The Fortune Group are recruiting for a Cyber Security Manager to join are client based in London. Suitable Cyber Security Manger will be responsible for ensuring the Confidentiality, Integrity and Availability of our computer systems and sensitive information. The primary responsibility of the Cyber Security manager is to lead the Cyber Security function in ensuring that existing and new systems introduced into the business adhere to the Security controls mandated by the business. Responsible for Creation and maintaining policies and procedures as well as the Training and awareness activities required. You will support IT and business teams in exploiting growth opportunities and managing threats in an assured and optimal way, by creating and maintaining a positive security environment and culture. You will optimise security to add value and protect the brand, enabling the company to retain its trusted position with its investors, customers, employees and regulators. You will ensure the integrity of the company in terms of security operations and personnel, guaranteeing compliance with requirements of Corporate Security Policy, ISO27001, PCI DSS v3, ISMS Framework and other customer security requirements. You will be viewed as a Subject Matter Expert (SME) for Security (both internal and external), and you will support transformational change within the company, proactively managing security risks and threats. Supporting remediation activities across the business. Accountable for the following Identify gaps or areas for improvement, where process changes or tools can assist. Educating the business on what is good practice, what are the current threats and how to avoid appearing in the news. Providing specialist security advice to management, project teams and internal stakeholders. Continuous improvement of MI reporting up to and including board level audience. Monitoring the vendor and product landscape to know what products are available. Perform threat identification and vulnerability management duties. Responsible for ensuring that security vulnerabilities are raised to internal teams and/or 3rd parties suppliers and remediated according to agree timescales. Working with internal and external teams to mitigate and/or control Cyber Security incidents. Identifying and managing operational Cyber Security risks within IT Operations and escalating as required. Liaising with stakeholders to determine impacts, workarounds, analytical services and recommendations for improvement. Monitoring vulnerability and intelligence feeds for the latest news and alerts in the Cyber Security space. Required You need a proven track record in Security. You need awareness of Security Polices as they relate to all aspects of a company's operations globally. Expertise in information security technologies: Firewalls, intrusion detection, assessment tools, encryption, certificate authority, etc. Knowledge in information security areas such as (ISO27001, PCI, NIST & GDPR), identity and access management, security policies, processes, and procedures Understanding of emerging security technologies and their impact on networks and systems. Experience of risk management and the performing of risk assessments. Desired CISSP Cloud Experience (IaaS, PaaS, SaaS) - especially Azure. Security Architecture experience Risk Management Experience
05/12/2025
Full time
The Fortune Group are recruiting for a Cyber Security Manager to join are client based in London. Suitable Cyber Security Manger will be responsible for ensuring the Confidentiality, Integrity and Availability of our computer systems and sensitive information. The primary responsibility of the Cyber Security manager is to lead the Cyber Security function in ensuring that existing and new systems introduced into the business adhere to the Security controls mandated by the business. Responsible for Creation and maintaining policies and procedures as well as the Training and awareness activities required. You will support IT and business teams in exploiting growth opportunities and managing threats in an assured and optimal way, by creating and maintaining a positive security environment and culture. You will optimise security to add value and protect the brand, enabling the company to retain its trusted position with its investors, customers, employees and regulators. You will ensure the integrity of the company in terms of security operations and personnel, guaranteeing compliance with requirements of Corporate Security Policy, ISO27001, PCI DSS v3, ISMS Framework and other customer security requirements. You will be viewed as a Subject Matter Expert (SME) for Security (both internal and external), and you will support transformational change within the company, proactively managing security risks and threats. Supporting remediation activities across the business. Accountable for the following Identify gaps or areas for improvement, where process changes or tools can assist. Educating the business on what is good practice, what are the current threats and how to avoid appearing in the news. Providing specialist security advice to management, project teams and internal stakeholders. Continuous improvement of MI reporting up to and including board level audience. Monitoring the vendor and product landscape to know what products are available. Perform threat identification and vulnerability management duties. Responsible for ensuring that security vulnerabilities are raised to internal teams and/or 3rd parties suppliers and remediated according to agree timescales. Working with internal and external teams to mitigate and/or control Cyber Security incidents. Identifying and managing operational Cyber Security risks within IT Operations and escalating as required. Liaising with stakeholders to determine impacts, workarounds, analytical services and recommendations for improvement. Monitoring vulnerability and intelligence feeds for the latest news and alerts in the Cyber Security space. Required You need a proven track record in Security. You need awareness of Security Polices as they relate to all aspects of a company's operations globally. Expertise in information security technologies: Firewalls, intrusion detection, assessment tools, encryption, certificate authority, etc. Knowledge in information security areas such as (ISO27001, PCI, NIST & GDPR), identity and access management, security policies, processes, and procedures Understanding of emerging security technologies and their impact on networks and systems. Experience of risk management and the performing of risk assessments. Desired CISSP Cloud Experience (IaaS, PaaS, SaaS) - especially Azure. Security Architecture experience Risk Management Experience
We are seeking a highly experienced and strategic senior leader to oversee our Cyber Engineering, Identity & Access Management (IAM), and Data Loss Prevention (DLP) functions. This role will be responsible for driving the design, delivery, and governance of enterprise-wide security engineering solutions, while ensuring secure, scalable, and resilient identity and data protection services. The ideal candidate will combine deep technical expertise with strong leadership skills to shape the future of cybersecurity, identity, and data protection within the organization. This position is designated as a Senior Management Function (SMF) under the Financial Conduct Authority regime, carrying personal accountability for compliance, operational resilience, and security effectiveness. The Role: Strategic Leadership Define and execute the global strategy for Cyber Engineering, IAM, and DLP in alignment with the enterprise security and technology roadmap. Serve as a trusted advisor to the CISO, CIO, and executive leadership on emerging threats, secure architecture, identity, and data protection. Establish metrics and reporting to demonstrate effectiveness, risk reduction, and compliance with regulatory requirements (e.g., National Institute of Standards Cyber Security Framework (NIST CSF), Digital Operations Resilience Act (DORA), New Tork State Department of Financial Services (NYDFS), Sarbanes-Oxyley (SOX), and the Financia Conduct Authority(FCA). Cyber Engineering Oversight Lead engineering teams responsible for core security platforms, including endpoint protection, cloud security, network defense, vulnerability management, and DevSecOps integrations. Build and mature a comprehensive vulnerability management program, including continuous scanning, risk-based prioritization, remediation tracking, and Board-level reporting. Drive innovation by embedding security into cloud, hybrid, and modern application architectures ("Secure by Design" principles). Ensure the adoption of automation, orchestration, and advanced analytics to improve detection, response, and resiliency. Identity & Access Management Own enterprise-wide IAM strategy, including workforce and customer identity, privileged access management (PAM), identity governance and administration (IGA), and multi-factor authentication (MFA). Lead initiatives to modernize and integrate IAM platforms to support cloud adoption, Zero Trust, and frictionless user experiences. Partner with business and technology leaders to enable secure digital transformation through robust identity services. Data Loss Prevention (DLP) Advance a comprehensive Data Loss Prevention program to safeguard sensitive information across endpoints, cloud, email, and collaboration platforms. Establish enterprise-wide policies and controls to prevent unauthorized data exfiltration, insider threats, and regulatory breaches. Implement monitoring, classification, and enforcement mechanisms that balance data protection with business enablement. Partner with business, compliance, and data governance teams to align DLP strategy with General Data Protection Regulation, Financial Conduct Authority, Prudential Regulation Authority, Sarbanes-Oxley, and other global data protection requirements. Provide executive and Board-level reporting on data protection risks, incidents, and mitigation efforts. Governance, Risk & Compliance Ensure IAM, DLP, and security engineering practices meet regulatory, audit, and policy requirements. Define and maintain standards for identity lifecycle, access controls, data handling, and information protection. Oversee risk assessments and remediation programs tied to IAM, DLP, and security engineering platforms. Senior Management Function (FCA Responsibilities) As an FCA-designated Senior Management Function (SMF) role, the position carries individual accountability under the Senior Managers & Certification Regime (SM&CR). Specific responsibilities include: Personal accountability for ensuring cyber, IAM, and DLP controls are effective, proportionate, and aligned with FCA expectations for operational resilience and financial sector stability. Maintaining robust governance, oversight, and risk management frameworks for engineering, identity, and data protection, ensuring risks are identified, escalated, and remediated in line with FCA and PRA requirements. Demonstrating reasonable steps have been taken to oversee outsourced arrangements, third-party providers, and cloud services related to IAM, DLP, and cyber platforms. Ensuring Board and regulators receive timely, accurate, and complete information on cyber, identity, and data protection risks, vulnerabilities, and remediation activities. Acting as the point of accountability for operational resilience in cyber engineering, IAM, and DLP, supporting FCA requirements around impact tolerance, scenario testing, and response planning. Requirements: Progressive experience in cybersecurity, with extensive experience in leadership roles across IAM, cyber engineering, and/or data protection. Proven track record of leading global security programs at scale in complex, regulated environments (financial services strongly preferred). Expertise in IAM technologies (SailPoint, Okta, Azure AD, CyberArk, Ping Identity), DLP platforms (Symantec, Microsoft Purview, Forcepoint, Digital Guardian), and security engineering tools (EDR, CSPM, SIEM, SOAR, vulnerability management). Strong knowledge of Zero Trust, data protection regulations (GDPR, FCA, PRA), cloud-native security, and DevSecOps practices. Exceptional leadership, communication, and stakeholder engagement skills, with the ability to influence at Board and executive levels. Relevant certifications (CISSP, CISM, CCSP, CIPP/E, SABSA, or equivalent) preferred. We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email your recruiter.
05/12/2025
Full time
We are seeking a highly experienced and strategic senior leader to oversee our Cyber Engineering, Identity & Access Management (IAM), and Data Loss Prevention (DLP) functions. This role will be responsible for driving the design, delivery, and governance of enterprise-wide security engineering solutions, while ensuring secure, scalable, and resilient identity and data protection services. The ideal candidate will combine deep technical expertise with strong leadership skills to shape the future of cybersecurity, identity, and data protection within the organization. This position is designated as a Senior Management Function (SMF) under the Financial Conduct Authority regime, carrying personal accountability for compliance, operational resilience, and security effectiveness. The Role: Strategic Leadership Define and execute the global strategy for Cyber Engineering, IAM, and DLP in alignment with the enterprise security and technology roadmap. Serve as a trusted advisor to the CISO, CIO, and executive leadership on emerging threats, secure architecture, identity, and data protection. Establish metrics and reporting to demonstrate effectiveness, risk reduction, and compliance with regulatory requirements (e.g., National Institute of Standards Cyber Security Framework (NIST CSF), Digital Operations Resilience Act (DORA), New Tork State Department of Financial Services (NYDFS), Sarbanes-Oxyley (SOX), and the Financia Conduct Authority(FCA). Cyber Engineering Oversight Lead engineering teams responsible for core security platforms, including endpoint protection, cloud security, network defense, vulnerability management, and DevSecOps integrations. Build and mature a comprehensive vulnerability management program, including continuous scanning, risk-based prioritization, remediation tracking, and Board-level reporting. Drive innovation by embedding security into cloud, hybrid, and modern application architectures ("Secure by Design" principles). Ensure the adoption of automation, orchestration, and advanced analytics to improve detection, response, and resiliency. Identity & Access Management Own enterprise-wide IAM strategy, including workforce and customer identity, privileged access management (PAM), identity governance and administration (IGA), and multi-factor authentication (MFA). Lead initiatives to modernize and integrate IAM platforms to support cloud adoption, Zero Trust, and frictionless user experiences. Partner with business and technology leaders to enable secure digital transformation through robust identity services. Data Loss Prevention (DLP) Advance a comprehensive Data Loss Prevention program to safeguard sensitive information across endpoints, cloud, email, and collaboration platforms. Establish enterprise-wide policies and controls to prevent unauthorized data exfiltration, insider threats, and regulatory breaches. Implement monitoring, classification, and enforcement mechanisms that balance data protection with business enablement. Partner with business, compliance, and data governance teams to align DLP strategy with General Data Protection Regulation, Financial Conduct Authority, Prudential Regulation Authority, Sarbanes-Oxley, and other global data protection requirements. Provide executive and Board-level reporting on data protection risks, incidents, and mitigation efforts. Governance, Risk & Compliance Ensure IAM, DLP, and security engineering practices meet regulatory, audit, and policy requirements. Define and maintain standards for identity lifecycle, access controls, data handling, and information protection. Oversee risk assessments and remediation programs tied to IAM, DLP, and security engineering platforms. Senior Management Function (FCA Responsibilities) As an FCA-designated Senior Management Function (SMF) role, the position carries individual accountability under the Senior Managers & Certification Regime (SM&CR). Specific responsibilities include: Personal accountability for ensuring cyber, IAM, and DLP controls are effective, proportionate, and aligned with FCA expectations for operational resilience and financial sector stability. Maintaining robust governance, oversight, and risk management frameworks for engineering, identity, and data protection, ensuring risks are identified, escalated, and remediated in line with FCA and PRA requirements. Demonstrating reasonable steps have been taken to oversee outsourced arrangements, third-party providers, and cloud services related to IAM, DLP, and cyber platforms. Ensuring Board and regulators receive timely, accurate, and complete information on cyber, identity, and data protection risks, vulnerabilities, and remediation activities. Acting as the point of accountability for operational resilience in cyber engineering, IAM, and DLP, supporting FCA requirements around impact tolerance, scenario testing, and response planning. Requirements: Progressive experience in cybersecurity, with extensive experience in leadership roles across IAM, cyber engineering, and/or data protection. Proven track record of leading global security programs at scale in complex, regulated environments (financial services strongly preferred). Expertise in IAM technologies (SailPoint, Okta, Azure AD, CyberArk, Ping Identity), DLP platforms (Symantec, Microsoft Purview, Forcepoint, Digital Guardian), and security engineering tools (EDR, CSPM, SIEM, SOAR, vulnerability management). Strong knowledge of Zero Trust, data protection regulations (GDPR, FCA, PRA), cloud-native security, and DevSecOps practices. Exceptional leadership, communication, and stakeholder engagement skills, with the ability to influence at Board and executive levels. Relevant certifications (CISSP, CISM, CCSP, CIPP/E, SABSA, or equivalent) preferred. We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email your recruiter.
Job Title : Cyber Security Engineer Location: Bridgend, South Wales Salary: £32,000 - £37,000 per annum Job Type: Full Time, Permanent Working Hours: Monday to Friday - 9am to 5.30pm (flexible hours between 8am - 6pm) Who are we Flotek Group is one of the fastest-growing Tech Companies in the UK, providing IT, Cybersecurity, Comms and Managed Print Solutions to small & medium businesses. With sales and support locations across the country, our ambitious growth is driven by our core values and fundamental principles. We deliver every product and service with expertise, passion, and heart. When you join Flotek Group you join our "Purple Army" and become part of a team driven by a set of values that guide our every interaction, both with each other and with our partners. We enjoy a collaborative, fast-paced working environment, where we can expect to learn to be exceptional, earn trust through actions and receive recognition when our work gets a "Wow!" The role As a Cyber Security Engineer at Flotek, you will play a pivotal role within our dedicated IT Engineering team. You will be responsible for the delivery and ongoing improvement of robust security solutions, ensuring that every project and operational process meets the Flotek standard for cyber resilience. Your responsibilities will include not only maintaining and exceeding established security benchmarks for our partners for Cyber Essentials and Cyber Essentials+ audits and certifications, but also actively identifying opportunities for process improvement and risk reduction. Collaboration is at the heart of this role-you will work in close partnership with the IT Delivery Manager and IT teams. Your expertise and proactive approach will help shape the future of our cyber security posture, ensuring our partners and internal teams consistently receive exceptional support and protection. Responsibilities: Reporting to the IT Delivery Manager Stay updated on industry trends, threat intelligence and Flotek security technologies Responsible for giving world-class service at all times Responsible for communicating with clients and internal project managers. Responsible for delivering CE, CE+ audits, remediations and certification Lead and support the implementation of security controls, monitoring, and incident response processes. Conduct / facilitate vulnerability assessments, penetration testing, and risk analysis to identify and remediate threats. Maintain and improve security documentation, including policies, procedures, and incident reports. Be part of a team that manages security patching policies and updates Provide technical guidance and training to end users and internal teams on security best practices. Support the installation and configuration of security software and hardware, including firewalls, endpoint protection, and SIEM tools. Ensure compliance with relevant standards and frameworks (e.g., ISO 27001, Cyber Essentials). Mentor and support the growth of aspiring cyber security professionals within the team. Work with 3rdparty security providers to ensure partners technology systems are well protected from security threats and vulnerabilities. What we're looking for: A positive attitude with a can do approach to everything! Excellent communication skills and the ability to explain technical concepts to non-technical audiences. Previous experience in a cyber security or IT security role within a technology-driven business. Experience in Auditing partners IT estates for Cyber Essesntials and Cyber Essentials+ Experience using RMM tools Experience in administering Microsoft Update and 3rdparty patching policies Strong technical ability to diagnose and resolve security incidents efficiently. Experience using security monitoring and incident management tools. Partner-focused mindset to understand and address user and client security needs. Experience in staying educated on IASME certification requirements and changes Excellent organizational skills and the ability to prioritise work effectively. Willingness to travel to partner sites across the UK as needed. Full UK Driving Licence. Desirable to hold current security accreditations e.g.Comptia Security+, CYSA+ Benefits Salary dependent on experience within range of £32,000 - £37,000 per annum EMI Share Equity Scheme - own a slice of the "Purple Pie." Day off for your birthday. Day off for other life's milestones - such as weddings, moving house, child's first day at school, or religious holidays. Give back day to support your chosen charity. Savings on gym memberships, shopping and other discounts available through Perkbox. Variety of social events & team building opportunities are available. Opportunities for professional development and career progression. Due to the nature of the role the company will not be able to offer sponsorship or relocation assistance so candidates must already reside in the UK. Candidates with the experience or relevant job titles of Cyber security Engineer, Cyber Engineer, Cyber Auditor, CE Auditor, Cyber Essentials engineer MPS Engineer, Field Engineer, IT Engineer may also be considered for this role.
05/12/2025
Full time
Job Title : Cyber Security Engineer Location: Bridgend, South Wales Salary: £32,000 - £37,000 per annum Job Type: Full Time, Permanent Working Hours: Monday to Friday - 9am to 5.30pm (flexible hours between 8am - 6pm) Who are we Flotek Group is one of the fastest-growing Tech Companies in the UK, providing IT, Cybersecurity, Comms and Managed Print Solutions to small & medium businesses. With sales and support locations across the country, our ambitious growth is driven by our core values and fundamental principles. We deliver every product and service with expertise, passion, and heart. When you join Flotek Group you join our "Purple Army" and become part of a team driven by a set of values that guide our every interaction, both with each other and with our partners. We enjoy a collaborative, fast-paced working environment, where we can expect to learn to be exceptional, earn trust through actions and receive recognition when our work gets a "Wow!" The role As a Cyber Security Engineer at Flotek, you will play a pivotal role within our dedicated IT Engineering team. You will be responsible for the delivery and ongoing improvement of robust security solutions, ensuring that every project and operational process meets the Flotek standard for cyber resilience. Your responsibilities will include not only maintaining and exceeding established security benchmarks for our partners for Cyber Essentials and Cyber Essentials+ audits and certifications, but also actively identifying opportunities for process improvement and risk reduction. Collaboration is at the heart of this role-you will work in close partnership with the IT Delivery Manager and IT teams. Your expertise and proactive approach will help shape the future of our cyber security posture, ensuring our partners and internal teams consistently receive exceptional support and protection. Responsibilities: Reporting to the IT Delivery Manager Stay updated on industry trends, threat intelligence and Flotek security technologies Responsible for giving world-class service at all times Responsible for communicating with clients and internal project managers. Responsible for delivering CE, CE+ audits, remediations and certification Lead and support the implementation of security controls, monitoring, and incident response processes. Conduct / facilitate vulnerability assessments, penetration testing, and risk analysis to identify and remediate threats. Maintain and improve security documentation, including policies, procedures, and incident reports. Be part of a team that manages security patching policies and updates Provide technical guidance and training to end users and internal teams on security best practices. Support the installation and configuration of security software and hardware, including firewalls, endpoint protection, and SIEM tools. Ensure compliance with relevant standards and frameworks (e.g., ISO 27001, Cyber Essentials). Mentor and support the growth of aspiring cyber security professionals within the team. Work with 3rdparty security providers to ensure partners technology systems are well protected from security threats and vulnerabilities. What we're looking for: A positive attitude with a can do approach to everything! Excellent communication skills and the ability to explain technical concepts to non-technical audiences. Previous experience in a cyber security or IT security role within a technology-driven business. Experience in Auditing partners IT estates for Cyber Essesntials and Cyber Essentials+ Experience using RMM tools Experience in administering Microsoft Update and 3rdparty patching policies Strong technical ability to diagnose and resolve security incidents efficiently. Experience using security monitoring and incident management tools. Partner-focused mindset to understand and address user and client security needs. Experience in staying educated on IASME certification requirements and changes Excellent organizational skills and the ability to prioritise work effectively. Willingness to travel to partner sites across the UK as needed. Full UK Driving Licence. Desirable to hold current security accreditations e.g.Comptia Security+, CYSA+ Benefits Salary dependent on experience within range of £32,000 - £37,000 per annum EMI Share Equity Scheme - own a slice of the "Purple Pie." Day off for your birthday. Day off for other life's milestones - such as weddings, moving house, child's first day at school, or religious holidays. Give back day to support your chosen charity. Savings on gym memberships, shopping and other discounts available through Perkbox. Variety of social events & team building opportunities are available. Opportunities for professional development and career progression. Due to the nature of the role the company will not be able to offer sponsorship or relocation assistance so candidates must already reside in the UK. Candidates with the experience or relevant job titles of Cyber security Engineer, Cyber Engineer, Cyber Auditor, CE Auditor, Cyber Essentials engineer MPS Engineer, Field Engineer, IT Engineer may also be considered for this role.
Company Description Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to achieve their financial goals and help them save time and money. We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at Internal Grade C Job Description Experian Cyber Fusion Centre are looking for a new Manager of Attack Surface Management (ASM) to play a crucial role in our cybersecurity strategy. You will guide the success of the Continuous Threat Exposure Management (CTEM) program and build business engagement across global teams. You will ensure CTEM delivers reliable, applicable insights by defining and maintaining processes, integrating services with enterprise systems. Equally critical is leading the Business Engagement Team to establish trusted partnerships with regional infrastructure and application partners, aligning vulnerability management strategies with priorities. Through technical leadership and strategic influence, you will strengthen Experian's security posture and reduce risk across its global attack surface. This is an UK based remote position reporting to the Information Security Director for Cloud and Attack Surface Management. Primary Focus:- Lead CTEM Service Delivery: Manage processes for the Continuous Threat Exposure Management (CTEM) service and its provider. Ensure integration with Experian systems, delivering, reliable, and applicable security insights that inform risk reduction across the enterprise. Business Engagement: You will manage the Business Engagement Team and Service, providing expertise and strategic direction. Cultivate partnerships with regional infrastructure and application teams to ensure the vulnerability management strategy is understood, agreed upon, and implemented. Other Responsibilities:- Maintain risk stratification model to guide vulnerability prioritization based on threat and asset criticality; Identify vulnerability prioritization and asset coverage trends, escalating to senior leadership when vulnerability trends are not improving over time. Help with response to cybersecurity incidents or threat informed actions, ensuring accurate identification of applicable internal and external risks. Will use a broad and diverse combination of tools, techniques, and data sources to support highest confidence in attack surface discovery. Guide team members' daily project and operational activities Contribute to security and technology strategic planning to mature our programmes Work with Risk & Compliance teams on SOC 2, PCI DSS, HIPAA, and other audits. Research and recommend policy and procedures as they relate to Attack Surface Management Qualifications Expert experience supporting Attack Surface Management in vulnerability, remediation, and mitigation as it applies to the following. Common web applications, APIs, misconfigurations, hosts, mobile, Internet of Things, endpoints, infrastructure, cloud, network appliance, OS, firmware and software supply-chain. Management experience in an enterprise-level cybersecurity function. Experience engaging and presenting security topics at senior levels in an enterprise organization Experience managing Risk-Based Vulnerability Management models. In-depth knowledge of architecture, engineering, and operations of one or more vulnerability management tools, such as: Qualys, Rapid7, Tanium, Axonius, Armis, or other. Experience applying the following models to an enterprise security program: CMMI, ISO/IEC 2700, OWASP SAMM, NIST, SMM SANS Security Maturity Model. Experience developing security reports, trends, and metrics analysis. Experience with the application of some of the following frameworks - SANS, NIST 800-61, CVSS, CIS, OSSTM, ISO 27001, MITRE ATT&CK, PCI, HIPAA, GDPR or similar. Experience with cloud security practices Experience with business and technical requirements analysis, business process modeling/mapping, methodology development, and data mapping Additional Information Benefits package includes: Great compensation package and discretionary bonus plan Core benefits include pension, bupa healthcare, sharesave scheme and more 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave. Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity. Experian Careers - Creating a better tomorrow together Find out what its like to work for Experian by clicking here JBRP1_UKTJ
05/12/2025
Full time
Company Description Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to achieve their financial goals and help them save time and money. We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at Internal Grade C Job Description Experian Cyber Fusion Centre are looking for a new Manager of Attack Surface Management (ASM) to play a crucial role in our cybersecurity strategy. You will guide the success of the Continuous Threat Exposure Management (CTEM) program and build business engagement across global teams. You will ensure CTEM delivers reliable, applicable insights by defining and maintaining processes, integrating services with enterprise systems. Equally critical is leading the Business Engagement Team to establish trusted partnerships with regional infrastructure and application partners, aligning vulnerability management strategies with priorities. Through technical leadership and strategic influence, you will strengthen Experian's security posture and reduce risk across its global attack surface. This is an UK based remote position reporting to the Information Security Director for Cloud and Attack Surface Management. Primary Focus:- Lead CTEM Service Delivery: Manage processes for the Continuous Threat Exposure Management (CTEM) service and its provider. Ensure integration with Experian systems, delivering, reliable, and applicable security insights that inform risk reduction across the enterprise. Business Engagement: You will manage the Business Engagement Team and Service, providing expertise and strategic direction. Cultivate partnerships with regional infrastructure and application teams to ensure the vulnerability management strategy is understood, agreed upon, and implemented. Other Responsibilities:- Maintain risk stratification model to guide vulnerability prioritization based on threat and asset criticality; Identify vulnerability prioritization and asset coverage trends, escalating to senior leadership when vulnerability trends are not improving over time. Help with response to cybersecurity incidents or threat informed actions, ensuring accurate identification of applicable internal and external risks. Will use a broad and diverse combination of tools, techniques, and data sources to support highest confidence in attack surface discovery. Guide team members' daily project and operational activities Contribute to security and technology strategic planning to mature our programmes Work with Risk & Compliance teams on SOC 2, PCI DSS, HIPAA, and other audits. Research and recommend policy and procedures as they relate to Attack Surface Management Qualifications Expert experience supporting Attack Surface Management in vulnerability, remediation, and mitigation as it applies to the following. Common web applications, APIs, misconfigurations, hosts, mobile, Internet of Things, endpoints, infrastructure, cloud, network appliance, OS, firmware and software supply-chain. Management experience in an enterprise-level cybersecurity function. Experience engaging and presenting security topics at senior levels in an enterprise organization Experience managing Risk-Based Vulnerability Management models. In-depth knowledge of architecture, engineering, and operations of one or more vulnerability management tools, such as: Qualys, Rapid7, Tanium, Axonius, Armis, or other. Experience applying the following models to an enterprise security program: CMMI, ISO/IEC 2700, OWASP SAMM, NIST, SMM SANS Security Maturity Model. Experience developing security reports, trends, and metrics analysis. Experience with the application of some of the following frameworks - SANS, NIST 800-61, CVSS, CIS, OSSTM, ISO 27001, MITRE ATT&CK, PCI, HIPAA, GDPR or similar. Experience with cloud security practices Experience with business and technical requirements analysis, business process modeling/mapping, methodology development, and data mapping Additional Information Benefits package includes: Great compensation package and discretionary bonus plan Core benefits include pension, bupa healthcare, sharesave scheme and more 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave. Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity. Experian Careers - Creating a better tomorrow together Find out what its like to work for Experian by clicking here JBRP1_UKTJ
IT Security ManagerLocation: Aberdeen (Hybrid - 40% in office attendance each quarter)Package: Up to £76,000 plus generous pension (28% employer contribution) About the Role I'm working with an Aberdeen-based client who are looking for an IT Security Manager (Head of) to safeguard its digital assets and systems against evolving cyber threats. This is a senior leadership role where you'll provide strategic direction, ensure compliance with security policies, and lead proactive risk management and incident response.You'll act as the organisation's primary authority on cybersecurity, managing their MSSP, advising senior leadership on emerging risks and resilience strategies, while championing a culture of security awareness across the business.This role requires eligibility for SC clearance and therefore does not offer visa sponsorship. Key Responsibilities Deliver secure and resilient IT and information security services, embedding security by design across systems and projects Manage a small team of direct reports and an extended managed service team Manage and presenting to the security advisory board Implement and maintain compliance with industry best practice and security frameworks including Cyber Essentials +, NIST, CAF, ISO27001, and other recognised frameworks. Act as the on-site SME facing off to, and working closely with, the organisation's managed service security provider. Oversee advanced monitoring and risk management capabilities such as vulnerability scanning, penetration testing, and third-party risk management. Develop and enhance the cybersecurity strategy Drive security awareness initiatives What We're Looking For Experience operating at a senior leadership level within security roles Experience achieving and maintaining various security accreditations (ISO27001, Cyber Essentials+) on behalf of organisations Experience owning or implementing a strategy Strong communication skills A technical IT background with a good understanding of networking, communication protocols and cloud technologies. A technical security foundation of utilising SIEM, EDR and vulnerability management tools to facilitate your engagements with the organisation's MSSP What's on Offer Up to £76,000 per annum Flexible and hybrid working - 40% of time expected in office quarterly, not every week. Employer pension contribution of 28% Career development opportunities and access to accredited qualifications. What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
04/12/2025
Full time
IT Security ManagerLocation: Aberdeen (Hybrid - 40% in office attendance each quarter)Package: Up to £76,000 plus generous pension (28% employer contribution) About the Role I'm working with an Aberdeen-based client who are looking for an IT Security Manager (Head of) to safeguard its digital assets and systems against evolving cyber threats. This is a senior leadership role where you'll provide strategic direction, ensure compliance with security policies, and lead proactive risk management and incident response.You'll act as the organisation's primary authority on cybersecurity, managing their MSSP, advising senior leadership on emerging risks and resilience strategies, while championing a culture of security awareness across the business.This role requires eligibility for SC clearance and therefore does not offer visa sponsorship. Key Responsibilities Deliver secure and resilient IT and information security services, embedding security by design across systems and projects Manage a small team of direct reports and an extended managed service team Manage and presenting to the security advisory board Implement and maintain compliance with industry best practice and security frameworks including Cyber Essentials +, NIST, CAF, ISO27001, and other recognised frameworks. Act as the on-site SME facing off to, and working closely with, the organisation's managed service security provider. Oversee advanced monitoring and risk management capabilities such as vulnerability scanning, penetration testing, and third-party risk management. Develop and enhance the cybersecurity strategy Drive security awareness initiatives What We're Looking For Experience operating at a senior leadership level within security roles Experience achieving and maintaining various security accreditations (ISO27001, Cyber Essentials+) on behalf of organisations Experience owning or implementing a strategy Strong communication skills A technical IT background with a good understanding of networking, communication protocols and cloud technologies. A technical security foundation of utilising SIEM, EDR and vulnerability management tools to facilitate your engagements with the organisation's MSSP What's on Offer Up to £76,000 per annum Flexible and hybrid working - 40% of time expected in office quarterly, not every week. Employer pension contribution of 28% Career development opportunities and access to accredited qualifications. What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
Cyber Security Manager Up to £66,000 plus great benefits Stoke-on-Trent / Hybrid 3 days in office About the Role We're working with a Stoke-based organisation seeking a Cyber Security Manager to manage its security function. This is a senior leadership role where you'll help set the direction for cybersecurity, manage risk, and ensure compliance across all environments. You'll lead a dedicated team, drive incident response, and work closely with senior stakeholders to safeguard critical systems and data. This is an excellent opportunity for an experienced professional to make a real impact in a complex, forward-thinking organisation. Key Responsibilities Continually develop and drive a comprehensive cybersecurity strategy aligned with best practice frameworks and industry standards Take the lead on risk assessments and vulnerability reviews, implementing robust controls to mitigate threats. Manage incident response processes, including preparation, detection, resolution, and post-incident analysis. Mentor and develop the cybersecurity team, ensuring they have the tools and skills to succeed. Prepare for, manage and respond to cyber security audits Oversee compliance with relevant laws, standards, and certifications Acting as the organisation's authoritative representative on information and cyber security matters, engaging with external partners, networks, and regulatory bodies. Partnering with stakeholders across the organisation to raise awareness of information security risks and promoting a culture of shared responsibility. Act as the primary point of contact for cybersecurity matters, advising senior leadership and collaborating across departments. What We're Looking For Security leadership experience in a complex organisation, ideally with team management responsibilities. Technical security background: SIEM, EDR and vulnerability management tools Strong background in vulnerability and risk management, including scanning, assessing, and mitigating risks. Hands-on experience securing Microsoft environments, covering cloud infrastructure, Active Directory/Entra, and desktop/server operating systems. Experience achieving/maintaining Cyber Essentials Plus. Ability to communicate effectively at all levels, with the confidence and presence to engage with executive leadership when required. Hands-on experience with vulnerability assessment tools and risk management processes. A technical IT background with good understanding of networking, communication protocols and cloud technologies. Senior level security expertise Package Up to £66,000 per annum 37 days annual leave 16% joint contributory pension. Career development opportunities and access to accredited qualifications and more benefits What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
04/12/2025
Full time
Cyber Security Manager Up to £66,000 plus great benefits Stoke-on-Trent / Hybrid 3 days in office About the Role We're working with a Stoke-based organisation seeking a Cyber Security Manager to manage its security function. This is a senior leadership role where you'll help set the direction for cybersecurity, manage risk, and ensure compliance across all environments. You'll lead a dedicated team, drive incident response, and work closely with senior stakeholders to safeguard critical systems and data. This is an excellent opportunity for an experienced professional to make a real impact in a complex, forward-thinking organisation. Key Responsibilities Continually develop and drive a comprehensive cybersecurity strategy aligned with best practice frameworks and industry standards Take the lead on risk assessments and vulnerability reviews, implementing robust controls to mitigate threats. Manage incident response processes, including preparation, detection, resolution, and post-incident analysis. Mentor and develop the cybersecurity team, ensuring they have the tools and skills to succeed. Prepare for, manage and respond to cyber security audits Oversee compliance with relevant laws, standards, and certifications Acting as the organisation's authoritative representative on information and cyber security matters, engaging with external partners, networks, and regulatory bodies. Partnering with stakeholders across the organisation to raise awareness of information security risks and promoting a culture of shared responsibility. Act as the primary point of contact for cybersecurity matters, advising senior leadership and collaborating across departments. What We're Looking For Security leadership experience in a complex organisation, ideally with team management responsibilities. Technical security background: SIEM, EDR and vulnerability management tools Strong background in vulnerability and risk management, including scanning, assessing, and mitigating risks. Hands-on experience securing Microsoft environments, covering cloud infrastructure, Active Directory/Entra, and desktop/server operating systems. Experience achieving/maintaining Cyber Essentials Plus. Ability to communicate effectively at all levels, with the confidence and presence to engage with executive leadership when required. Hands-on experience with vulnerability assessment tools and risk management processes. A technical IT background with good understanding of networking, communication protocols and cloud technologies. Senior level security expertise Package Up to £66,000 per annum 37 days annual leave 16% joint contributory pension. Career development opportunities and access to accredited qualifications and more benefits What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
First Choice Recruitment Services
Bromsgrove, Worcestershire
IT Security Analyst Bromsgrove Permanent Salary c£35k This is an exciting opportunity for an IT Security Analyst to join our client s experienced and collaborative IT team. The company is growing and therefore they offer excellent opportunities to progress. The role will focus on supporting and implementing new ways of working to protect the company from a range of cyber and security threats. Candidates will need 2/3 years experience of working as a Security Analyst, including monitoring vulnerability and threats, risk mitigation and implementation of robust security policies. This role is to be based at the Bromsgrove office but regular travel to Tewkesbury as required. Hybrid working an option after initial 6 months. Security Check (SC) will be required therefore the role is only open to British Nationals. Key Responsibilities Monitor and analyse security events and alerts. Perform initial triage, investigation, and classification of potential security incidents alongside the Cyber Security Consultant. Monitor security alerts from various sources and respond promptly, escalating as necessary. Generate reports on key metrics, processes, and the performance of different workflows. Escalate incidents to the appropriate teams based on severity and impact. Maintain, tune, and create alerts, playbooks, graphs, and other documentation following industry and international standards under the guidance of the Cyber Security Consultant. Respond to cybersecurity incidents by adhering to standard operating procedures (SOPs) and playbooks, under the supervision of the Cyber Security Consultant. Conduct root cause analysis and document findings and lessons learned from security incidents with the Cyber Security Consultant. Work with IT and security teams to contain and resolve threats. Keep incident logs, reports, and tickets updated within incident tracking systems. Assist in threat intelligence gathering and analysis to enhance detection capabilities. Participate in vulnerability management activities. Update and oversee the software inventory. Support compliance reporting and audits. Assist in IT service desk activities. Stay updated with emerging cyber threats, attack techniques, and security trends. Perform any additional duties delegated by the IT Manager to ensure efficient management of the Company. Key skills: Candidates will need recent work history of working in a similar role. Degree Educated would be an advantage A strong understanding of firewalls, intrusion detection systems and other security technologies is essential. Familiar with ethical hacking and penetration testing an advantage. The ability to analyse complex data and identify potential security threats is essential Excellent communication skills required to communicate with both technical and nontechnical stakeholders, explaining security issues and policies clearly To apply please forward your up to date CV and or call us for more information. First Choice Recruitment are a privately owned independent Recruitment service provider, we act as an employment agency for permanent recruitment and as an employment business for temporary recruitment. Our service is a free and confidential service to work seekers
04/12/2025
Full time
IT Security Analyst Bromsgrove Permanent Salary c£35k This is an exciting opportunity for an IT Security Analyst to join our client s experienced and collaborative IT team. The company is growing and therefore they offer excellent opportunities to progress. The role will focus on supporting and implementing new ways of working to protect the company from a range of cyber and security threats. Candidates will need 2/3 years experience of working as a Security Analyst, including monitoring vulnerability and threats, risk mitigation and implementation of robust security policies. This role is to be based at the Bromsgrove office but regular travel to Tewkesbury as required. Hybrid working an option after initial 6 months. Security Check (SC) will be required therefore the role is only open to British Nationals. Key Responsibilities Monitor and analyse security events and alerts. Perform initial triage, investigation, and classification of potential security incidents alongside the Cyber Security Consultant. Monitor security alerts from various sources and respond promptly, escalating as necessary. Generate reports on key metrics, processes, and the performance of different workflows. Escalate incidents to the appropriate teams based on severity and impact. Maintain, tune, and create alerts, playbooks, graphs, and other documentation following industry and international standards under the guidance of the Cyber Security Consultant. Respond to cybersecurity incidents by adhering to standard operating procedures (SOPs) and playbooks, under the supervision of the Cyber Security Consultant. Conduct root cause analysis and document findings and lessons learned from security incidents with the Cyber Security Consultant. Work with IT and security teams to contain and resolve threats. Keep incident logs, reports, and tickets updated within incident tracking systems. Assist in threat intelligence gathering and analysis to enhance detection capabilities. Participate in vulnerability management activities. Update and oversee the software inventory. Support compliance reporting and audits. Assist in IT service desk activities. Stay updated with emerging cyber threats, attack techniques, and security trends. Perform any additional duties delegated by the IT Manager to ensure efficient management of the Company. Key skills: Candidates will need recent work history of working in a similar role. Degree Educated would be an advantage A strong understanding of firewalls, intrusion detection systems and other security technologies is essential. Familiar with ethical hacking and penetration testing an advantage. The ability to analyse complex data and identify potential security threats is essential Excellent communication skills required to communicate with both technical and nontechnical stakeholders, explaining security issues and policies clearly To apply please forward your up to date CV and or call us for more information. First Choice Recruitment are a privately owned independent Recruitment service provider, we act as an employment agency for permanent recruitment and as an employment business for temporary recruitment. Our service is a free and confidential service to work seekers
Security Operations (SecOps) Manager Location: Greater London Type: Full-Time 2 days a week in London office The travel industry is an increasingly attractive place to work - it's packed full of passionate people, is evolving year on year and impressive technology is becoming even more prevalent. We're now recruiting for a brand new role for one of our corporate travel clients who are getting organised ahead of their anticipated growth. We're focused on finding them a Security Operations (SecOps) Manager to enhance their cybersecurity, oversee incident response and ensure the protection of critical systems and data. This position also includes line management of two team members who support IT operations, data and applications. Security unpins so much of what this company does both now, and in their future. You'll be the sort of person who wants to be part of shaping the landscape of future proofing for this company and cyber security will be something you're passionate about rather than it just being your job. This organisation is mid sized at the moment so there's no getting lost in a sea of people, instead, you'll be part of a supportive, collaborative environment where your career development will be a priority. With a vibrant, inclusive and motivational culture, this is the place to work if you're looking for a mid-management role in Security Operations. Location: Hybrid, London office 2x a week, 3 days from home. Key Responsibilities Monitor and analyse alerts from SIEM, EDR, firewalls, and other security platforms Lead and coordinate incident response activities Manage security projects including DPIAs, supplier assurance, penetration testing, and remediation Support evaluation and implementation of emerging technology, including AI security tools Conduct threat hunting and support vulnerability scanning and patch management Develop and refine security policies, playbooks, and response procedures Provide leadership and guidance to two direct reports Essential Experience & Knowledge Experience in Security Operations, Incident Response, or similar role Strong understanding of networking, Windows/Linux, and cybersecurity fundamentals Experience with SIEM (e.g., Sentinel, Splunk), EDR tools, and vulnerability platforms Understanding of security frameworks (ISO 27001, NIST, CIS) Working knowledge of Microsoft InTune Familiarity with GDPR and data protection requirements Desirable Certifications such as Security+, CEH, GIAC Experience with cloud security (Azure/AWS/GCP) Exposure to AI/ML tools in security contexts Experience with MDM platforms and mobile security Skills & Attributes Strong analytical and problem-solving skills Clear and confident communication skills Ability to work independently and collaborate effectively Detail-focused, adaptable, and proactive Motivated by learning and professional development A full job spec is available on request, alongside a discussion on salary and the wonderful benefits this company has to offer.
28/11/2025
Full time
Security Operations (SecOps) Manager Location: Greater London Type: Full-Time 2 days a week in London office The travel industry is an increasingly attractive place to work - it's packed full of passionate people, is evolving year on year and impressive technology is becoming even more prevalent. We're now recruiting for a brand new role for one of our corporate travel clients who are getting organised ahead of their anticipated growth. We're focused on finding them a Security Operations (SecOps) Manager to enhance their cybersecurity, oversee incident response and ensure the protection of critical systems and data. This position also includes line management of two team members who support IT operations, data and applications. Security unpins so much of what this company does both now, and in their future. You'll be the sort of person who wants to be part of shaping the landscape of future proofing for this company and cyber security will be something you're passionate about rather than it just being your job. This organisation is mid sized at the moment so there's no getting lost in a sea of people, instead, you'll be part of a supportive, collaborative environment where your career development will be a priority. With a vibrant, inclusive and motivational culture, this is the place to work if you're looking for a mid-management role in Security Operations. Location: Hybrid, London office 2x a week, 3 days from home. Key Responsibilities Monitor and analyse alerts from SIEM, EDR, firewalls, and other security platforms Lead and coordinate incident response activities Manage security projects including DPIAs, supplier assurance, penetration testing, and remediation Support evaluation and implementation of emerging technology, including AI security tools Conduct threat hunting and support vulnerability scanning and patch management Develop and refine security policies, playbooks, and response procedures Provide leadership and guidance to two direct reports Essential Experience & Knowledge Experience in Security Operations, Incident Response, or similar role Strong understanding of networking, Windows/Linux, and cybersecurity fundamentals Experience with SIEM (e.g., Sentinel, Splunk), EDR tools, and vulnerability platforms Understanding of security frameworks (ISO 27001, NIST, CIS) Working knowledge of Microsoft InTune Familiarity with GDPR and data protection requirements Desirable Certifications such as Security+, CEH, GIAC Experience with cloud security (Azure/AWS/GCP) Exposure to AI/ML tools in security contexts Experience with MDM platforms and mobile security Skills & Attributes Strong analytical and problem-solving skills Clear and confident communication skills Ability to work independently and collaborate effectively Detail-focused, adaptable, and proactive Motivated by learning and professional development A full job spec is available on request, alongside a discussion on salary and the wonderful benefits this company has to offer.
Security Operations Manager - Travel Sector Location: Greater London Contract Type: Permanent Hybrid Role Salary: £50,000 Must come from a security background Our client, a specialist travel management company based in Greater London, is looking for a Security Operations Manager to join their team. This is an excellent opportunity to protect the company's systems and data while leading and developing a small team. Position Overview As the Security Operations Manager, you will be central to protecting the company and its clients. You will manage all aspects of cybersecurity, from monitoring threats to responding to incidents. This role combines hands-on technical work with team leadership, making a direct impact on the company's success and maintaining client trust. Responsibilities Monitor and analyse security alerts from key systems. Investigate and respond to security incidents like phishing. Lead key security projects, including Data Protection Impact Assessments. Manage compliance and supplier security controls. Oversee penetration testing and manage vulnerability fixes. Develop and test the company's incident response plan. Support the secure implementation of new AI-driven tools. Lead, coach, and support a small technical team. Requirements 2+ years of experience in a similar cybersecurity role. Strong knowledge of networking, operating systems, and security principles. Experience with SIEM (e.g., Sentinel) and EDR solutions. Working knowledge of Microsoft InTune. Understanding of security frameworks like ISO 27001 or NIST. Familiarity with data protection regulations such as GDPR. Excellent analytical and problem-solving abilities. Strong written and verbal communication skills. Benefits A competitive benefits package. Hybrid working Travel perks and discounts. Company-wide wellbeing initiatives. Opportunities for professional growth and development. Alongside these benefits, you will join a supportive and collaborative team. This company invests in its people, fostering a culture of shared success and continuous growth. How to Apply If you have the skills to succeed in this role and are looking to advance your cybersecurity career, we would love to hear from you. Please send your CV and a brief cover letter explaining your suitability for the position to (url removed)
27/11/2025
Full time
Security Operations Manager - Travel Sector Location: Greater London Contract Type: Permanent Hybrid Role Salary: £50,000 Must come from a security background Our client, a specialist travel management company based in Greater London, is looking for a Security Operations Manager to join their team. This is an excellent opportunity to protect the company's systems and data while leading and developing a small team. Position Overview As the Security Operations Manager, you will be central to protecting the company and its clients. You will manage all aspects of cybersecurity, from monitoring threats to responding to incidents. This role combines hands-on technical work with team leadership, making a direct impact on the company's success and maintaining client trust. Responsibilities Monitor and analyse security alerts from key systems. Investigate and respond to security incidents like phishing. Lead key security projects, including Data Protection Impact Assessments. Manage compliance and supplier security controls. Oversee penetration testing and manage vulnerability fixes. Develop and test the company's incident response plan. Support the secure implementation of new AI-driven tools. Lead, coach, and support a small technical team. Requirements 2+ years of experience in a similar cybersecurity role. Strong knowledge of networking, operating systems, and security principles. Experience with SIEM (e.g., Sentinel) and EDR solutions. Working knowledge of Microsoft InTune. Understanding of security frameworks like ISO 27001 or NIST. Familiarity with data protection regulations such as GDPR. Excellent analytical and problem-solving abilities. Strong written and verbal communication skills. Benefits A competitive benefits package. Hybrid working Travel perks and discounts. Company-wide wellbeing initiatives. Opportunities for professional growth and development. Alongside these benefits, you will join a supportive and collaborative team. This company invests in its people, fostering a culture of shared success and continuous growth. How to Apply If you have the skills to succeed in this role and are looking to advance your cybersecurity career, we would love to hear from you. Please send your CV and a brief cover letter explaining your suitability for the position to (url removed)
Security Operations (SecOps) Manager Location: Greater London Type: Full-Time 2 days a week in London office The travel industry is an increasingly attractive place to work - it's packed full of passionate people, is evolving year on year and impressive technology is becoming even more prevalent. We're now recruiting for a brand new role for one of our corporate travel clients who are getting organised ahead of their anticipated growth. We're focused on finding them a Security Operations (SecOps) Manager to enhance their cybersecurity, oversee incident response and ensure the protection of critical systems and data. This position also includes line management of two team members who support IT operations, data and applications. Security unpins so much of what this company does both now, and in their future. You'll be the sort of person who wants to be part of shaping the landscape of future proofing for this company and cyber security will be something you're passionate about rather than it just being your job. This organisation is mid sized at the moment so there's no getting lost in a sea of people, instead, you'll be part of a supportive, collaborative environment where your career development will be a priority. With a vibrant, inclusive and motivational culture, this is the place to work if you're looking for a mid-management role in Security Operations. Location: Hybrid, London office 2x a week, 3 days from home. Key Responsibilities Monitor and analyse alerts from SIEM, EDR, firewalls, and other security platforms Lead and coordinate incident response activities Manage security projects including DPIAs, supplier assurance, penetration testing, and remediation Support evaluation and implementation of emerging technology, including AI security tools Conduct threat hunting and support vulnerability scanning and patch management Develop and refine security policies, playbooks, and response procedures Provide leadership and guidance to two direct reports Essential Experience & Knowledge Experience in Security Operations, Incident Response, or similar role Strong understanding of networking, Windows/Linux, and cybersecurity fundamentals Experience with SIEM (e.g., Sentinel, Splunk), EDR tools, and vulnerability platforms Understanding of security frameworks (ISO 27001, NIST, CIS) Working knowledge of Microsoft InTune Familiarity with GDPR and data protection requirements Desirable Certifications such as Security+, CEH, GIAC Experience with cloud security (Azure/AWS/GCP) Exposure to AI/ML tools in security contexts Experience with MDM platforms and mobile security Skills & Attributes Strong analytical and problem-solving skills Clear and confident communication skills Ability to work independently and collaborate effectively Detail-focused, adaptable, and proactive Motivated by learning and professional development A full job spec is available on request, alongside a discussion on salary and the wonderful benefits this company has to offer.
27/11/2025
Full time
Security Operations (SecOps) Manager Location: Greater London Type: Full-Time 2 days a week in London office The travel industry is an increasingly attractive place to work - it's packed full of passionate people, is evolving year on year and impressive technology is becoming even more prevalent. We're now recruiting for a brand new role for one of our corporate travel clients who are getting organised ahead of their anticipated growth. We're focused on finding them a Security Operations (SecOps) Manager to enhance their cybersecurity, oversee incident response and ensure the protection of critical systems and data. This position also includes line management of two team members who support IT operations, data and applications. Security unpins so much of what this company does both now, and in their future. You'll be the sort of person who wants to be part of shaping the landscape of future proofing for this company and cyber security will be something you're passionate about rather than it just being your job. This organisation is mid sized at the moment so there's no getting lost in a sea of people, instead, you'll be part of a supportive, collaborative environment where your career development will be a priority. With a vibrant, inclusive and motivational culture, this is the place to work if you're looking for a mid-management role in Security Operations. Location: Hybrid, London office 2x a week, 3 days from home. Key Responsibilities Monitor and analyse alerts from SIEM, EDR, firewalls, and other security platforms Lead and coordinate incident response activities Manage security projects including DPIAs, supplier assurance, penetration testing, and remediation Support evaluation and implementation of emerging technology, including AI security tools Conduct threat hunting and support vulnerability scanning and patch management Develop and refine security policies, playbooks, and response procedures Provide leadership and guidance to two direct reports Essential Experience & Knowledge Experience in Security Operations, Incident Response, or similar role Strong understanding of networking, Windows/Linux, and cybersecurity fundamentals Experience with SIEM (e.g., Sentinel, Splunk), EDR tools, and vulnerability platforms Understanding of security frameworks (ISO 27001, NIST, CIS) Working knowledge of Microsoft InTune Familiarity with GDPR and data protection requirements Desirable Certifications such as Security+, CEH, GIAC Experience with cloud security (Azure/AWS/GCP) Exposure to AI/ML tools in security contexts Experience with MDM platforms and mobile security Skills & Attributes Strong analytical and problem-solving skills Clear and confident communication skills Ability to work independently and collaborate effectively Detail-focused, adaptable, and proactive Motivated by learning and professional development A full job spec is available on request, alongside a discussion on salary and the wonderful benefits this company has to offer.
IT Security Manager Location: Aberdeen (Hybrid - 40% in office attendance each quarter) Package: Up to 76,000 plus generous pension (28% employer contribution) About the Role I'm working with an Aberdeen-based client who are looking for an IT Security Manager (Head of) to safeguard its digital assets and systems against evolving cyber threats. This is a senior leadership role where you'll provide strategic direction, ensure compliance with security policies, and lead proactive risk management and incident response. You'll act as the organisation's primary authority on cybersecurity, managing their MSSP, advising senior leadership on emerging risks and resilience strategies, while championing a culture of security awareness across the business. This role requires eligibility for SC clearance and therefore does not offer visa sponsorship. Key Responsibilities Deliver secure and resilient IT and information security services, embedding security by design across systems and projects Manage a small team of direct reports and an extended managed service team Manage and presenting to the security advisory board Implement and maintain compliance with industry best practice and security frameworks including Cyber Essentials +, NIST, CAF, ISO27001, and other recognised frameworks. Act as the on-site SME facing off to, and working closely with, the organisation's managed service security provider. Oversee advanced monitoring and risk management capabilities such as vulnerability scanning, penetration testing, and third-party risk management. Develop and enhance the cybersecurity strategy Drive security awareness initiatives What We're Looking For Experience operating at a senior leadership level within security roles Experience achieving and maintaining various security accreditations (ISO27001, Cyber Essentials+) on behalf of organisations Experience owning or implementing a strategy Strong communication skills A technical IT background with a good understanding of networking, communication protocols and cloud technologies. A technical security foundation of utilising SIEM, EDR and vulnerability management tools to facilitate your engagements with the organisation's MSSP What's on Offer Up to 76,000 per annum Flexible and hybrid working - 40% of time expected in office quarterly, not every week. Employer pension contribution of 28% Career development opportunities and access to accredited qualifications. What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
24/11/2025
Full time
IT Security Manager Location: Aberdeen (Hybrid - 40% in office attendance each quarter) Package: Up to 76,000 plus generous pension (28% employer contribution) About the Role I'm working with an Aberdeen-based client who are looking for an IT Security Manager (Head of) to safeguard its digital assets and systems against evolving cyber threats. This is a senior leadership role where you'll provide strategic direction, ensure compliance with security policies, and lead proactive risk management and incident response. You'll act as the organisation's primary authority on cybersecurity, managing their MSSP, advising senior leadership on emerging risks and resilience strategies, while championing a culture of security awareness across the business. This role requires eligibility for SC clearance and therefore does not offer visa sponsorship. Key Responsibilities Deliver secure and resilient IT and information security services, embedding security by design across systems and projects Manage a small team of direct reports and an extended managed service team Manage and presenting to the security advisory board Implement and maintain compliance with industry best practice and security frameworks including Cyber Essentials +, NIST, CAF, ISO27001, and other recognised frameworks. Act as the on-site SME facing off to, and working closely with, the organisation's managed service security provider. Oversee advanced monitoring and risk management capabilities such as vulnerability scanning, penetration testing, and third-party risk management. Develop and enhance the cybersecurity strategy Drive security awareness initiatives What We're Looking For Experience operating at a senior leadership level within security roles Experience achieving and maintaining various security accreditations (ISO27001, Cyber Essentials+) on behalf of organisations Experience owning or implementing a strategy Strong communication skills A technical IT background with a good understanding of networking, communication protocols and cloud technologies. A technical security foundation of utilising SIEM, EDR and vulnerability management tools to facilitate your engagements with the organisation's MSSP What's on Offer Up to 76,000 per annum Flexible and hybrid working - 40% of time expected in office quarterly, not every week. Employer pension contribution of 28% Career development opportunities and access to accredited qualifications. What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Cyber Security Manager Up to 66,000 plus great benefits Stoke-on-Trent / Hybrid 3 days in office About the Role We're working with a Stoke-based organisation seeking a Cyber Security Manager to manage its security function. This is a senior leadership role where you'll help set the direction for cybersecurity, manage risk, and ensure compliance across all environments. You'll lead a dedicated team, drive incident response, and work closely with senior stakeholders to safeguard critical systems and data. This is an excellent opportunity for an experienced professional to make a real impact in a complex, forward-thinking organisation. Key Responsibilities Continually develop and drive a comprehensive cybersecurity strategy aligned with best practice frameworks and industry standards Take the lead on risk assessments and vulnerability reviews, implementing robust controls to mitigate threats. Manage incident response processes, including preparation, detection, resolution, and post-incident analysis. Mentor and develop the cybersecurity team, ensuring they have the tools and skills to succeed. Prepare for, manage and respond to cyber security audits Oversee compliance with relevant laws, standards, and certifications Acting as the organisation's authoritative representative on information and cyber security matters, engaging with external partners, networks, and regulatory bodies. Partnering with stakeholders across the organisation to raise awareness of information security risks and promoting a culture of shared responsibility. Act as the primary point of contact for cybersecurity matters, advising senior leadership and collaborating across departments. What We're Looking For Security leadership experience in a complex organisation, ideally with team management responsibilities. Technical security background: SIEM, EDR and vulnerability management tools Strong background in vulnerability and risk management, including scanning, assessing, and mitigating risks. Hands-on experience securing Microsoft environments, covering cloud infrastructure, Active Directory/Entra, and desktop/server operating systems. Experience achieving/maintaining Cyber Essentials Plus. Ability to communicate effectively at all levels, with the confidence and presence to engage with executive leadership when required. Hands-on experience with vulnerability assessment tools and risk management processes. A technical IT background with good understanding of networking, communication protocols and cloud technologies. Senior level security expertise Package Up to 66,000 per annum 37 days annual leave 16% joint contributory pension. Career development opportunities and access to accredited qualifications and more benefits What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
24/11/2025
Full time
Cyber Security Manager Up to 66,000 plus great benefits Stoke-on-Trent / Hybrid 3 days in office About the Role We're working with a Stoke-based organisation seeking a Cyber Security Manager to manage its security function. This is a senior leadership role where you'll help set the direction for cybersecurity, manage risk, and ensure compliance across all environments. You'll lead a dedicated team, drive incident response, and work closely with senior stakeholders to safeguard critical systems and data. This is an excellent opportunity for an experienced professional to make a real impact in a complex, forward-thinking organisation. Key Responsibilities Continually develop and drive a comprehensive cybersecurity strategy aligned with best practice frameworks and industry standards Take the lead on risk assessments and vulnerability reviews, implementing robust controls to mitigate threats. Manage incident response processes, including preparation, detection, resolution, and post-incident analysis. Mentor and develop the cybersecurity team, ensuring they have the tools and skills to succeed. Prepare for, manage and respond to cyber security audits Oversee compliance with relevant laws, standards, and certifications Acting as the organisation's authoritative representative on information and cyber security matters, engaging with external partners, networks, and regulatory bodies. Partnering with stakeholders across the organisation to raise awareness of information security risks and promoting a culture of shared responsibility. Act as the primary point of contact for cybersecurity matters, advising senior leadership and collaborating across departments. What We're Looking For Security leadership experience in a complex organisation, ideally with team management responsibilities. Technical security background: SIEM, EDR and vulnerability management tools Strong background in vulnerability and risk management, including scanning, assessing, and mitigating risks. Hands-on experience securing Microsoft environments, covering cloud infrastructure, Active Directory/Entra, and desktop/server operating systems. Experience achieving/maintaining Cyber Essentials Plus. Ability to communicate effectively at all levels, with the confidence and presence to engage with executive leadership when required. Hands-on experience with vulnerability assessment tools and risk management processes. A technical IT background with good understanding of networking, communication protocols and cloud technologies. Senior level security expertise Package Up to 66,000 per annum 37 days annual leave 16% joint contributory pension. Career development opportunities and access to accredited qualifications and more benefits What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Job Title : Cyber Security Engineer Location: Bridgend, South Wales Salary: 32,000 - 37,000 per annum Job Type: Full Time, Permanent Working Hours: Monday to Friday - 9am to 5.30pm (flexible hours between 8am - 6pm) Who are we Flotek Group is one of the fastest-growing Tech Companies in the UK, providing IT, Cybersecurity, Comms and Managed Print Solutions to small & medium businesses. With sales and support locations across the country, our ambitious growth is driven by our core values and fundamental principles. We deliver every product and service with expertise, passion, and heart. When you join Flotek Group you join our "Purple Army" and become part of a team driven by a set of values that guide our every interaction, both with each other and with our partners. We enjoy a collaborative, fast-paced working environment, where we can expect to learn to be exceptional, earn trust through actions and receive recognition when our work gets a "Wow!" The role As a Cyber Security Engineer at Flotek, you will play a pivotal role within our dedicated IT Engineering team. You will be responsible for the delivery and ongoing improvement of robust security solutions, ensuring that every project and operational process meets the Flotek standard for cyber resilience. Your responsibilities will include not only maintaining and exceeding established security benchmarks for our partners for Cyber Essentials and Cyber Essentials+ audits and certifications, but also actively identifying opportunities for process improvement and risk reduction. Collaboration is at the heart of this role-you will work in close partnership with the IT Delivery Manager and IT teams. Your expertise and proactive approach will help shape the future of our cyber security posture, ensuring our partners and internal teams consistently receive exceptional support and protection. Responsibilities: Reporting to the IT Delivery Manager Stay updated on industry trends, threat intelligence and Flotek security technologies Responsible for giving world-class service at all times Responsible for communicating with clients and internal project managers. Responsible for delivering CE, CE+ audits, remediations and certification Lead and support the implementation of security controls, monitoring, and incident response processes. Conduct / facilitate vulnerability assessments, penetration testing, and risk analysis to identify and remediate threats. Maintain and improve security documentation, including policies, procedures, and incident reports. Be part of a team that manages security patching policies and updates Provide technical guidance and training to end users and internal teams on security best practices. Support the installation and configuration of security software and hardware, including firewalls, endpoint protection, and SIEM tools. Ensure compliance with relevant standards and frameworks (e.g., ISO 27001, Cyber Essentials). Mentor and support the growth of aspiring cyber security professionals within the team. Work with 3rdparty security providers to ensure partners technology systems are well protected from security threats and vulnerabilities. What we're looking for: A positive attitude with a can do approach to everything! Excellent communication skills and the ability to explain technical concepts to non-technical audiences. Previous experience in a cyber security or IT security role within a technology-driven business. Experience in Auditing partners IT estates for Cyber Essesntials and Cyber Essentials+ Experience using RMM tools Experience in administering Microsoft Update and 3rdparty patching policies Strong technical ability to diagnose and resolve security incidents efficiently. Experience using security monitoring and incident management tools. Partner-focused mindset to understand and address user and client security needs. Experience in staying educated on IASME certification requirements and changes Excellent organizational skills and the ability to prioritise work effectively. Willingness to travel to partner sites across the UK as needed. Full UK Driving Licence. Desirable to hold current security accreditations e.g.Comptia Security+, CYSA+ Benefits Salary dependent on experience within range of 32,000 - 37,000 per annum EMI Share Equity Scheme - own a slice of the "Purple Pie." Day off for your birthday. Day off for other life's milestones - such as weddings, moving house, child's first day at school, or religious holidays. Give back day to support your chosen charity. Savings on gym memberships, shopping and other discounts available through Perkbox. Variety of social events & team building opportunities are available. Opportunities for professional development and career progression. Due to the nature of the role the company will not be able to offer sponsorship or relocation assistance so candidates must already reside in the UK. Candidates with the experience or relevant job titles of Cyber security Engineer, Cyber Engineer, Cyber Auditor, CE Auditor, Cyber Essentials engineer MPS Engineer, Field Engineer, IT Engineer may also be considered for this role.
14/11/2025
Full time
Job Title : Cyber Security Engineer Location: Bridgend, South Wales Salary: 32,000 - 37,000 per annum Job Type: Full Time, Permanent Working Hours: Monday to Friday - 9am to 5.30pm (flexible hours between 8am - 6pm) Who are we Flotek Group is one of the fastest-growing Tech Companies in the UK, providing IT, Cybersecurity, Comms and Managed Print Solutions to small & medium businesses. With sales and support locations across the country, our ambitious growth is driven by our core values and fundamental principles. We deliver every product and service with expertise, passion, and heart. When you join Flotek Group you join our "Purple Army" and become part of a team driven by a set of values that guide our every interaction, both with each other and with our partners. We enjoy a collaborative, fast-paced working environment, where we can expect to learn to be exceptional, earn trust through actions and receive recognition when our work gets a "Wow!" The role As a Cyber Security Engineer at Flotek, you will play a pivotal role within our dedicated IT Engineering team. You will be responsible for the delivery and ongoing improvement of robust security solutions, ensuring that every project and operational process meets the Flotek standard for cyber resilience. Your responsibilities will include not only maintaining and exceeding established security benchmarks for our partners for Cyber Essentials and Cyber Essentials+ audits and certifications, but also actively identifying opportunities for process improvement and risk reduction. Collaboration is at the heart of this role-you will work in close partnership with the IT Delivery Manager and IT teams. Your expertise and proactive approach will help shape the future of our cyber security posture, ensuring our partners and internal teams consistently receive exceptional support and protection. Responsibilities: Reporting to the IT Delivery Manager Stay updated on industry trends, threat intelligence and Flotek security technologies Responsible for giving world-class service at all times Responsible for communicating with clients and internal project managers. Responsible for delivering CE, CE+ audits, remediations and certification Lead and support the implementation of security controls, monitoring, and incident response processes. Conduct / facilitate vulnerability assessments, penetration testing, and risk analysis to identify and remediate threats. Maintain and improve security documentation, including policies, procedures, and incident reports. Be part of a team that manages security patching policies and updates Provide technical guidance and training to end users and internal teams on security best practices. Support the installation and configuration of security software and hardware, including firewalls, endpoint protection, and SIEM tools. Ensure compliance with relevant standards and frameworks (e.g., ISO 27001, Cyber Essentials). Mentor and support the growth of aspiring cyber security professionals within the team. Work with 3rdparty security providers to ensure partners technology systems are well protected from security threats and vulnerabilities. What we're looking for: A positive attitude with a can do approach to everything! Excellent communication skills and the ability to explain technical concepts to non-technical audiences. Previous experience in a cyber security or IT security role within a technology-driven business. Experience in Auditing partners IT estates for Cyber Essesntials and Cyber Essentials+ Experience using RMM tools Experience in administering Microsoft Update and 3rdparty patching policies Strong technical ability to diagnose and resolve security incidents efficiently. Experience using security monitoring and incident management tools. Partner-focused mindset to understand and address user and client security needs. Experience in staying educated on IASME certification requirements and changes Excellent organizational skills and the ability to prioritise work effectively. Willingness to travel to partner sites across the UK as needed. Full UK Driving Licence. Desirable to hold current security accreditations e.g.Comptia Security+, CYSA+ Benefits Salary dependent on experience within range of 32,000 - 37,000 per annum EMI Share Equity Scheme - own a slice of the "Purple Pie." Day off for your birthday. Day off for other life's milestones - such as weddings, moving house, child's first day at school, or religious holidays. Give back day to support your chosen charity. Savings on gym memberships, shopping and other discounts available through Perkbox. Variety of social events & team building opportunities are available. Opportunities for professional development and career progression. Due to the nature of the role the company will not be able to offer sponsorship or relocation assistance so candidates must already reside in the UK. Candidates with the experience or relevant job titles of Cyber security Engineer, Cyber Engineer, Cyber Auditor, CE Auditor, Cyber Essentials engineer MPS Engineer, Field Engineer, IT Engineer may also be considered for this role.
IT Security Analyst Location: London - Remote with occasional travel to office Salary: £50,000 + Flexible Benefits Scheme Contract type: Permanent About the Role Morson Edge have partnered with a leading organisation to recruit a skilled IT Security Analyst to play a key role in protecting our clients digital infrastructure. You ll monitor security systems, analyse threats, and respond to incidents ensuring the confidentiality, integrity, and availability of information assets. Working closely with the IT Security Manager, you ll help strengthen defences, resolve security issues, and contribute to a proactive cyber-security culture. Key Responsibilities Monitor the organisation s networks and systems for potential security issues. Investigate and resolve cyber incidents promptly and effectively. Implement and manage security measures including firewalls, encryption, and endpoint protection. Maintain clear documentation of breaches, assessments, and remediation actions. Conduct vulnerability testing, penetration testing, and risk assessments. Collaborate with the IT Security Manager to identify and mitigate network vulnerabilities. Analyse logs from multiple sources to detect and respond to abnormal activity. Assist with internal and external security audits and compliance reviews. Evaluate and recommend improvements to enhance security posture. Support vendor security assessments and ensure third-party compliance with internal standards. Contribute to continuous improvement of the organisation s cyber-security framework and strategy. Skills and Experience Essential: Degree in Cyber Security, Computer Science, or equivalent experience. Proven experience within a SOC (Security Operations Centre) or NOC (Network Operations Centre). Strong understanding of incident response methodologies and the MITRE ATT&CK framework. Experience using SIEM, IDS/IPS, vulnerability scanners, and Azure security tools. Technical expertise in Microsoft Defender, EDR (Endpoint Detection and Response), and network architecture. Practical experience managing cyber incidents and implementing secure configurations. Excellent analytical and problem-solving skills, with clear documentation and communication abilities. Familiarity with NIST, ISO 27001, and CIS Controls frameworks. Ability to work under pressure, prioritise effectively, and maintain attention to detail. Desirable: Professional certifications such as GSEC, CISSP, OSCP, CISA, CompTIA Sec+, or equivalent. Knowledge of ITIL processes and cyber governance frameworks. Experience with scripting, automation, and digital forensics. Awareness of PCI DSS, SDLC, and network analysis principles. This is a great opportunity to join a leading organisation, this role is mostly remote with occasional travel to London, please note this role cannot offer sponsorship. Please apply to hear more!
12/11/2025
Full time
IT Security Analyst Location: London - Remote with occasional travel to office Salary: £50,000 + Flexible Benefits Scheme Contract type: Permanent About the Role Morson Edge have partnered with a leading organisation to recruit a skilled IT Security Analyst to play a key role in protecting our clients digital infrastructure. You ll monitor security systems, analyse threats, and respond to incidents ensuring the confidentiality, integrity, and availability of information assets. Working closely with the IT Security Manager, you ll help strengthen defences, resolve security issues, and contribute to a proactive cyber-security culture. Key Responsibilities Monitor the organisation s networks and systems for potential security issues. Investigate and resolve cyber incidents promptly and effectively. Implement and manage security measures including firewalls, encryption, and endpoint protection. Maintain clear documentation of breaches, assessments, and remediation actions. Conduct vulnerability testing, penetration testing, and risk assessments. Collaborate with the IT Security Manager to identify and mitigate network vulnerabilities. Analyse logs from multiple sources to detect and respond to abnormal activity. Assist with internal and external security audits and compliance reviews. Evaluate and recommend improvements to enhance security posture. Support vendor security assessments and ensure third-party compliance with internal standards. Contribute to continuous improvement of the organisation s cyber-security framework and strategy. Skills and Experience Essential: Degree in Cyber Security, Computer Science, or equivalent experience. Proven experience within a SOC (Security Operations Centre) or NOC (Network Operations Centre). Strong understanding of incident response methodologies and the MITRE ATT&CK framework. Experience using SIEM, IDS/IPS, vulnerability scanners, and Azure security tools. Technical expertise in Microsoft Defender, EDR (Endpoint Detection and Response), and network architecture. Practical experience managing cyber incidents and implementing secure configurations. Excellent analytical and problem-solving skills, with clear documentation and communication abilities. Familiarity with NIST, ISO 27001, and CIS Controls frameworks. Ability to work under pressure, prioritise effectively, and maintain attention to detail. Desirable: Professional certifications such as GSEC, CISSP, OSCP, CISA, CompTIA Sec+, or equivalent. Knowledge of ITIL processes and cyber governance frameworks. Experience with scripting, automation, and digital forensics. Awareness of PCI DSS, SDLC, and network analysis principles. This is a great opportunity to join a leading organisation, this role is mostly remote with occasional travel to London, please note this role cannot offer sponsorship. Please apply to hear more!
As a Control Testing Lead, you will play a key role within the Information Security team, supporting the Control Test and Assurance Manager in the delivery of a robust and forward-looking Cybersecurity Control Testing & Assurance Programme. This role requires strong cybersecurity expertise combined with hands-on experience in control testing, particularly in evaluating the effectiveness of security controls and ensuring alignment with internal policies, standards, and industry frameworks. This role will report directly to the Control Testing & Assurance Manager, with whom you will work to deliver the goals of the company to have a stable and fit-for-purpose control testing environment that supports the organisation's security and compliance objectives. What you'll be doing as a Control Testing Lead - Cyber Security Support the implementation and continuous improvement of the Cybersecurity Control Testing Framework. Execute control testing in line with defined procedures, templates, and standards. Assist in the development and localisation of standard test scripts, ensuring they are tailored to specific control environments and aligned with the organisation's Enterprise Risk Management Framework. Conduct control testing activities to evaluate the design and operational effectiveness of cybersecurity controls, documenting results clearly and raising issues where appropriate. Ensure timely delivery of assigned control assessments in accordance with the agreed testing schedule and escalation protocols. Maintain accurate and consistent documentation for each control assessment, including test plans, test results, and final reports. Escalate issues, delays, or risks to the Control Testing & Assurance Manager, contributing to the resolution of challenges and continuous improvement of the testing process. Collaborate with control owners and stakeholders to gather evidence, clarify control objectives, and support the smooth execution of testing activities. Stay informed on relevant cybersecurity frameworks (e.g., NIST CSF, CIS Controls) and industry best practices to support the evolution of the control testing programme. To thrive in this role, the essential criteria you'll need are Proven experience in performing cybersecurity control assessments, including evaluating design and operational effectiveness. Strong understanding of information security principles, cyber risk management, and control frameworks. Experience in IT, OT and Cloud environments, with a focus on cybersecurity controls. Clear and professional verbal and written communication, including the ability to explain cybersecurity issues to non-technical audiences. Ability to work independently with minimal supervision, taking ownership of assigned tasks and driving them to completion while maintaining high standards of quality and accuracy. Strong understanding of Cybersecurity Domains, including Threat Intelligence, Vulnerability Management, Security Testing, Security Architecture, Infrastructure Protection, Application Security, Identity and Access Management, Incident Investigation & Response and Cryptography. Additional skills and experiences would be great to have/bring: Experience working in a regulated environment. Experience within the water utility industry or large, complex critical national infrastructure. Experience in internal audit, external audit, or assurance functions related to IT or cybersecurity. Professional certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor are advantageous. GCS is acting as an Employment Agency in relation to this vacancy.
11/11/2025
Full time
As a Control Testing Lead, you will play a key role within the Information Security team, supporting the Control Test and Assurance Manager in the delivery of a robust and forward-looking Cybersecurity Control Testing & Assurance Programme. This role requires strong cybersecurity expertise combined with hands-on experience in control testing, particularly in evaluating the effectiveness of security controls and ensuring alignment with internal policies, standards, and industry frameworks. This role will report directly to the Control Testing & Assurance Manager, with whom you will work to deliver the goals of the company to have a stable and fit-for-purpose control testing environment that supports the organisation's security and compliance objectives. What you'll be doing as a Control Testing Lead - Cyber Security Support the implementation and continuous improvement of the Cybersecurity Control Testing Framework. Execute control testing in line with defined procedures, templates, and standards. Assist in the development and localisation of standard test scripts, ensuring they are tailored to specific control environments and aligned with the organisation's Enterprise Risk Management Framework. Conduct control testing activities to evaluate the design and operational effectiveness of cybersecurity controls, documenting results clearly and raising issues where appropriate. Ensure timely delivery of assigned control assessments in accordance with the agreed testing schedule and escalation protocols. Maintain accurate and consistent documentation for each control assessment, including test plans, test results, and final reports. Escalate issues, delays, or risks to the Control Testing & Assurance Manager, contributing to the resolution of challenges and continuous improvement of the testing process. Collaborate with control owners and stakeholders to gather evidence, clarify control objectives, and support the smooth execution of testing activities. Stay informed on relevant cybersecurity frameworks (e.g., NIST CSF, CIS Controls) and industry best practices to support the evolution of the control testing programme. To thrive in this role, the essential criteria you'll need are Proven experience in performing cybersecurity control assessments, including evaluating design and operational effectiveness. Strong understanding of information security principles, cyber risk management, and control frameworks. Experience in IT, OT and Cloud environments, with a focus on cybersecurity controls. Clear and professional verbal and written communication, including the ability to explain cybersecurity issues to non-technical audiences. Ability to work independently with minimal supervision, taking ownership of assigned tasks and driving them to completion while maintaining high standards of quality and accuracy. Strong understanding of Cybersecurity Domains, including Threat Intelligence, Vulnerability Management, Security Testing, Security Architecture, Infrastructure Protection, Application Security, Identity and Access Management, Incident Investigation & Response and Cryptography. Additional skills and experiences would be great to have/bring: Experience working in a regulated environment. Experience within the water utility industry or large, complex critical national infrastructure. Experience in internal audit, external audit, or assurance functions related to IT or cybersecurity. Professional certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor are advantageous. GCS is acting as an Employment Agency in relation to this vacancy.
Business Unit: COO, Technology Operations & Cyber Security Salary range: £40,800 - £51,000 per annum + Benefits Location: UK Remote Contract type : Permanent Our Team The Platform Engineering Team sits within Technology Operations & Cyber Security (TOCS) and is responsible for supporting, maintaining, and innovating the Bank's underpinning platforms and technologies. The core aspect of your role will be to support the management of the Operational Platform, with a focus on the Linux Server Estate. This will involve collaboration with internal customers, partners and external customers to deliver excellent service and ensure our systems are efficient, performant, resilient where emerging technology threats & risks are managed and change to our systems are managed effectively. What you'll be doing Innovate, build & maintain the Virgin Money Linux server estate for Operational Platform. Engineer, validate, implement and quality assure technical solutions. Lead on initiatives to improve Platform performance and stability. Support projects implementing new infrastructure into the datacentres. Support root cause analysis and remediation of complex technical issues. Work closely with others to estimate work, manage domain scope, risks and issues. Collaborate with internal and external parties to provide excellent customer service. Ensure that change within the environment is managed and controlled effectively. We need you to have Strong engineering experience with Red Hat Enterprise Linux (RHEL) Strong Redhat Satellite experience (install, Configure, manage) Strong experience of server implementation, upgrades, maintenance, monitoring and automation (Infrastructure as Code) with Ansible, AAP Strong experience of VMware (upgrade, manage) Solid understanding of Networking, security and system performance Strong problem-solving skills with the ability to own, diagnose and resolve platforms issues. Good understanding of cybersecurity principles & vulnerability management Python, Bash, API's and data structures in JSON/YAML or other Engineering mindset: able to challenge the status quo and automate manual processes to deliver additional value. Exceptional communication & teamwork skills Flexibility. The role may require occasional evening or weekend work It's a bonus if you have but not essential Experience of Arctera Infoscale, VCS Experience of Solaris Experience of Server Hardware Management and maintenance Experience of Containerisation, Red Hat OpenShift, ARO or AKS Experience of Continuous Integration and Continuous Delivery tooling Experience of working within an ITIL framework Working in Multi-disciplinary Agile teams Red Hot Rewards Generous holidays - 38.5 days annual leave (including bank holidays and prorated if part-time) plus the option to buy more. Up to five extra paid well-being days per year . 20 weeks paid, gender-neutral family leave (52 weeks in total) for expectant parents and those looking to adopt. Market-leading pension. Free private medical cover, income protection and life assurance. Flexible benefits include Cycle to Work, wellness and health assessments, and critical illness. And there's no waiting around, you'll enjoy these benefits from day one. If we're lucky to receive a lot of interest, we may close the advert early. Please ensure to submit your applications as soon as possible. Say hello to Virgin Money Virgin Money is so much more than just a bank. As part of the Nationwide group, together we're the UK's first full-service mutual bank serving millions of retail and business customers and all driven by our purpose ; Banking but fairer, more rewarding and for the good of society. With us, you'll be part of an organisation uniquely positioned to make a difference to the lives of customers, communities and broader society and embark on a collaborative, customer obsessed, and fun-filled career journey. Embrace the weekdays, enjoy fantastic perks, and make a meaningful positive difference. Time to discover what it means to be part of the first mutual full-service banking provider. Be yourself at Virgin Money At Virgin Money, we celebrate everyone. We have fun, think big, and relentlessly include each other, all in pursuit of our purpose: Banking - but fairer, more rewarding, and for the good of society. We're committed to creating an inclusive culture where colleagues feel safe and inspired to contribute, speak up and be heard. As a Disability Confident Leader, we're committed to removing any obstacles to inclusion. If you need any reasonable adjustments or support making your application, contact our Talent Acquisition team Please note: If we receive a high volume of eligible applications, we may need to prioritise candidates whose skills and experience most closely align with the role, while still ensuring fair and equitable consideration for all applicants. Now the legal bit Although some of our roles allow you to be based anywhere in the UK, we'll need you to confirm you have the right to work in the UK. If you're successful in securing a role with us, there are some checks you need to complete before starting. These include credit and criminal record checks and three years' worth of satisfactory references. If the role is part of the Senior Manager Regime and Certification Regime, it requires enhanced pre-employment checks - we'll ask for six years of regulatory references, and once in the role, you'll be subject to periodic employment checks.
06/10/2025
Full time
Business Unit: COO, Technology Operations & Cyber Security Salary range: £40,800 - £51,000 per annum + Benefits Location: UK Remote Contract type : Permanent Our Team The Platform Engineering Team sits within Technology Operations & Cyber Security (TOCS) and is responsible for supporting, maintaining, and innovating the Bank's underpinning platforms and technologies. The core aspect of your role will be to support the management of the Operational Platform, with a focus on the Linux Server Estate. This will involve collaboration with internal customers, partners and external customers to deliver excellent service and ensure our systems are efficient, performant, resilient where emerging technology threats & risks are managed and change to our systems are managed effectively. What you'll be doing Innovate, build & maintain the Virgin Money Linux server estate for Operational Platform. Engineer, validate, implement and quality assure technical solutions. Lead on initiatives to improve Platform performance and stability. Support projects implementing new infrastructure into the datacentres. Support root cause analysis and remediation of complex technical issues. Work closely with others to estimate work, manage domain scope, risks and issues. Collaborate with internal and external parties to provide excellent customer service. Ensure that change within the environment is managed and controlled effectively. We need you to have Strong engineering experience with Red Hat Enterprise Linux (RHEL) Strong Redhat Satellite experience (install, Configure, manage) Strong experience of server implementation, upgrades, maintenance, monitoring and automation (Infrastructure as Code) with Ansible, AAP Strong experience of VMware (upgrade, manage) Solid understanding of Networking, security and system performance Strong problem-solving skills with the ability to own, diagnose and resolve platforms issues. Good understanding of cybersecurity principles & vulnerability management Python, Bash, API's and data structures in JSON/YAML or other Engineering mindset: able to challenge the status quo and automate manual processes to deliver additional value. Exceptional communication & teamwork skills Flexibility. The role may require occasional evening or weekend work It's a bonus if you have but not essential Experience of Arctera Infoscale, VCS Experience of Solaris Experience of Server Hardware Management and maintenance Experience of Containerisation, Red Hat OpenShift, ARO or AKS Experience of Continuous Integration and Continuous Delivery tooling Experience of working within an ITIL framework Working in Multi-disciplinary Agile teams Red Hot Rewards Generous holidays - 38.5 days annual leave (including bank holidays and prorated if part-time) plus the option to buy more. Up to five extra paid well-being days per year . 20 weeks paid, gender-neutral family leave (52 weeks in total) for expectant parents and those looking to adopt. Market-leading pension. Free private medical cover, income protection and life assurance. Flexible benefits include Cycle to Work, wellness and health assessments, and critical illness. And there's no waiting around, you'll enjoy these benefits from day one. If we're lucky to receive a lot of interest, we may close the advert early. Please ensure to submit your applications as soon as possible. Say hello to Virgin Money Virgin Money is so much more than just a bank. As part of the Nationwide group, together we're the UK's first full-service mutual bank serving millions of retail and business customers and all driven by our purpose ; Banking but fairer, more rewarding and for the good of society. With us, you'll be part of an organisation uniquely positioned to make a difference to the lives of customers, communities and broader society and embark on a collaborative, customer obsessed, and fun-filled career journey. Embrace the weekdays, enjoy fantastic perks, and make a meaningful positive difference. Time to discover what it means to be part of the first mutual full-service banking provider. Be yourself at Virgin Money At Virgin Money, we celebrate everyone. We have fun, think big, and relentlessly include each other, all in pursuit of our purpose: Banking - but fairer, more rewarding, and for the good of society. We're committed to creating an inclusive culture where colleagues feel safe and inspired to contribute, speak up and be heard. As a Disability Confident Leader, we're committed to removing any obstacles to inclusion. If you need any reasonable adjustments or support making your application, contact our Talent Acquisition team Please note: If we receive a high volume of eligible applications, we may need to prioritise candidates whose skills and experience most closely align with the role, while still ensuring fair and equitable consideration for all applicants. Now the legal bit Although some of our roles allow you to be based anywhere in the UK, we'll need you to confirm you have the right to work in the UK. If you're successful in securing a role with us, there are some checks you need to complete before starting. These include credit and criminal record checks and three years' worth of satisfactory references. If the role is part of the Senior Manager Regime and Certification Regime, it requires enhanced pre-employment checks - we'll ask for six years of regulatory references, and once in the role, you'll be subject to periodic employment checks.
Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams that lead them. We'll broaden your horizons To ensure our services and applications are fit for the modern market, our IT team collaborates with every department. They develop, they explore and they implement the new ideas helping us to change the future of accounting, tax and business consulting. But, just as importantly, they maintain the tech that keeps us advancing. By testing and adopting the future of financial technical solutions, they find new and exciting ways to drive us forward. And you could too. In an IT role at BDO, you'll become part of a team that act as the backbone for our business. No matter who you are or what your skillset is, we'll give you the training and support you need to achieve whatever you put your mind to. We'll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships. You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. We are seeking a highly motivated and experienced Lead Software Security Engineer to join our team. You will have a strong background in software development, security, and operations. This role is required to support the Digital Product Management team in embedding security requirements and best practices into new Digital Products and Services. You will work closely with the Digital Product Management and IT Security teams to establish and build the right security controls and quality state gates across the product lifecycle. This includes security tooling to manage these controls. In this busy and rewarding role, you'll also: Collaborate with software development teams to integrate security into the development lifecycle Own the cultural shift to a Security DevSecOps mindset Manage & implement security controls, tools, and processes to secure applications and infrastructure Monitor and respond to security incidents and threats in a timely manner Stay up-to-date with security trends and best practices to continuously improve security posture Automate security testing and deployment processes to ensure rapid and secure delivery of software Develop and maintain security documentation and training materials Develop and implement the product security strategy in alignment with organisational goals Integrate Application Security Tools within existing Development Processes Assist with the Planning & Execution of Application Penetration Tests Serve as a Subject Matter Expert (SME) in the field of Application Security Define security NFR's and ensure these are met Report on compliance with security standards You'll be someone with: Strong experience in software development and security Proficient in scripting languages such as Powershell, YAML, JASON, etc. Collaborate with development teams to integrate security best practices into the secure software development lifecycle (SDLC) and ensure products are built securely Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments Experience conducting risk assessments and threat modelling for software development and advise where necessary Experience in software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards and secure development principles such as NCSC Secure Development & Deployment Guidance, OWASP, NIST Secure Software Development Framework (SSDF - 800-218), Microsoft Azure Secure Development best practices, ISO27001 Experience with Azure cloud infrastructure, particularly Azure PaaS service Experience with Azure DevOps, particularly CI/CD and backlog management Prepare and present regular security reports to senior management, ensuring compliance with security standards and regulations Expertise with security tools and familiarity with DevSecOps processes Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field (preferable) You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to the business. We're committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value for the companies we work with and satisfying experiences for our colleagues, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.
06/10/2025
Full time
Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams that lead them. We'll broaden your horizons To ensure our services and applications are fit for the modern market, our IT team collaborates with every department. They develop, they explore and they implement the new ideas helping us to change the future of accounting, tax and business consulting. But, just as importantly, they maintain the tech that keeps us advancing. By testing and adopting the future of financial technical solutions, they find new and exciting ways to drive us forward. And you could too. In an IT role at BDO, you'll become part of a team that act as the backbone for our business. No matter who you are or what your skillset is, we'll give you the training and support you need to achieve whatever you put your mind to. We'll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships. You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. We are seeking a highly motivated and experienced Lead Software Security Engineer to join our team. You will have a strong background in software development, security, and operations. This role is required to support the Digital Product Management team in embedding security requirements and best practices into new Digital Products and Services. You will work closely with the Digital Product Management and IT Security teams to establish and build the right security controls and quality state gates across the product lifecycle. This includes security tooling to manage these controls. In this busy and rewarding role, you'll also: Collaborate with software development teams to integrate security into the development lifecycle Own the cultural shift to a Security DevSecOps mindset Manage & implement security controls, tools, and processes to secure applications and infrastructure Monitor and respond to security incidents and threats in a timely manner Stay up-to-date with security trends and best practices to continuously improve security posture Automate security testing and deployment processes to ensure rapid and secure delivery of software Develop and maintain security documentation and training materials Develop and implement the product security strategy in alignment with organisational goals Integrate Application Security Tools within existing Development Processes Assist with the Planning & Execution of Application Penetration Tests Serve as a Subject Matter Expert (SME) in the field of Application Security Define security NFR's and ensure these are met Report on compliance with security standards You'll be someone with: Strong experience in software development and security Proficient in scripting languages such as Powershell, YAML, JASON, etc. Collaborate with development teams to integrate security best practices into the secure software development lifecycle (SDLC) and ensure products are built securely Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments Experience conducting risk assessments and threat modelling for software development and advise where necessary Experience in software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards and secure development principles such as NCSC Secure Development & Deployment Guidance, OWASP, NIST Secure Software Development Framework (SSDF - 800-218), Microsoft Azure Secure Development best practices, ISO27001 Experience with Azure cloud infrastructure, particularly Azure PaaS service Experience with Azure DevOps, particularly CI/CD and backlog management Prepare and present regular security reports to senior management, ensuring compliance with security standards and regulations Expertise with security tools and familiarity with DevSecOps processes Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field (preferable) You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to the business. We're committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value for the companies we work with and satisfying experiences for our colleagues, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.
Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams that lead them. We'll broaden your horizons To ensure our services and applications are fit for the modern market, our IT team collaborates with every department. They develop, they explore and they implement the new ideas helping us to change the future of accounting, tax and business consulting. But, just as importantly, they maintain the tech that keeps us advancing. By testing and adopting the future of financial technical solutions, they find new and exciting ways to drive us forward. And you could too. In an IT role at BDO, you'll become part of a team that act as the backbone for our business. No matter who you are or what your skillset is, we'll give you the training and support you need to achieve whatever you put your mind to. We'll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships. You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. We are seeking a highly motivated and experienced Lead Software Security Engineer to join our team. You will have a strong background in software development, security, and operations. This role is required to support the Digital Product Management team in embedding security requirements and best practices into new Digital Products and Services. You will work closely with the Digital Product Management and IT Security teams to establish and build the right security controls and quality state gates across the product lifecycle. This includes security tooling to manage these controls. In this busy and rewarding role, you'll also: Collaborate with software development teams to integrate security into the development lifecycle Own the cultural shift to a Security DevSecOps mindset Manage & implement security controls, tools, and processes to secure applications and infrastructure Monitor and respond to security incidents and threats in a timely manner Stay up-to-date with security trends and best practices to continuously improve security posture Automate security testing and deployment processes to ensure rapid and secure delivery of software Develop and maintain security documentation and training materials Develop and implement the product security strategy in alignment with organisational goals Integrate Application Security Tools within existing Development Processes Assist with the Planning & Execution of Application Penetration Tests Serve as a Subject Matter Expert (SME) in the field of Application Security Define security NFR's and ensure these are met Report on compliance with security standards You'll be someone with: Strong experience in software development and security Proficient in scripting languages such as Powershell, YAML, JASON, etc. Collaborate with development teams to integrate security best practices into the secure software development lifecycle (SDLC) and ensure products are built securely Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments Experience conducting risk assessments and threat modelling for software development and advise where necessary Experience in software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards and secure development principles such as NCSC Secure Development & Deployment Guidance, OWASP, NIST Secure Software Development Framework (SSDF - 800-218), Microsoft Azure Secure Development best practices, ISO27001 Experience with Azure cloud infrastructure, particularly Azure PaaS service Experience with Azure DevOps, particularly CI/CD and backlog management Prepare and present regular security reports to senior management, ensuring compliance with security standards and regulations Expertise with security tools and familiarity with DevSecOps processes Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field (preferable) You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to the business. We're committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value for the companies we work with and satisfying experiences for our colleagues, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.
06/10/2025
Full time
Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams that lead them. We'll broaden your horizons To ensure our services and applications are fit for the modern market, our IT team collaborates with every department. They develop, they explore and they implement the new ideas helping us to change the future of accounting, tax and business consulting. But, just as importantly, they maintain the tech that keeps us advancing. By testing and adopting the future of financial technical solutions, they find new and exciting ways to drive us forward. And you could too. In an IT role at BDO, you'll become part of a team that act as the backbone for our business. No matter who you are or what your skillset is, we'll give you the training and support you need to achieve whatever you put your mind to. We'll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships. You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. We are seeking a highly motivated and experienced Lead Software Security Engineer to join our team. You will have a strong background in software development, security, and operations. This role is required to support the Digital Product Management team in embedding security requirements and best practices into new Digital Products and Services. You will work closely with the Digital Product Management and IT Security teams to establish and build the right security controls and quality state gates across the product lifecycle. This includes security tooling to manage these controls. In this busy and rewarding role, you'll also: Collaborate with software development teams to integrate security into the development lifecycle Own the cultural shift to a Security DevSecOps mindset Manage & implement security controls, tools, and processes to secure applications and infrastructure Monitor and respond to security incidents and threats in a timely manner Stay up-to-date with security trends and best practices to continuously improve security posture Automate security testing and deployment processes to ensure rapid and secure delivery of software Develop and maintain security documentation and training materials Develop and implement the product security strategy in alignment with organisational goals Integrate Application Security Tools within existing Development Processes Assist with the Planning & Execution of Application Penetration Tests Serve as a Subject Matter Expert (SME) in the field of Application Security Define security NFR's and ensure these are met Report on compliance with security standards You'll be someone with: Strong experience in software development and security Proficient in scripting languages such as Powershell, YAML, JASON, etc. Collaborate with development teams to integrate security best practices into the secure software development lifecycle (SDLC) and ensure products are built securely Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments Experience conducting risk assessments and threat modelling for software development and advise where necessary Experience in software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards and secure development principles such as NCSC Secure Development & Deployment Guidance, OWASP, NIST Secure Software Development Framework (SSDF - 800-218), Microsoft Azure Secure Development best practices, ISO27001 Experience with Azure cloud infrastructure, particularly Azure PaaS service Experience with Azure DevOps, particularly CI/CD and backlog management Prepare and present regular security reports to senior management, ensuring compliance with security standards and regulations Expertise with security tools and familiarity with DevSecOps processes Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field (preferable) You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to the business. We're committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value for the companies we work with and satisfying experiences for our colleagues, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.
Cyber Security Analyst - Manchester - £50,000 The Company: Lorien are working in partnership with a leading name in Manchester. With a strong focus on protecting their digital estate, they're now looking to hire a Cyber Security Analyst to help strengthen their InfoSec capabilities and ensure resilience against cyber threats. The Role: This is a hands-on role focused on protecting the organisation's network and systems from cyber-attacks. You'll be responsible for managing and remediating security incidents, tuning SIEM alerts, supporting endpoint detection and response tooling, and contributing to post-incident investigations.You'll also play a key role in vulnerability management, security reporting, and supporting the deployment and maintenance of security tooling across the estate. Working closely with the IT Security & Compliance Manager, you'll help shape the business's cyber defence strategy and educate stakeholders on best practices. The Skill Requirements:Successful candidates will have a blend of the following: Experience in Infrastructure support or working within a SOC/Security team Strong understanding of Microsoft O365/Azure Security, endpoint and email security tooling Familiarity with SIEM tools and IT Service Management platforms Knowledge of current and emerging cyber threats and security technologies Experience with vulnerability identification and remediation The Benefits: Salary up to £50,000 + bonus Hybrid working model (2 days onsite in Manchester) 25 days annual leave plus bank holidays Flexible working hours Opportunity to work in a fast-paced, high-impact environment If this sounds like something you'd be interested in, submit your application to be considered. Interviews will be scheduled over the coming weeks. Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
03/10/2025
Full time
Cyber Security Analyst - Manchester - £50,000 The Company: Lorien are working in partnership with a leading name in Manchester. With a strong focus on protecting their digital estate, they're now looking to hire a Cyber Security Analyst to help strengthen their InfoSec capabilities and ensure resilience against cyber threats. The Role: This is a hands-on role focused on protecting the organisation's network and systems from cyber-attacks. You'll be responsible for managing and remediating security incidents, tuning SIEM alerts, supporting endpoint detection and response tooling, and contributing to post-incident investigations.You'll also play a key role in vulnerability management, security reporting, and supporting the deployment and maintenance of security tooling across the estate. Working closely with the IT Security & Compliance Manager, you'll help shape the business's cyber defence strategy and educate stakeholders on best practices. The Skill Requirements:Successful candidates will have a blend of the following: Experience in Infrastructure support or working within a SOC/Security team Strong understanding of Microsoft O365/Azure Security, endpoint and email security tooling Familiarity with SIEM tools and IT Service Management platforms Knowledge of current and emerging cyber threats and security technologies Experience with vulnerability identification and remediation The Benefits: Salary up to £50,000 + bonus Hybrid working model (2 days onsite in Manchester) 25 days annual leave plus bank holidays Flexible working hours Opportunity to work in a fast-paced, high-impact environment If this sounds like something you'd be interested in, submit your application to be considered. Interviews will be scheduled over the coming weeks. Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
Hays Specialist Recruitment Limited
West Drayton, Middlesex
Contract duration - 6 months Location - Waterside - UB7 0GB Hybrid - 1 day per week from office and rest days from homeOur client has a varied and complex digital landscape. The DevSecOps specialist will report to DevSecOps manager in the Cyber Architecture team. Working closely with the Cyber team as well as the digital team to ensure cybersecurity is embedded across all digital platforms. Key skills & Responsibility Lead the integration of security into the software development lifecycle (SDLC) using DevSecOps principles. Define and implement release strategies with a strong emphasis on application security. Identify and remediate security vulnerabilities through detailed code reviews and automated tooling. Collaborate with cross-functional teams to establish secure coding standards and quality benchmarks. Provide expert consultancy and guidance to engineering teams, enabling them to meet strategic security goals. Drive adoption of security best practices across CI/CD pipelines and cloud-native environments. Accountabilities Provide technical cyber leadership across all development teams, focusing on application security for our various digital platforms (web and mobile). Secure our CI/CD pipelines and provide improvement plans and requirements to those that use them, while overseeing the consistent adoption of secure practices across teams. Support the vulnerability management process, raising awareness and embedding secure development principles with development teams. Evaluate, implement, support and communicate new tools and features to improve our security posture whilst supporting, consulting, and measuring the progression of adoption across our platform and development teams. Establish security testing approaches and tools to support iterative agile delivery, ensuring alignment with organisational objectives and secure development practices. Lead cyber digital reviews to promote consistency, quality, and alignment to cyber principles and patterns. Effectively communicate, reason, and influence stakeholders across business tech to promote the understanding of cyber digital security and embed it throughout design and delivery. Actively participate in and contribute to the client's cybersecurity guilds, driving innovation and alignment in digital security approaches. Support the client's Cyber Delivery Assurance Team and the wider business Cyber Team by acting as a subject-matter expert on all things digital security. Support the client's Cyber Change Team by assisting in change reviews. Required Skills & Experience: Proven experience in application security within a DevSecOps framework. Strong background in software engineering, with the ability to bridge development and security. Experience identifying security issues through code review. Recognised cybersecurity certifications or qualifications desirable. Deep technical expertise in security tools and methodologies, including: Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Software Composition Analysis (SCA) Threat Modelling Demonstrated success in leading or advising teams on secure development practices. Senior-level experience with a solid understanding of cloud migration challenges and solutions. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Talent Solutions is a trading division of Hays Specialist Recruitment Limited and acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
03/10/2025
Full time
Contract duration - 6 months Location - Waterside - UB7 0GB Hybrid - 1 day per week from office and rest days from homeOur client has a varied and complex digital landscape. The DevSecOps specialist will report to DevSecOps manager in the Cyber Architecture team. Working closely with the Cyber team as well as the digital team to ensure cybersecurity is embedded across all digital platforms. Key skills & Responsibility Lead the integration of security into the software development lifecycle (SDLC) using DevSecOps principles. Define and implement release strategies with a strong emphasis on application security. Identify and remediate security vulnerabilities through detailed code reviews and automated tooling. Collaborate with cross-functional teams to establish secure coding standards and quality benchmarks. Provide expert consultancy and guidance to engineering teams, enabling them to meet strategic security goals. Drive adoption of security best practices across CI/CD pipelines and cloud-native environments. Accountabilities Provide technical cyber leadership across all development teams, focusing on application security for our various digital platforms (web and mobile). Secure our CI/CD pipelines and provide improvement plans and requirements to those that use them, while overseeing the consistent adoption of secure practices across teams. Support the vulnerability management process, raising awareness and embedding secure development principles with development teams. Evaluate, implement, support and communicate new tools and features to improve our security posture whilst supporting, consulting, and measuring the progression of adoption across our platform and development teams. Establish security testing approaches and tools to support iterative agile delivery, ensuring alignment with organisational objectives and secure development practices. Lead cyber digital reviews to promote consistency, quality, and alignment to cyber principles and patterns. Effectively communicate, reason, and influence stakeholders across business tech to promote the understanding of cyber digital security and embed it throughout design and delivery. Actively participate in and contribute to the client's cybersecurity guilds, driving innovation and alignment in digital security approaches. Support the client's Cyber Delivery Assurance Team and the wider business Cyber Team by acting as a subject-matter expert on all things digital security. Support the client's Cyber Change Team by assisting in change reviews. Required Skills & Experience: Proven experience in application security within a DevSecOps framework. Strong background in software engineering, with the ability to bridge development and security. Experience identifying security issues through code review. Recognised cybersecurity certifications or qualifications desirable. Deep technical expertise in security tools and methodologies, including: Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Software Composition Analysis (SCA) Threat Modelling Demonstrated success in leading or advising teams on secure development practices. Senior-level experience with a solid understanding of cloud migration challenges and solutions. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Talent Solutions is a trading division of Hays Specialist Recruitment Limited and acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
