ISO27001, NIST, SOC2, and Cyber Essentials Plus. Experience with Privileged Access Management tools (e.g., CyberArk, Entra, SailPoint). Ability to quickly learn and adapt to new security tools and technologies. Please be More ❯

security role. Hands-on experience with the Microsoft Security Stack and other leading security tools. Familiarity with network and application firewalls. Working knowledge of security frameworks such as ISO27001, NIST, SOC2, and Cyber Essentials Plus. Experience with Privileged Access Management tools (e.g., CyberArk, Entra, SailPoint). Ability to quickly learn and adapt to new security tools and technologies. Please be More ❯

e.g. Entra ID, CyberArk, BeyondTrust). Hands-on with Azure AD/Entra ID , Conditional Access & Identity Protection. Understanding of OAuth2.0, SAML, OpenID Connect . Familiarity with ISO 27001, NIST CSF, CAF & GDPR . Experience leading or overseeing MSPs. Current SC clearance . Desirable: Knowledge of Microsoft Sentinel, Splunk, or Elastic SIEM . Experience in SOC build or cyber transformation More ❯

Comfortable working with data – familiarity with Python, SQL, or data tools is a plus. Bonus: Knowledge of AI ethics, data privacy, cybersecurity, or relevant industry frameworks (e.g. ISO 27001, NIST, etc.). Location: London Should you not be contacted within five working days of submitting your application, then unfortunately you have not been shortlisted for the opportunity. We will, however More ❯

regularly to senior leadership on risk posture. Skills & Experience Required Previous experience in an information security or IT risk management role. Strong understanding of frameworks such as ISO 27001, NIST, PCI-DSS, or Cyber Essentials . Excellent communication and stakeholder engagement skills. Ability to manage multiple priorities in a dynamic environment. Benefits Include A people-focused culture with genuine support More ❯

help shape secure solutions from the ground up. What You'll Do Lead or support the delivery of secure systems, cloud configurations, or network designs. Apply security frameworks (ISO27001, NIST CSF, NCSC CAF) in real-world projects. Conduct threat modelling and recommend proportionate controls. Translate technical risk into clear business language for stakeholders. Deliver high-quality outputs and support wider More ❯

in cloud environments is a plus Cloud Security skills (desired): Secure software development practices, including SecDevOps Sound knowledge of applicable frameworks & standards, including OWASP, MITRE ATT@CK & D3FEND, CIS, NIST CSF, CSA CCM & ISO 27107 Relevant industry certifications including CSCP Understanding of cyber risk frameworks or industry standards such as 800-53, ISO 27001/2, PCI, CIS 18, CMMC … Sound knowledge of applicable laws, compliance regulations, and industry standards as it relates to privacy, security, and compliance Sound knowledge of applicable frameworks, including MITRE ATT@CK & D3FEND, CIS, NIST CSF, CSA CCM Strong communication and presentation skills Cyber Risk Management skills (desired) : Experience in threat modelling & application security risk assessments, secure software development practices, including SecDevOps FAIR Open certified More ❯

an IAM solution across all aspects of the SDLC (Analyse, Design, Develop/Configure, Test, Deploy, Document) Understanding of regulatory frameworks, and their application to IAM, e.g. SOx, ISO27001, NIST, HIPAA, GDPR, PSD2, etc. Ideally, an education in Business, IT, IT security or related field Advantageous: Professional certifications such as CISSP, CISA, ITIL, etc. Product certifications from SailPoint, or other More ❯

skills. Understanding of full packet capture and analysis concepts, or hands-on experience with tools like Wireshark, Zeek, or similar platforms. Awareness of cybersecurity frameworks and best practices (e.g., NIST, ISO 27001) and how they apply to network assurance. Role & Responsibilities As Principal Sales Engineer, you will play a vital role in driving revenue by delivering technical presales support, demonstrating More ❯

potential clients. The Ideal Senior Security Consultant will have: 7+ years of industry experience in Cybersecurity. Relevant security certifications (CISSP, CISM etc.). Deep experience of security frameworks (i.e. NIST, ISO 27001, TOGAF, SABSA) Strong technical exposure to AI/ML concepts, algorithms, models, regulations and controls. Involvement in pre-sales & commercials in a consulting capacity. Senior Security Consultant key More ❯

vs Buy, On-premise vs Cloud, In-house vs Outsourced Development, and Intra-group vs Local Service Delivery. Familiarity with technology standards and frameworks such as ITIL, COBIT, and NIST, and working knowledge of relevant regulatory expectations. Excellent written and verbal communication skills, with the ability to articulate risk topics clearly to both technical and non-technical audiences. Experience with More ❯

exposure to cyber/information security Ability to spot weaknesses and recommend pragmatic solutions Excellent communicator who can build trust and influence senior stakeholders Experience with risk frameworks (e.g. NIST, COBIT, ISO27001) is a plus Why Apply Up to £90,000 + bonus High visibility across senior technology and risk leaders A genuine opportunity to help shape the IT risk More ❯

security strategies, policies, and architectures. Lead on AI risk assessment, threat modelling, and mitigation planning. Ensure compliance with GDPR, the EU AI Act, and international security frameworks (ISO 27001, NIST, TOGAF, SABSA). Build and maintain secure AI architectures for complex models and pipelines. Oversee ethical AI governance, driving policy alignment and responsible AI adoption. Advise clients on secure cloud … security architecture, adversarial ML mitigation, and model governance. Current security certifications such as CISSP or CISM. Proven experience across cloud security, data privacy, and DevSecOps. Familiarity with frameworks including NIST, ISO 27001, TOGAF, SABSA. Excellent communication and stakeholder influence skills. Eligible for UK Security Clearance (SC). If you’re an experienced security architect or consultant ready to shape how More ❯

Strategic Thinking - able to translate technical risks into business outcomes and align security initiatives with client goals and budgets. Strong Governance Mindset - experienced in managing frameworks (Cyber Essentials, ISO27001, NIST) and embedding them into MSP operations and client environments. Risk Communication - skilled at presenting complex security issues clearly to non-technical stakeholders, both internally and at client leadership level. Technical … best practice, even when it means shifting established ways of working. Person Specification: Minimum 5+ years in IT security or MSP environment. Strong knowledge of Cyber Essentials, ISO27001, or NIST frameworks. Experience with patch/vulnerability management governance. Ability to communicate technical risks in business language. Proven ability to run client-facing reviews or presentations. Desirable CISSP, CISM, or equivalent More ❯

accounts. • Managing sales, pre-sales and delivery team of consultants for all regional engagements • Designing solutions related to Cyber Risk engagement on assessment and implementation of frameworks such as NIST 800-53 r5, NIST CSF2.0, CIS, ISO27K • Designing solutions related to advisory & consulting engagements around regulatory risk & compliances such as DORA, NIS2, GDPR, SOX ITGC, PCI-DSS, HIPAA, Data Privacy … services (preferable candidates from Big4 organizations) • Capabilities of executing atleast 3-4 advisory/consulting engagements. • Technical Knowledge around information security, business continuity and technology risk assessments. ISO 27K, NIST, AI Governance, CIS etc. • Good compliance understanding of industry domains such as BFSI – (SOX, FFIEC, PCI-DSS, BASEL, MAS etc.), Healthcare & Life-sciences – (HIPAA, Hi-Trust, FDA CFR, GxP Compliance … Telecom, Retail, Data Privacy (GDPR, CCPA) Energy & Utilities (NERC, FERC) Information Security (ISO 27000, NIST, CIS) TPRM • Business Resiliency & Cyber Recovery, ZTA • GRC Project & Program Management • Excellent written and verbal communications skills • Should be able to travel 70%-80% on short as well as long term engagements. PLATFORM/TOOL EXPERTISE • Experience on the below mentioned tools is not mandated More ❯

framework, ensuring effective identification, assessment, and remediation of risks. Conduct detailed risk and control assessments across business units, projects, vendors, and IT systems, aligning with standards like ISO 27001, NIST CSF, and CIS Controls. Manage and enhance Third-Party Risk Management, including cybersecurity assessments of external partners and suppliers. Collaborate with stakeholders to develop and track cyber risk treatment plans … while fostering strong relationships to embed a risk-aware culture across the organisation. Experience you will have: Expertise in cybersecurity risk frameworks and compliance, including CIS Controls, ISO 27001, NIST CSF, GDPR, SOX, and PCI. Strong technical and analytical skills, with the ability to assess risks, identify gaps, and propose mitigation strategies across IT systems and third parties. Excellent communication More ❯

framework, ensuring effective identification, assessment, and remediation of risks. Conduct detailed risk and control assessments across business units, projects, vendors, and IT systems, aligning with standards like ISO 27001, NIST CSF, and CIS Controls. Manage and enhance Third-Party Risk Management, including cybersecurity assessments of external partners and suppliers. Collaborate with stakeholders to develop and track cyber risk treatment plans … while fostering strong relationships to embed a risk-aware culture across the organisation. Experience you will have: Expertise in cybersecurity risk frameworks and compliance, including CIS Controls, ISO 27001, NIST CSF, GDPR, SOX, and PCI. Strong technical and analytical skills, with the ability to assess risks, identify gaps, and propose mitigation strategies across IT systems and third parties. Excellent communication More ❯

standards, and introducing appropriate security controls across OT environments. The OT Security Specialist will provide technical and governance oversight of OT security, ensuring alignment with industry frameworks (IEC 62443, NIST CSF, CAF, ISO 27001) and with enterprise cyber security objectives. The role will combine hands-on implementation, strategic oversight, and the creation of governance artefacts. You will also engage with … Security Strategy, policies, and standards. *Define governance processes for OT security, ensuring alignment with enterprise security frameworks. *Conduct OT risk assessments and gap analyses against recognised standards (IEC 62443, NIST CSF, CAF). *Identify, prioritise, and oversee the implementation of security controls across OT systems and networks. *Provide technical oversight and assurance when engaging with MSPs and third-party vendors. … security within ICS or critical infrastructure environments. oProven ability to create and implement OT security strategies, policies, and standards. oStrong knowledge of OT security frameworks and standards (IEC 62443, NIST CSF, CAF, ISO 27001). oExperience conducting OT security risk assessments, gap analysis, and remediation planning. oKnowledge of OT networks, segmentation, and common industrial protocols. oExperience working with operations and More ❯

security strategy within our Managed Services environment. This is a strategic and hands-on leadership position - you'll oversee security governance, ensure compliance with leading frameworks (Cyber Essentials, ISO27001, NIST), and maintain a strong internal security posture across our systems and services. You'll lead Quarterly Security Reviews (QSRs), manage client risk registers, and act as a trusted advisor translating … Translate technical risks into meaningful business impacts and recommendations. Manage internal and client risk registers and exception processes. Oversee security compliance across frameworks such as Cyber Essentials+, ISO27001, and NIST . Ensure secure deployment and monitoring of core MSP systems (RMM, XDR, PSA, backup, etc.). Collaborate with service and project teams to embed security into delivery and change control. … senior stakeholders and enjoy leading teams and shaping best practice. Essential Skills & Experience 5+ years in IT security or MSP environments . Strong understanding of Cyber Essentials, ISO27001, or NIST frameworks. Experience managing patching, vulnerability, and risk governance . Skilled communicator with the ability to explain risks to non-technical audiences. Proven experience leading client-facing security reviews . Desirable More ❯