1 to 25 of 32 NIST Jobs in the West Midlands

recommend mitigation strategies. Collaborate on incident handling, reporting, and documentation. Enforce security policies in line with industry standards and regulations (GDPR, ISO, Cyber Essentials+, NIST 800-171). Assist with audits and compliance reporting. Manage and configure network devices with a focus on security. Design and implement secure system architectures More ❯

of MITRE ATT&CK framework, Zero Trust, and cloud security best practices. * Knowledge of Azure, AWS, M365, hybrid environments, and cloud security frameworks (CIS, NIST, ISO 27001, etc.). * Experience with scripting and automation (PowerShell, Python, KQL, or similar languages) to enhance security operations. * Excellent problem-solving, analytical, and communication More ❯

with proven Second Line of Defense responsibilities in InfoSec and IT Compliance & Frameworks : Demonstrated success meeting GDPR, EU NIS2, and familiarity with ISO 27001, NIST, and cybersecurity best practices Risk & Governance : Skilled in conducting risk assessments, defining mitigation strategies, and creating/enforcing security policies Good technical understanding of IT More ❯

security certifications (e.g., CISSP, CISM). Experience managing operational security activities, including governance and compliance. Strong understanding of regulatory and compliance frameworks such as NIST CSF, ISO 27001, and GDPR. Demonstrated ability to advise on secure software development practices. Demonstrable experience with security technologies and architectures. Hands-on experience with More ❯

endpoints Administration of Networking, and/or Linux & Windows environments would be advantageous Experience with Microsoft Azure Security Tools would be beneficial Knowledge of NIST 2.0 CSF would be beneficial What CRH Offers You A culture that values opportunity for growth, development, and internal promotion Highly competitive salary package Comprehensive More ❯

equivalent. Recognised qualification in information security, data protection, or risk (e.g. CISM, CISSP, CRISC, BCS DPO, etc.). In-depth understanding of ISO 27001, NIST, or other relevant security frameworks. Up-to-date knowledge of data protection legislation and associated best practices. Understanding of cross-functional areas affecting security (e.g. More ❯

to a technical level across multiple projects, including working with security tools, network security infrastructure technologies, and information security management frameworks (e.g., ISO 27001, NIST) Experience overseeing penetration testing and the ability to effectively translate cyber risk analysis into standards, patterns, and approaches to enable the safe exploitation of current More ❯

Hands-on knowledge of DevSecOps, IaC (Terraform), CI/CD pipelines, and tools like Veracode, Trivy, and Checkov. Familiarity with standards such as CIS, NIST, GDPR, ISO and frameworks like MITRE ATT&CK. Strong programming/scripting skills (Python, Go, Groovy) with a clean, secure coding ethos. Ideal Candidate Profile More ❯

Hands-on knowledge of DevSecOps, IaC (Terraform), CI/CD pipelines, and tools like Veracode, Trivy, and Checkov. Familiarity with standards such as CIS, NIST, GDPR, ISO and frameworks like MITRE ATT&CK. Strong programming/scripting skills (Python, Go, Groovy) with a clean, secure coding ethos. Ideal Candidate Profile More ❯

Hands-on knowledge of DevSecOps, IaC (Terraform), CI/CD pipelines, and tools like Veracode, Trivy, and Checkov. Familiarity with standards such as CIS, NIST, GDPR, ISO and frameworks like MITRE ATT&CK. Strong programming/scripting skills (Python, Go, Groovy) with a clean, secure coding ethos. Ideal Candidate Profile More ❯

range of security tools and platformssuch as SIEM, EDR, firewalls, and cloud security solutions. A clear understanding of security frameworks and best practices (e.g., NIST, ISO 27001, PCI). The ability to translate complex risks into practical actions and communicate them effectively across technical and non-technical teams A collaborative More ❯

technical security, including architecture and tool implementation. Understanding of network security, firewalls, IAM, cloud platforms (AWS, Azure), and endpoint protection. Familiarity with standards including NIST CSF & ISO 27001. Knowledge of SIEM, intrusion detection, endpoint security, and secure coding. This role is onsite 2 days per week No sponsorship is available More ❯

implementing security solutions for complex enterprise environments Familiarity with ICS/SCADA/OT environments and architecture, along with industry-relevant standards such as NIST, CIS benchmarks and CAF Framework Fosters strong working relationships with others and will be able to collaborate with people from the architecture group, and wider More ❯

implementing security solutions for complex enterprise environments Familiarity with ICS/SCADA/OT environments and architecture, along with industry-relevant standards such as NIST, CIS benchmarks and CAF Framework Fosters strong working relationships with others and will be able to collaborate with people from the architecture group, and wider More ❯

applying security concepts to a technical level, including working with security tools, network security infrastructure technologies and information security management frameworks (e.g., ISO 27001, NIST) Understanding of NCSC information security guidance and architecture patterns plus familiarity with SABSA/TOGAF Excellent communication skills, with the ability to apply security concepts More ❯

services. Serve as the senior point of contact and escalation for all vendor-related issues. Ensure full security and compliance with relevant standards (e.g., NIST). Reduce incident volumes through proactive service improvement and innovation. Champion vendor management and foster strong relationships with third-party providers. Collaborate with IT leadership More ❯

services. Serve as the senior point of contact and escalation for all vendor-related issues. Ensure full security and compliance with relevant standards (e.g., NIST). Reduce incident volumes through proactive service improvement and innovation. Champion vendor management and foster strong relationships with third-party providers. Collaborate with IT leadership More ❯

to analyse and interpret security logs, events, and alerts to detect and respond to security incidents effectively. Familiarity with security frameworks and standards (e.g., NIST Cybersecurity Framework, CyberEssentials and CyberEssentials Plus, NCSC). Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders. More ❯

requirements. In-depth knowledge of the ICFR Standards (US SOX, UK Corporate Governance Code) Strong awareness of IT control frameworks (e.g. COBIT, ISO 27001, NIST) and regulatory requirements (e.g. GDPR, ISO, ITIL). Experience with Systems transformation projects and an ability to embed new ways or workings and drive control More ❯

communication and stakeholder engagement skills A degree in an IT-related field (or equivalent experience) Nice to have: Familiarity with UK GOV Cyber Essentials, NIST, and ISO27001 Experience of working in regulated industries Passion for innovation, mentoring and continuous improvement What makes you stand out: You're a critical thinker More ❯

currently recruiting a driven Cybersecurity & Compliance Manager. Position purpose The Cybersecurity & Compliance Manager will lead Tosca's cybersecurity and compliance efforts, ensuring adherence to NIST CFS 2.0, ISO 27001, and other relevant standards. This critical role ensures Tosca’s cyber readiness through the development of security protocols, meticulous documentation maintenance … for resilient security within budget constraints. Skills and qualifications required for this role include proven experience in cybersecurity and compliance management, strong understanding of NIST CFS 2.0, ISO 27001 standards, excellent risk assessment and management skills, ability to develop and maintain security protocols and documentation, and effective communication and collaboration … manage information security programs Report performance, exceptions, and outages to all audiences transparently. Align disaster recovery with business continuity plans. Ensure compliance with ISO27001, NIST CFS 2.0, and maintain ISMS. Identify risks, develop a comprehensive security plan. Test cyber-attacks regularly to address vulnerabilities. Monitor security trends, adapt strategies. Oversee More ❯

GCRC, CRISC, DP PDP, BCS etc) Practical knowledge of current Information Security Cyber and Assurance Management standards and best practice (including ISO 27001/NIST Framework). Knowledge of current data protection legislation, standards and practice. Knowledge and understanding of the Technical, Human Resource, Procurement, Project, and Physical Security issues More ❯

GCRC, CRISC, DP PDP, BCS etc) Practical knowledge of current Information Security Cyber and Assurance Management standards and best practice (including ISO 27001/NIST Framework). Knowledge of current data protection legislation, standards and practice. Knowledge and understanding of the Technical, Human Resource, Procurement, Project, and Physical Security issues More ❯

GCRC, CRISC, DP PDP, BCS etc) Practical knowledge of current Information Security Cyber and Assurance Management standards and best practice (including ISO 27001/NIST Framework). Knowledge of current data protection legislation, standards and practice. Knowledge and understanding of the Technical, Human Resource, Procurement, Project, and Physical Security issues More ❯

used within the energy sector (or relevant CNI sector). Demonstrable experience using and applying security frameworks and or technical standards e.g. NCSC CAF, NIST CSF, ISO 27K. Able to achieve and maintain National Security Vetting SC clearance. Experience & Skills: Experience in Civil (ONR) and/or Defense (MoD/ More ❯