4 of 4 Remote ISO/IEC 27005 Jobs in the UK

modelling, secure-by-design). Perform security code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001 / 27005, NIST 800-30 / 53, JSP 440 / 604, Def Stan 05-series). Lead the creation and maintenance of security documentation (RMADS, Security … . Testing & Assurance Design and execute penetration tests and automated vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI / CD integration, SAST / DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience (5+ years) in product or … application security within defence, government, or security-cleared environments. Deep knowledge of risk management frameworks (ISO 27001 / 2 / 5 / 31000, NIST 800-series) and Defence Standards (JSPs, Def Stan 05-138 / 139). Hands-on experience with security testing tools and techniques (SAST, DAST, penetration testing). Eligible for UK More ❯

Job Title: Head of Security Governance, Risk & Compliance Salary: £70,400 - £94,100 Location: Cambridge / Hybrid Minimum 2 days a week in the office Contract: Permanent The Head of Security GRC is a senior leadership role within the Security SMT, tasked with driving the organisation's security governance, risk, and compliance strategy. This position engages across all levels … senior governance or risk management role. Active CRISC or ISO 27005 Risk Manager certification (or higher), with additional certifications such as ISO 27001 / 42001 Lead Auditor or Implementor being advantageous. Demonstrated experience in strategic governance of security, managing security risks in line with ISO 27005, and implementing ISO … welcome applications from all candidates, regardless of demographic characteristics (age, disability, educational attainment, ethnicity, gender, marital status, neurodiversity, religion, sex, gender identity and sexual identity), cultural, or social class / background. We believe better outcomes come through diversity of thought, background and approach. We welcome applications from people from all backgrounds and communities, actively seeking to employ people from More ❯

critical infrastructure Security standards relating to the sector, including: NCSC NIS Guidance and CAF ISO 27001 and ISO 27005 NERC CIP ISA-99 / IEC 62443 NIST CSF. Additional information Please note that the interview stages may be subject to change based on the specific requirements of the role. Quick call More ❯

strategy, translating them into reusable templates and guardrails. Lead architecture reviews for high risk projects, providing actionable recommendations and tracking remediation through to closure. Perform and interpret threat modelling / pen test results, converting findings into road mapped improvements and measurable risk reductions. Advise on security controls for hybrid and cloud platforms (AWS, Azure, Kubernetes, serverless), balancing usability, cost … or mitigation strategies. Oversee vendor and SaaS evaluations, ensuring contracts include appropriate security clauses and ongoing assurance. Essential skills: Risk based decision making: expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost effective controls. Technical depth: hands on knowledge of cloud security, IAM, container & API security … ability to engage C suite and delivery squads alike, adapting style to gain agreement and drive secure by design culture. Mentoring & governance: experience line managing or coaching security architects / engineers and running architecture assurance or design review boards. At the Home Office, your work has real-world impact, shaping the safety and security of millions. We offer: Meaningful More ❯