126 to 150 of 388 Vulnerability Management Jobs in the UK

chance to directly shape strategy within a national institution. This is a hands-on, strategic role with a focus on Microsoft Entra ID Governance and Microsoft Purview – including lifecycle management, RBAC, data classification, DLP and compliance tooling. You’ll play a key part in designing and maintaining secure practices across Microsoft 365, Azure, and broader security operations. Working within … a small, agile security team, you’ll also contribute to regulatory compliance (ISO 27001, GDPR, Cyber Essentials+), risk assessments, vulnerability management, and stakeholder engagement at all levels. Experience of Interest: Practical experience implementing Microsoft Entra ID Governance (or similar Okta) Hands-on and demonstrable use of Microsoft Purview for compliance, data classification, and DLP Strong security operations knowledge More ❯

our organisation's data and IT infrastructure. This role focusses on the operational aspects of data protection - from technical risk assessments and secure system configuration reviews to incident response, vulnerability remediation tracking, and regulatory compliance audits. You will work closely with engineering, DevOps, and IT teams to embed privacy and information security controls into our technology stack. This is … a full-time position. Occasional after-hours work may be required to support incident response, high-priority vulnerability fixes, or audit activities. Develop and implement data protection governance: Design, implement, and enforce data protection and information security policies and procedures aligned with business objectives and regulatory requirements Support the development of strategies to mitigate and monitor data protection risks … a strategy to mitigate, manage, and monitor data protection risks and incidents Work collaboratively with other departments to ensure the alignment of security efforts with wider business objectives Risk management: Identify, assess, and document data protection risks across systems and processes Support administration of data protection systems and risk reporting. Provide advice and guidance to teams on how to More ❯

SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procedures. Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA's outsourcing requirements , including due diligence, contract oversight … Audit & Assurance: Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation. Risk Management: Maintain the enterprise risk register , prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security: Advise on vulnerability management , endpoint security (EDR/XDR) , and cloud compliance . Good understanding of IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management (PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: Experience: 5+ More ❯

to lead the end-to-end delivery of critical security projects for a global leader in financial market infrastructure. This role focuses on driving Security Maturity and Identity & Access Management (IAM) initiatives, ensuring alignment with regulatory requirements and business objectives in a highly regulated environment. You will oversee complex, multi-workstream projects, managing budgets, stakeholders, and vendor relationships while … and interface with PMO, Finance, and Portfolio teams. Required Experience: 5+ years in delivering complex InfoSec projects (financial/trading sector preferred). Proven expertise in IAM, cloud security, vulnerability management, and third-party risk. Certifications: PRINCE2, MSP, PMP, or APM (CISM/CRISC/ITIL desirable). Strong stakeholder management and experience in matrixed environments. Proficiency More ❯

to lead the end-to-end delivery of critical security projects for a global leader in financial market infrastructure. This role focuses on driving Security Maturity and Identity & Access Management (IAM) initiatives, ensuring alignment with regulatory requirements and business objectives in a highly regulated environment. You will oversee complex, multi-workstream projects, managing budgets, stakeholders, and vendor relationships while … and interface with PMO, Finance, and Portfolio teams. Required Experience: 5+ years in delivering complex InfoSec projects (financial/trading sector preferred). Proven expertise in IAM, cloud security, vulnerability management, and third-party risk. Certifications: PRINCE2, MSP, PMP, or APM (CISM/CRISC/ITIL desirable). Strong stakeholder management and experience in matrixed environments. Proficiency More ❯

You’ll Bring CISSP or equivalent + 6-7 years in InfoSec Experience maturing security programs & frameworks ( ISO27001, NIST CAF, OWASP ) Strong knowledge of SIEM, IDS/IPS, RBAC, vulnerability management Understanding of cloud, COTS/SaaS platforms & IoT security Ability to communicate risks & strategies at executive level Full driving license & personal transport What’s On Offer Key More ❯

with expertise in Elasticsearch to join our dynamic team. As a SIEM engineer, you will play a critical role in designing, developing, and maintaining our security information and event management (SIEM) system. Your focus will be on leveraging Elasticsearch and related technologies to enhance threat detection, incident response, and overall security posture. This role is hybrid (3 days in … Logstash: Design, develop, and maintain data pipelines using Logstash, part of the Elastic Stack. Automate data ingestion, transformation, and loading tasks. Beats for Data Collection: Agent and Agent Policy Management: Proficiency in configuring and managing agents, including setting up agent policies for various operation systems. Ensure seamless data flow from endpoints to the Elastic Stack. Data Cleaning and Enrichment … Collaborate with data analysts to create meaningful search experiences. Database Architecture and Scaling with Elasticsearch: Optimize data storage and retrieval mechanisms within Elasticsearch clusters. Implement sharding, replication, and index management strategies. End-to-End Solution Delivery: Expertise in taking ownership of a requirement from start to finish, including gathering detailed requirements, designing, and implementing robust, innovative solutions. Experience Required More ❯

Cloud infrastructure- ability to effectively deploy and manage cloud environments and integrate technologies that are part of customer stacks, to accurately replicate and resolve customer issues Knowledge of SIEM, vulnerability management tools, firewalls, malware, exploits, operating system structure and behavior Strong consulting and project management skills, with validated results working as a trusted advisor to drive business More ❯

Cloud infrastructure- ability to effectively deploy and manage cloud environments and integrate technologies that are part of customer stacks, to accurately replicate and resolve customer issues Knowledge of SIEM, vulnerability management tools, firewalls, malware, exploits, operating system structure and behavior Strong consulting and project management skills, with validated results working as a trusted advisor to drive business More ❯

tailored security solutions to our clients, drawing on your extensive experience in the MSP/MSSP landscape. Key Responsibilities: Overseeing and leading remediation of security assessments, technical testing, and vulnerability analysis (Cyber Essentials, Cyber Essentials Plus, NIST CSF). Delivering and supporting security projects from inception to completion. Providing expert guidance and support to clients throughout the security lifecycle. … Demonstrating strong leadership in both team management and project delivery. Leveraging technical expertise in security technologies (Microsoft XDR stack, vulnerability management tools, SIEMs including Sentinel). Contributing to incident response and driving operational improvements. Your Profile: Proven track record as a Cyber Security Consultant or vCISO within an MSP/MSSP environment. Strong client-facing skills, including More ❯

Security Lead will be responsible for: Owning and leading the information security function, working collaboratively across all departments. Maintaining and evolving ISO 27001 certification and managing the Information Security Management System (ISMS) lifecycle. Performing regular risk assessments, developing and managing remediation plans, and conducting internal security audits. Ensuring compliance with data protection laws (e.g., GDPR) and addressing customer security … DevOps teams to implement security controls across cloud infrastructure (ideally AWS), including access control, encryption, and logging. Leading the incident response process and managing third-party penetration testing and vulnerability management activities. The ideal Information Security Lead will have experience with the following: 3-5 years of hands-on experience in an information security or IT risk/… solid understanding of cloud environments (AWS preferred) and common security risks associated with SaaS platforms. Hands-on knowledge of security tooling, including endpoint protection, SIEMs, DLP, identity and access management (IAM), and SSO. A clear understanding of data privacy laws, particularly GDPR. Familiarity with a range of security tools for endpoint protection, SSO/IAM, monitoring/logging, and More ❯

will be responsible for technically leading and developing a team of Cyber Security experts. Building, maturing and providing Security services to multiple customers in multiple sectors. This is a management position but this person must also be able to lead from the front from a technical perspective. We need a “people manager” as well as someone who can drive … for 2024 and the whole business is excited about the value this person can add. You will provide insights and guidance to customers as a vCISO as well as vulnerability management, major incident response, and security monitoring improvements and be expected to demonstrate technical expertise in Audit, Assessments, Design, Implementation, Testing, Compliance and Reporting. Responsibilities Own the evolution … Security+, CISM, CEH, Microsoft Security (SC-200, AZ-500, MS-500). Technical knowledge and broad hands-on experience of working with security technologies such as the Microsoft stack, vulnerability management tools, SIEMs including Sentinel. Previous experience of delivering security projects Experience of overseeing and leading remediation of security assessments including Cyber Essentials, Cyber Essentials Plus, and NIST More ❯

will be responsible for technically leading and developing a team of Cyber Security experts. Building, maturing and providing Security services to multiple customers in multiple sectors. This is a management position but this person must also be able to lead from the front from a technical perspective. We need a “people manager” as well as someone who can drive … for 2024 and the whole business is excited about the value this person can add. You will provide insights and guidance to customers as a vCISO as well as vulnerability management, major incident response, and security monitoring improvements and be expected to demonstrate technical expertise in Audit, Assessments, Design, Implementation, Testing, Compliance and Reporting. Responsibilities Own the evolution … Security+, CISM, CEH, Microsoft Security (SC-200, AZ-500, MS-500). Technical knowledge and broad hands-on experience of working with security technologies such as the Microsoft stack, vulnerability management tools, SIEMs including Sentinel. Previous experience of delivering security projects Experience of overseeing and leading remediation of security assessments including Cyber Essentials, Cyber Essentials Plus, and NIST More ❯

SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procedures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements, including due diligence, contract oversight … Audit & Assurance: Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation. Risk Management: Maintain the enterprise risk register, prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security: Advise on vulnerability management, endpoint security (EDR/XDR), and cloud compliance. Good understanding on IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management (PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: Experience: 5+ years More ❯

SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements , including due diligence, contract oversight … Audit & Assurance: Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation. Risk Management: Maintain the enterprise risk register , prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security: Advise on vulnerability management , endpoint security (EDR/XDR) , and cloud compliance . Good understanding on IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management (PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: 5+ years More ❯

SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements , including due diligence, contract oversight … Audit & Assurance: Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation. Risk Management: Maintain the enterprise risk register , prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security: Advise on vulnerability management , endpoint security (EDR/XDR) , and cloud compliance . Good understanding on IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management (PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: 5+ years More ❯

SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procedures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements, including due diligence, contract oversight … Audit & Assurance: Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation. Risk Management: Maintain the enterprise risk register, prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security: Advise on vulnerability management, endpoint security (EDR/XDR), and cloud compliance. Good understanding on IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management (PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: Experience: 5+ years More ❯

SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements , including due diligence, contract oversight … Audit & Assurance: Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation. Risk Management: Maintain the enterprise risk register , prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security: Advise on vulnerability management , endpoint security (EDR/XDR) , and cloud compliance . Good understanding on IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management (PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: 5+ years More ❯

/IPS, SIEM) to detect and analyze potential threats. Investigate security alerts, logs, and incidents (e.g., malware, unauthorized access, breaches). Assist in incident response and remediation efforts. 2. Vulnerability Management Conduct vulnerability assessments and support penetration testing. Collaborate with senior teams to patch systems and mitigate risks. 3. Network Access Control (NAC) Configure switches and endpoints …/IP telephony). Technical Skills: Hands-on experience with OSPF, BGP, STP, NAC, and IPT (Cisco). Proficiency in network monitoring tools, NDR, and SIEM systems. Knowledge of vulnerability assessment tools and patch management. Soft Skills: Ability to work under pressure and handle emergencies. Strong communication and collaboration skills. Working Conditions: Flexibility for after-hours/weekend support More ❯

/IPS, SIEM) to detect and analyze potential threats. Investigate security alerts, logs, and incidents (e.g., malware, unauthorized access, breaches). Assist in incident response and remediation efforts. 2. Vulnerability Management Conduct vulnerability assessments and support penetration testing. Collaborate with senior teams to patch systems and mitigate risks. 3. Network Access Control (NAC) Configure switches and endpoints …/IP telephony). Technical Skills: Hands-on experience with OSPF, BGP, STP, NAC, and IPT (Cisco). Proficiency in network monitoring tools, NDR, and SIEM systems. Knowledge of vulnerability assessment tools and patch management. Soft Skills: Ability to work under pressure and handle emergencies. Strong communication and collaboration skills. Working Conditions: Flexibility for after-hours/weekend support More ❯

across our national fibre infrastructure Leading the implementation of Active Network Security tooling and frameworks Acting as a senior escalation point for complex network security incidents Enhancing risk and vulnerability management processes Collaborating with architecture and operations teams to embed security best practices Supporting forensic investigations and Tier 3/4 incident response What you'll bring to … of firewalls, IDS/IDP, SIEM, and other security technologies Excellent understanding of Layer 2/3 networking, including Ethernet, MPLS, and TCP/IP Experience with risk and vulnerability management frameworks Familiarity with security standards such as NIST, NCSC, or ISO27001 Diversity, Inclusion & Belonging We're a Times Top 50 Employer for Gender Equality. We're endorsed More ❯

across our national fibre infrastructure Leading the implementation of Active Network Security tooling and frameworks Acting as a senior escalation point for complex network security incidents Enhancing risk and vulnerability management processes Collaborating with architecture and operations teams to embed security best practices Supporting forensic investigations and Tier 3/4 incident response What you'll bring to … of firewalls, IDS/IDP, SIEM, and other security technologies Excellent understanding of Layer 2/3 networking, including Ethernet, MPLS, and TCP/IP Experience with risk and vulnerability management frameworks Familiarity with security standards such as NIST, NCSC, or ISO27001 Diversity, Inclusion & Belonging We're a Times Top 50 Employer for Gender Equality. We're endorsed More ❯

contact for all matters relating to Cybersecurity and requires a broad understanding of security controls and their effective implementation within corporate environments. The role will also require good relationship management skills across the assigned region/sub-region to enable business adoption. As a Director within the Regional Security Office (RSO) service you will be accountable for service delivery … The role with need to have effective relationships with senior leadership to support the delivery of the regional/sub-regional business goals and operate an effective security risk management regime against an agreed security risk mitigation strategy. As the trusted security lead, the role will present to local leaders, regulators and clients as needed. Prior experience of regulatory … management is required. This is a highly visible role within Aon to be able to embed effective security controls at scale within the firm. We are looking for you to bring new ideas and a commitment toward continual learning. You will stay actively engaged with business leaders, IT executives and external clients. The role requires gravitas and an ability More ❯

Review and implement policy improvements aligned to GDPR, ISO27001, NIST and other key standards. Deliver impactful security awareness and training programmes across the business. Support audits, penetration tests, and vulnerability management – driving remediation and improvements. Work closely with teams across Legal, Finance, Marketing, Global Tech, and Internal Audit. Key experience: Minimum 3+ years' experience in a cyber security … or analyst role within a complex organisation. Broad expertise across identity & access management, security operations, network and data security. Strong working knowledge of ISO/IEC 27001, Cyber Essentials, or NIST frameworks. Experience influencing cross-functional stakeholders – both technical and non-technical. Excellent communicator – able to translate technical risks into business language. Ideally holds or is working towards certifications More ❯

Review and implement policy improvements aligned to GDPR, ISO27001, NIST and other key standards. Deliver impactful security awareness and training programmes across the business. Support audits, penetration tests, and vulnerability management – driving remediation and improvements. Work closely with teams across Legal, Finance, Marketing, Global Tech, and Internal Audit. Key experience: Minimum 3+ years' experience in a cyber security … or analyst role within a complex organisation. Broad expertise across identity & access management, security operations, network and data security. Strong working knowledge of ISO/IEC 27001, Cyber Essentials, or NIST frameworks. Experience influencing cross-functional stakeholders – both technical and non-technical. Excellent communicator – able to translate technical risks into business language. Ideally holds or is working towards certifications More ❯