1 to 25 of 34 ISO/IEC 27002 (supersedes ISO/IEC 17799) Jobs in the UK excluding London

system and adherence by the EMEA EIT department to all relevant legislation and regulations, including but not limited to Health and Safety, Financial and Privacy laws. Main duties / responsibilities: Conduct information security, information system, and compliance-based risk assessments, evaluate responses and recommend risk treatment actions Develop and execute risk mitigation plans in conjunction with relevant internal … and external stakeholders / groups and to agreed timescales, following through to completion Support the creation, implementation and maintenance of information security policies and standards, in accordance with ISO 27001 other relevant frameworks and standards (NIST CSF, IEC 62443, CIS, GDPR etc.) Maintain the department’s information security procedures, including … include security clauses as relevant Support information security and compliance audits conducted in the department Qualifications and Experience required: Degree level qualified or equivalent - highly desirable. CISM and / or CRISC or other relevant certification is highly desirable ISO 27001:2022 Lead Implementer / Auditor certification is essential. Demonstratable experience in an More ❯

system and adherence by the EMEA EIT department to all relevant legislation and regulations, including but not limited to Health and Safety, Financial and Privacy laws. Main duties / responsibilities: Conduct information security, information system, and compliance-based risk assessments, evaluate responses and recommend risk treatment actions Develop and execute risk mitigation plans in conjunction with relevant internal … and external stakeholders / groups and to agreed timescales, following through to completion Support the creation, implementation and maintenance of information security policies and standards, in accordance with ISO 27001 other relevant frameworks and standards (NIST CSF, IEC 62443, CIS, GDPR etc.) Maintain the department’s information security procedures, including … include security clauses as relevant Support information security and compliance audits conducted in the department Qualifications and Experience required: Degree level qualified or equivalent - highly desirable. CISM and / or CRISC or other relevant certification is highly desirable ISO 27001:2022 Lead Implementer / Auditor certification is essential. Demonstratable experience in an More ❯

system and adherence by the EMEA EIT department to all relevant legislation and regulations, including but not limited to Health and Safety, Financial and Privacy laws. Main duties / responsibilities: Conduct information security, information system, and compliance-based risk assessments, evaluate responses and recommend risk treatment actions Develop and execute risk mitigation plans in conjunction with relevant internal … and external stakeholders / groups and to agreed timescales, following through to completion Support the creation, implementation and maintenance of information security policies and standards, in accordance with ISO 27001 other relevant frameworks and standards (NIST CSF, IEC 62443, CIS, GDPR etc.) Maintain the department’s information security procedures, including … include security clauses as relevant Support information security and compliance audits conducted in the department Qualifications and Experience required: Degree level qualified or equivalent - highly desirable. CISM and / or CRISC or other relevant certification is highly desirable ISO 27001:2022 Lead Implementer / Auditor certification is essential. Demonstratable experience in an More ❯

Incident Response (CSIRT) / SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT) / Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … incident response and advanced threat hunting. A degree in Computer Science, Cybersecurity, IT, or a related discipline, or equivalent professional experience. Industry-recognised certifications such as CISSP, GIAC / GCIA / GCIH, AZ-500, CEH, CASP+, or SIEM-specific training. Strong knowledge of SIEM, SOAR, EDR, IDS / IPS, NAC, DLP, and related security … technologies. Familiarity with frameworks such as MITRE ATT&CK, NIST, CIS, and ISO / IEC 27001 / 27002. Hands-on experience with tools such as FortiSIEM, Q-Radar, Microsoft Defender, Darktrace, Microsoft Sentinel, or similar platforms. Experience in forensic analysis, red-team exercises, and crisis simulation activities. Desirable More ❯

Incident Response (CSIRT) / SOC Level 3 Analyst Location: Crawley (Hybrid) Department: Information Systems Type: Contract | Full-time Outside IR35 About the Role My client is seeking an experienced Incident Response (CSIRT) / Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley. In this critical role, you'll respond … incident response and advanced threat hunting. A degree in Computer Science, Cybersecurity, IT, or a related discipline, or equivalent professional experience. Industry-recognised certifications such as CISSP, GIAC / GCIA / GCIH, AZ-500, CEH, CASP+, or SIEM-specific training. Strong knowledge of SIEM, SOAR, EDR, IDS / IPS, NAC, DLP, and related security … technologies. Familiarity with frameworks such as MITRE ATT&CK, NIST, CIS, and ISO / IEC 27001 / 27002. Hands-on experience with tools such as FortiSIEM, Q-Radar, Microsoft Defender, Darktrace, Microsoft Sentinel, or similar platforms. Experience in forensic analysis, red-team exercises, and crisis simulation activities. Desirable More ❯

affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST 800-30, NIST … or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further More ❯

affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST 800-30, NIST … or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further More ❯

affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST 800-30, NIST … or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further More ❯

affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST 800-30, NIST … or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further More ❯

affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST 800-30, NIST … or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further! Product Security Architect Permanent role Based in Bristol More ❯

affecting products Your skillset may include: Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139) An understanding of MOD ISN 23 / 09 Secure by Design Knowledge of security frameworks, such as ISO / IEC 27001, NIST 800-30, NIST … or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001 / 2, ISO27005 / 31000, NIST 800-30, NIST 800-53) If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further! Product Security Architect Permanent role Based in Bristol More ❯

Person Specification Qualifications Essential ITIL v3 Service Management Qualification Educated to degree level or equivalent Formal certification (ISACA: Certified Information Security Manager (CISM). CISSP, or CRISC) and / or formal training in information security standards and best practice (e.g.: ISO 27001 / 2, COBIT), or equivalent work experience demonstrating understanding of … the same. Experience Essential Extensive experience of developing and delivering an Information Security service to a large complex organisation using confidential and / or sensitive information Desirable IT experience gained in both and Acute and Community setting Disclosure and Barring Service Check This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such … any previous criminal convictions. Employer details Employer name Royal Berkshire NHS Foundation Trust Address Royal Berkshire Hospital Princes House, London Road Reading RG1 5UZ Employer's website https: / / www.royalberkshire.nhs.uk / More ❯

program, organisational structures, and capabilities Possess a deep technical knowledge in Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response / Next Gen Protection and Response (EDR / XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms Defensive Security Skills (desired) : Experience in security operations design, engineering and … / or analysis and investigations, ideally in complex environments, with security event correlations across a variety of sources i.e. cloud, network, endpoint, logs Ability to perform detailed assessments, identify areas for improvement and make recommendations to transform an organisation's cyber security operations and capabilities to better protect, detect and rapidly respond to modern threats Demonstrated experience in … security operations capabilities such as improvements in asset visibility, threat detection capabilities, automation techniques, case management, enablement of compliance and regulatory requirements Experience in conducting threat hunting and / or compromise assessments to identify active or dormant indicators of compromise (IoCs) or evidence of unknown threats within an organisations digital environment Relevant industry certifications including GIAC Defensible Security More ❯

program, organisational structures, and capabilities Possess a deep technical knowledge in Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response / Next Gen Protection and Response (EDR / XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms Defensive Security Skills (desired) : Experience in security operations design, engineering and … / or analysis and investigations, ideally in complex environments, with security event correlations across a variety of sources i.e. cloud, network, endpoint, logs Ability to perform detailed assessments, identify areas for improvement and make recommendations to transform an organisation's cyber security operations and capabilities to better protect, detect and rapidly respond to modern threats Demonstrated experience in … security operations capabilities such as improvements in asset visibility, threat detection capabilities, automation techniques, case management, enablement of compliance and regulatory requirements Experience in conducting threat hunting and / or compromise assessments to identify active or dormant indicators of compromise (IoCs) or evidence of unknown threats within an organisations digital environment Relevant industry certifications including GIAC Defensible Security More ❯

threat modelling, risk assessments, and recommend effective security controls following "Secure by Design" principles Develop security documentation, reference architectures, and governance frameworks aligned with NIST, NCSC, and ISO standards Collaborate with stakeholders across all defence lines to ensure regulatory, privacy, and risk compliance Mentor junior consultants and support the growth of the Security Practice through knowledge … KPIs, and compliance measures What you'll bring: Knowledge of frameworks such as NIST CSF, NIST 800-53, and NCSC CAF Strong understanding of networking, cloud security (AWS / Azure), IAM, and vulnerability management Familiarity with ISO 27001 / 27002 and related standards Awareness of modern threats, malware, and security More ❯

bring: Proficient in using SIEM technologies such as Splunk, Sentinel, and QRadar. Thorough grasp of security standard methodologies and protocols, for instance ISO 27001 / 27002, PCI DSS. Familiarity with security frameworks such as NIST, ISO, and CIS. Experience with programming languages such as Python, PowerShell, and regex. More ❯

will conduct IT security audits and assessments for clients across the United Kingdom and the European region, ensuring compliance with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, and other relevant frameworks. This position offers the opportunity to become a PCI QSA (training and certification sponsored by ControlCase) while working in an international … or related field. Deep knowledge of IT security controls, access management, logging, vulnerability assessment, and secure system configuration. Experience with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, or similar compliance frameworks. Strong understanding of cloud environments and network architectures. Excellent English communication skills; fluency in German strongly preferred. At least one certification … from each of the following groups preferred: Group 1: CISA, ISO 27001 Lead Auditor Group 2: CISSP, ISO 27001 Lead Implementer, CISM More ❯

will conduct IT security audits and assessments for clients across the United Kingdom and the European region, ensuring compliance with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, and other relevant frameworks. This position offers the opportunity to become a PCI QSA (training and certification sponsored by ControlCase) while working in an international … or related field. • Deep knowledge of IT security controls, access management, logging, vulnerability assessment, and secure system configuration. • Experience with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, or similar compliance frameworks. • Strong understanding of cloud environments and network architectures. • Excellent English communication skills; fluency in German strongly preferred. • At least one certification … from each of the following groups preferred: Group 1: CISA, ISO 27001 Lead Auditor Group 2: CISSP, ISO 27001 Lead Implementer, CISM More ❯

will conduct IT security audits and assessments for clients across the United Kingdom and the European region, ensuring compliance with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, and other relevant frameworks. This position offers the opportunity to become a PCI QSA (training and certification sponsored by ControlCase) while working in an international … or related field. • Deep knowledge of IT security controls, access management, logging, vulnerability assessment, and secure system configuration. • Experience with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, or similar compliance frameworks. • Strong understanding of cloud environments and network architectures. • Excellent English communication skills; fluency in German strongly preferred. • At least one certification … from each of the following groups preferred: Group 1: CISA, ISO 27001 Lead Auditor Group 2: CISSP, ISO 27001 Lead Implementer, CISM More ❯

will conduct IT security audits and assessments for clients across the United Kingdom and the European region, ensuring compliance with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, and other relevant frameworks. This position offers the opportunity to become a PCI QSA (training and certification sponsored by ControlCase) while working in an international … or related field. • Deep knowledge of IT security controls, access management, logging, vulnerability assessment, and secure system configuration. • Experience with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, or similar compliance frameworks. • Strong understanding of cloud environments and network architectures. • Excellent English communication skills; fluency in German strongly preferred. • At least one certification … from each of the following groups preferred: Group 1: CISA, ISO 27001 Lead Auditor Group 2: CISSP, ISO 27001 Lead Implementer, CISM More ❯

will conduct IT security audits and assessments for clients across the United Kingdom and the European region, ensuring compliance with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, and other relevant frameworks. This position offers the opportunity to become a PCI QSA (training and certification sponsored by ControlCase) while working in an international … or related field. • Deep knowledge of IT security controls, access management, logging, vulnerability assessment, and secure system configuration. • Experience with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, or similar compliance frameworks. • Strong understanding of cloud environments and network architectures. • Excellent English communication skills; fluency in German strongly preferred. • At least one certification … from each of the following groups preferred: Group 1: CISA, ISO 27001 Lead Auditor Group 2: CISSP, ISO 27001 Lead Implementer, CISM More ❯

will conduct IT security audits and assessments for clients across the United Kingdom and the European region, ensuring compliance with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, and other relevant frameworks. This position offers the opportunity to become a PCI QSA (training and certification sponsored by ControlCase) while working in an international … or related field. • Deep knowledge of IT security controls, access management, logging, vulnerability assessment, and secure system configuration. • Experience with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, or similar compliance frameworks. • Strong understanding of cloud environments and network architectures. • Excellent English communication skills; fluency in German strongly preferred. • At least one certification … from each of the following groups preferred: Group 1: CISA, ISO 27001 Lead Auditor Group 2: CISSP, ISO 27001 Lead Implementer, CISM More ❯

will conduct IT security audits and assessments for clients across the United Kingdom and the European region, ensuring compliance with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, and other relevant frameworks. This position offers the opportunity to become a PCI QSA (training and certification sponsored by ControlCase) while working in an international … or related field. • Deep knowledge of IT security controls, access management, logging, vulnerability assessment, and secure system configuration. • Experience with PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, or similar compliance frameworks. • Strong understanding of cloud environments and network architectures. • Excellent English communication skills; fluency in German strongly preferred. • At least one certification … from each of the following groups preferred: Group 1: CISA, ISO 27001 Lead Auditor Group 2: CISSP, ISO 27001 Lead Implementer, CISM More ❯

system security engineering, ideally in defence, space, or critical infrastructure Familiarity with MOD, NCSC, and ISO standards (e.g. ISO 27001 / 2, NIST 800-series, JSP 604) Competence in requirements engineering and systems thinking Practical experience with security in software and / or system development environments Effective communication … system architectures or satellite communications DevSecOps awareness or experience with security automation Benefits: Annual Company Bonus 25 Days holiday not including bank holidays with the option to buy / sell up to 5 days Competitive pension contribution Continuous professional development including incentives Access to online Udemy training facility Flexible working arrangements Bike to work scheme Electric car scheme More ❯

system security engineering, ideally in defence, space, or critical infrastructure Familiarity with MOD, NCSC, and ISO standards (e.g. ISO 27001 / 2, NIST 800-series, JSP 604) Competence in requirements engineering and systems thinking Practical experience with security in software and / or system development environments Effective communication … system architectures or satellite communications DevSecOps awareness or experience with security automation Benefits: Annual Company Bonus 25 Days holiday not including bank holidays with the option to buy / sell up to 5 days Competitive pension contribution Continuous professional development including incentives Access to online Udemy training facility Flexible working arrangements Bike to work scheme Electric car scheme More ❯