37 jobs found

Penetration Tester Position Description CGI Cyber Security Team in the UK is one of the largest Cyber consultancies in the UK with around 300 members. The UK Cyber team works across a variety of domains including: Government, Defence, Critical Infrastructure, Healthcare, Utilities, Banking and Financial Services and Many more. At CGI you will get the opportunity to work across a number of domains and work in all areas of Cyber Security allowing you to grow and develop your career. We offer full 360-degree services to our clients from initial consulting on a range of areas including Risk Assessments, Vulnerability Management, Accreditations (ISO27001, GDPR), GRC (Governance, Risk, Compliance), Security Architecture Design and Build (technical and Non-technical), Incident Response, Protective Monitoring Services, Penetration Testing and much more. We take clients through a journey to improve their overall security posture and maturity to ensure they feel reassured in the Security control, measures and systems we have put in place in line with their requirements. At CGI training and development is very important not only do we give you training to keep you up to date with the latest trends within an ever-changing landscape, but we also combine that training with your career ambitions, so we support you in taking your career anywhere you want it to go. Our roles are only available if you hold or fulfil the criteria to obtain a UK Security Clearance. Your future duties and responsibilities An opportunity for an experienced penetration testers has become available due to growth, joining the CGI Cyber Security business unit, one of the largest groups of cyber security specialists in the UK. CGI has a long established reputation in this area, undertaking rigorous testing for a variety of commercial and public sector clients for over 30 years. Experience of the assessment of bespoke applications, cloud technologies and mobile applications (on diverse mobile platforms) would be of an advantage. You would join our established team of penetration testers with the possibility of progressing to team leader or principal tester positions. You would be able to work flexibly, undertaking work at home and at client sites across the UK. Required qualifications to be successful in this role - CHECK Team Leader (CTL) - CHECK Team Member (CTM) - CREST Certified Simulated Attack Specialist (CCSAS) - CREST Certified Tester (CCT). Sometimes known as CREST Certified Infrastructure Tester (CCT Inf) or CREST Certified Web Application Tester (CCT App) - Cyber Scheme Team Leader (CSTL) - TigerScheme Qualified Security Team Leader (QSTL) - Crest Registered Tester (CRT) - Cyber Scheme Team Member (CSTM) - TigerScheme Qualified Security Team Member (QSTM) - CREST Practitioner Security Analyst (CPSA) - Offensive Security Certified Professional (OSCP) Together, as owners, let's turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction. Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team-one of the largest IT and business consulting services firms in the world.

An exciting opportunity has arisen for a Threat Detection Engineer to join a well-established biotech company using large-scale genetic data and AI to predict disease risk and advance precision healthcare. As a Threat Detection Engineer, you will be responsible for developing and enhancing threat detection capabilities within a modern cloud-first setting. This role offers hybrid / remote working options, a salary range of £60,000 - £80,000 and benefits. You will be responsible for: Designing and implementing threat-led detection logic informed by threat intelligence and hunting activities. Developing innovative analytical techniques to identify incidents effectively. Collaborating with an outsourced SOC to maintain, tune, and optimise detection catalogues. Creating and refining DLP, Insider Risk Management, and other security rules using cloud-native tools. Monitoring and ensuring high-quality service delivery from external SOC providers. Automating reporting on security performance and operational metrics. Partnering with technology teams to ensure adequate monitoring across cloud platforms, SaaS, and internal systems. Documenting security processes, tool configurations, and contributing to service delivery documentation. Supporting colleagues with ISO 27001 compliance and KQL-related tasks. What we are looking for: Previously worked as an SOC Analyst, Threat Detection Engineer or in a similar role. Must have strong expertise in KQL. Hands-on experience with Microsoft Sentinel and Defender (Endpoint, Office 365). Familiarity with Microsoft Entra ID, including Identity Governance. Experience with Microsoft Purview, particularly DLP and data protection tools. Exposure to cloud-native logging in Azure and Kubernetes environments. Understanding of "detection as code" or "everything as code" approaches, including CI/CD pipelines. Experience working with or alongside MSP SOC teams. Awareness of Agile methodologies and ways of working. Knowledge of attacker TTPs, threat modelling, and cyber security frameworks. Understanding of statistics, data science, or AI/ML as applied to security. Awareness of ISO 27001 standards. Relevant cyber security certifications (e.g., MS-500, AZ-500, SC-200, SC-300, SC-400, Security+, GSOC, CCSK). This is a rare chance to contribute to meaningful cyber security work in a role where your expertise will directly influence how threats are detected and mitigated at scale. Relevant job titles: Threat Detection Engineer, Cyber Threat Engineer, Detection & Response Engineer, Security Detection Engineer Important Information: We endeavour to process your personal data in a fair and transparent manner. In applying for this role, Additional Resources will be acting in your best interest and may contact you in relation to the role, either by email, phone, or text message. For more information see our Privacy Policy on our website. It is important you are aware of your individual rights and the provisions the company has put in place to protect your data. If you would like further information on the policy or GDPR please contact us. Additional Resources Ltd is an Employment Business and an Employment Agency as defined within The Conduct of Employment Agencies & Employment Businesses Regulations 2003.

The Information Security Officer will support the safeguarding of the organisation's information assets by identifying risks, monitoring security controls, and ensuring best-practice governance. The role also contributes to incident response, third-party oversight, and ongoing security improvements. It is a hybrid role. You can choose to work in either one of the offices: Manchester, Cardiff, London. Client Details The client is a rapid growing finance service provider, with a strong focus on data protection, operational resilience, and continuous improvement in cybersecurity. They offer a supportive environment with investment in modern tools, frameworks, and professional development. Description Conduct and support information security risk assessments, vulnerability reviews, and the maintenance of the risk register. Work closely with SOC team and infrastructure team for remediation plan Assist with regulatory and audit obligations by preparing documentation and ensuring compliance with legal standards. Maintain and update security policies, standards, and procedures to reflect organisational needs and current threats. Deliver security awareness initiatives and training to promote secure behaviours across the organisation. Perform due-diligence reviews of third-party suppliers and support ongoing monitoring of external security risks. Profile Experience in information security, risk assessment within a regulated or structured environment. Familiarity with security monitoring tools, vulnerability management, and supporting audit activities. Understanding of security frameworks such as ISO 27001, NIST, or Cyber Essentials. Strong communication skills, with the ability to explain technical security matters to non-technical stakeholders. Highly organised, proactive, and capable of managing multiple priorities with attention to detail. Relevant qualifications (CISM is highly preferred) or certifications (e.g., CISMP, Security+, CISM, CISSP, SC-200, AZ-500) Job Offer Hybrid role: 60% in Manchester, Cardiff or London office 25 days holiday plus birthday off Pension Scheme (8% matched) Life Assurance Private Medical Insurance Gym Memberships Retails discounts

Senior Security & Technology Consultants Location: Warton, UK (On-Site - 5 Days per Week) Clearance Required: Valid MOD DV (Mandatory) Engagement Type: Contract (Inside IR35) Day Rate: 500 - 900 per day (dependent on role and experience) Overview We are seeking experienced Security & Technology Professionals to support critical programmes in a secure defence environment. These roles span architecture, assurance, operations, and technical delivery disciplines and require individuals who can operate effectively within highly regulated, mission-critical settings. All positions are based full-time on-site in Warton (5 days per week) and require candidates to hold a current and valid MOD DV clearance at the time of application. Scope of Opportunities We are hiring across multiple security and technology disciplines, including: Security Architects Security Assurers Information Security Consultants SOC Analysts OT Architects Cross Domain SMEs IT Administrators Service Managers Product Security Managers Penetration Testing Specialists Technical Project / Programme Managers Key Responsibilities (Role Dependent) Security Architecture & Design Define and review secure architectures across enterprise IT and OT environments. Act as technical authority for secure system design and implementation. Lead threat modelling, risk assessments, and security design reviews. Ensure compliance with defence security standards and secure-by-design principles. Security Assurance & Governance Deliver independent security assurance across programmes. Support accreditation activities and compliance reviews. Develop and maintain security documentation, standards, and risk registers. Security Operations & SOC Monitor, analyse, and respond to security events and incidents. Strengthen detection, response, and resilience capabilities. Support vulnerability management and remediation activities. OT & Cross Domain Security Provide expertise in Operational Technology environments. Design and assure secure cross-domain solutions and data transfer mechanisms. Evaluate network segregation and high-assurance controls. Penetration Testing & Vulnerability Management Conduct or oversee penetration testing engagements. Assess vulnerabilities and validate remediation strategies. Support red/blue team activities where required. Service & Product Security Embed security into live service management processes. Act as Product Security lead across development lifecycles. Integrate DevSecOps controls and secure SDLC practices. Technical Delivery & Programme Support Manage security-focused technical workstreams. Provide governance reporting to senior stakeholders. Translate technical risks into business impact and mitigation plans. Essential Requirements Valid and transferable MOD DV clearance (mandatory). Availability to work on-site in Warton, 5 days per week. Strong background in one or more of the listed security disciplines. Experience working in secure, defence, or highly regulated environments. Relevant certifications (e.g., CISSP, CISM, TOGAF, CREST, cloud certifications).

Murphy is recruiting for a Senior IT Project Manager to work with the ever growing It Team at Wigan - WA3 3JD Operating in the United Kingdom, Ireland, Canada and the USA, Murphy provides better engineered solutions to infrastructure sectors including transportation, water, power and natural resources. So that our teams out on projects can run smoothly it is vital that we have robust support functions in place. In this role you will manage a range of stimulating, challenging and rewarding projects, helping to ensure successful delivery against agreed scope, schedule, budget, and quality standards, whilst driving strong governance, proactive risk management, and high-quality stakeholder engagement. You will work closely with sponsors and staff from operational, business support and IT services, as well as with third party suppliers and vendors. Reporting to the Head of IT Programme Management, and working closely with the IT Programme Management Office, you will be joining a growing team of enthusiastic project and programme management professionals, who are focussed on driving and implementing digital transformation and change. The ideal candidate will come with energy, significant project management experience, highly developed organisational skills, a good understanding of programme management and a track record of successful project delivery A day in the life of a Murphy IT Project Manager Lead end-to-end delivery of multiple IT projects. Manage the full lifecycle of digital, data and technology projects, ensuring successful delivery against scope, budget, timeline, and quality requirements. Ensuring alignment with business objectives, requirements, governance frameworks and the IT strategy. Drive project scoping and definition, including business case development, requirements gathering, definition of deliverables, identification of benefits, and agreement of success metrics, in conjunction with business analysts, subject matter experts, sponsors and stakeholders. Ensure compliance with agreed project standards in relation to governance, processes, frameworks and documentation, in accordance with, and overseen by the Project Management Office, and be an advocate for best practice. Develop and maintain detailed project plans. Create and maintain project documentation including Project Initiation Document, plans, RAID logs, budgets, and change controls, ensuring full alignment with IT governance and Programme Management Office standards. Identify and manage risks and issues throughout the project lifecycle, implementing mitigations and escalating appropriately. Oversee technology design and implementation. Collaborate with Solution Architecture, Infrastructure, Network, Cyber Security, and Applications teams to ensure solutions are properly designed, tested, and deployed in-line with IT standards and best practice. Ensure timely deployment of systems, networks, platforms, devices, and security technologies needed to support business operations and strategic initiatives. Lead cross functional project teams. Provide direction, coordination, and guidance in both matrix and multidisciplinary environments. Provide direction to IT teams and oversee third party suppliers and vendors to ensure coordinated delivery and high-quality outcomes. Develop trusted and robust relationships with project sponsors, subject matter experts, stakeholders and IT staff to ensure that project delivery success is maximised. Manage vendor and supplier relationships. Serve as a key point of contact within the IT department, providing clear updates, managing expectations, and building effective working relationships across technical and non-technical teams. Deliver clear and effective reporting. Reporting to sponsors, stakeholders, steering groups, and senior leadership through dashboards, status reports, and governance packs. Management of change requests. Ensure that change requests are properly defined, documented, reviewed and signed-off by project sponsors and that the impact and consequence of any change request is understood. Ensure effective handover of projects to operational support teams. Ensure that projects are handed over effectively and that all necessary training, support and materials are in place to effect smooth transition to business as usual. Support the Head of IT Programme Management and the Programme Management Office in identifying interdependencies and issues that may adversely impact delivery of IT projects and work plans. Still interested does thsi sound like you? Bachelor's degree, or equivalent knowledge and experience, in a project management discipline. Qualifications in recognised project management methodologies e.g. PMP, PRINCE2, APM, or equivalent professional qualification. Recent experience working as a Senior Project Manager supporting the delivery of digital transformation. Proven experience managing budgets, schedules, and stakeholders within formal Programme Management Office frameworks, including governance and assurance, risk and incident management, and benefit realisation. Experience using MS Planner, using a PPM system such as the Wellingtone Accelerator+ application. Excellent verbal and written communication skills, with demonstrable experience in document writing, reporting, presenting, facilitation, negotiation and influencing skills. Skilled at assembling, building, enabling and managing project delivery teams that accept responsibility and who are accountable for their decisions and actions. Works within deadlines, prioritises effectively and delivers at pace. Excellent IT skills, able to use a wide range of software packages including, Microsoft Planner/Project, PowerPoint, Excel, Word, Outlook, Teams, Visio and Devops. Evidence of continuing professional development and appropriate professional registration. Willing to travel to Murphy sites and offices as required to deliver projects and be part of the ongoing development of the IT Programme Management teams and wider IT department.

Cyber Security Analyst DGH Recruitment are currently recruiting on behalf of a leading client in the professional services industry who require a Cyber Security Analyst to join the firm in Newcastle. The scope of the Information Security function includes all strategic security planning and control oversight to ensure effective risk mitigation takes place within the firm. The team operates a number of security solutions directly, such as anti-malware solutions, Internet security proxy servers, and the vulnerability scanning platforms. Key Responsibilities: Review, action, and escalate, any unusual event behaviour identified. Assist with development and maintenance of the Firm-wide security infrastructure configuration, policies and procedures, identifying improvements to procedures, and reporting on incidents. Actively promote security governance in support of the Information Security policies, to ensure appropriate measures are taken to secure the Firm's confidentiality and integrity. Encourage cooperative working with all business functions to achieve shared goals, ensuring skills transfer and technical security awareness within the teams. This includes writing process documents and conducting training. Key Skills and Experience: At least 5 years' experience working within Information Security infrastructure or vocation to move from another technical discipline. Proven ability to adapt quickly to emerging threats or new information, shifting focus as needed. Demonstrated expertise in Microsoft 365 Defender and Azure Sentinel for detecting, investigating, and responding to suspicious behaviors and anomalous activities. Familiarity with endpoint security solutions and security infrastructure, including EDR, vulnerability management tools, DLP solutions, and removable media encryption. Working knowledge of cloud based web and email filtering solutions such as , Zscaler, Mimecast, Proofpoint, or Cisco. Experience with securing cloud environments (AWS, Azure, GCP), including configuration management, identity and access controls, monitoring, and incident response. Familiarity with cloud security tools (e.g., Microsoft Defender for Cloud, AWS Security Hub), and cloud compliance frameworks (e.g., CIS, CSA CCM) is highly desirable. Experience with security automation and orchestration, including the use of scripting languages (such as PowerShell or Python) and SOAR platforms to streamline incident response, automate repetitive tasks, and enhance overall security operations. Strong knowledge of security technologies (e.g., firewalls, IDS/IPS, EDR, SIEM) Technical bachelor's degree or equivalent IT / Information Security experience (required) Security-related certification e.g. CompTIA Security+, GSEC, CISSP, CISA, CCSP (preferred). Good understanding of security frameworks such as ISO 27001, NIST, Mitre (preferred) Cyber Security Analyst In accordance with the Employment Agencies and Employment Businesses Regulations 2003, this position is advertised based upon DGH Recruitment Limited having first sought approval of its client to find candidates for this position. DGH Recruitment Limited acts as both an Employment Agency and Employment Business

Role Title: Cyber Risk Analyst Location: Knutsford 3 days on site Duration: 30/10/2026 Rate 404 MUST BE PAYE THROUGH UMBRELLA Role Description: "Role Overview: The Cyber Risk Analysts will work under the guidance of the Lead Consultant to execute the detailed risk assessments and analysis of End-of-Life technologies. In this role, you will collect and analyze data on EOL systems, evaluate cyber risks using the defined methodology, and support the implementation of remediation plans. Key Responsibilities: Perform Risk Assessments: Conduct in-depth cyber risk assessments for identified EOL systems and technologies, following the methodology and framework established by the project. Gather necessary information on assets (software, hardware, applications that are end-of-life or end-of-support) and assess the potential cyber threats, vulnerabilities, and business impacts associated with each5. Document findings meticulously, ensuring each risk item is well-described (likelihood, impact, severity) in the risk register. Required Skills & Competencies: Analytical Skills: Strong analytical and problem-solving skills are essential. The analyst must be able to assess complex IT systems and identify risk factors, interpret vulnerability data, and quantitatively rate risks. Attention to detail is critical for reviewing large lists of EOL assets and ensuring nothing is missed. Cybersecurity Knowledge: Good understanding of foundational cybersecurity principles (confidentiality, integrity, availability) and how outdated technologies can pose threats. Familiarity with common vulnerabilities and exploits affecting older systems (legacy OS, unsupported software) is beneficial. Knowledge of cyber risk frameworks and standards (such as NIST, ISO27001) and basic concepts of risk assessment is expectedxxiv. Qualifications & Certifications: Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent experience in cyber risk or IT security roles can be considered in lieu of a formal degree. Certifications: Relevant industry certifications are not mandatory but highly valued. Certifications demonstrating knowledge of security and risk principles (e.g., CompTIA Security+, Certified Ethical Hacker (CEH), or GIAC/GSEC) would be a plus. Certifications specifically in risk management or governance (such as CRISC, Certified Information Systems Auditor (CISA), or ISO 27001 Lead Auditor/Implementer) are also advantageous for this role, as they indicate a grasp of risk and control assessment practices. Experience: Years of Experience: Approximately 3-5+ years of experience in cybersecurity or IT risk roles. This could include experience as a Cyber Risk Analyst, IT Risk Analyst, Security Analyst, Vulnerability Management Specialist, or GRC (Governance, Risk & Compliance) Analyst. Candidates with slightly more or less experience will be considered based on skill fit, but a baseline understanding from a few years in the field is expected. Risk Assessment Background: Hands-on experience conducting risk assessments or security assessments is required. For example, experience in identifying and assessing risks for IT systems, writing risk or control reports, or supporting risk treatment projects. Familiarity with creating or maintaining risk registers and tracking mitigation actions is important (e.g., experience ensuring "risks and remediation plans are regularly addressed" in previous rolesxxvii). Industry-Specific Experience (Desirable): Experience in the financial services sector or other highly-regulated industries is a plus.

PMO Analyst - Power BI, Jira, Performance Reporting, RAID Up to 400 per day (Inside IR35 - Umbrella) 6 months London / Hybrid My client is an instantly recognisable firm who require a PMO Analyst with strong Power BI and Jira skills along with exceptional stakeholder management skills (up to Exec / Board level) to provide Portfolio / Programme governance, RAID management, change control and benefits tracking etc. CVs must demonstrate where, how and why you have used Power BI and Jira. Key Requirements: Demonstrable expertise as a PMO Analyst within a large, complex, Enterprise Scale organisation Excellent Reporting skills with the ability to create dashboards and to provide Performance Reporting and capability to use the Data to tell a story for stakeholders, proposing solutions to key stakeholders Strong Power BI (data modelling, measures, DAX, KPI visuals and bookmarks etc) skills Strong Jira (JQL, filters, dashboards, board configuration, workflows, custom fields, schemes etc) skills Understanding of Agile metrics (velocity, burn-down/up, cumulative flow, cycle/lead time) Ability to provide Portfolio / Programme governance, RAID management, change control and benefits tracking etc People-centric approach, with exceptional stakeholder management skills (up to Exec / Board level), with ability to build strong rapport with key stakeholders across the organisation, at all levels Flexible approach towards hybrid working (occasional international travel may be required) Good understanding of budgeting (Capex / Opex / Totex) Nice to have: Previous experience in Cyber-related Programmes Immediate availability (January 2026 start) Ability to mentor junior team members when required Experience of working in a Group Function of a large-scale organisation, across several market units Working knowledge of Portfolio tools (Azure DevOps / Planview etc) Spanish language skills are a plus Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)

Network Security Analyst Wigton, Cumbria Up to 35,500 per year Adecco Workington are delighted to be recruiting for our fantastic client, a well established international manufacturing organisation, to join their IT team as a Network Security Analyst. The role will involve: Monitoring network and user activity and managing security incidents Supporting security impact assessments and change management Maintaining IT controls and supporting audit activity Ensuring compliance with global cybersecurity standards Contributing to security policies and governance frameworks We are looking for: Experience in IT operations with exposure to cybersecurity or governance Knowledge of ISO 27001, GDPR and risk management frameworks Familiarity with vulnerability management, SIEM or EDR tools Strong understanding of Windows Server, Active Directory and Microsoft 365 security Strong analytical and communication skills What is on offer: Salary up to 35,500 depending on experience Performance related pay and annual bonus 25 days holiday plus bank holidays Flexible working options Competitive pension and healthcare benefits This is an excellent opportunity to develop your career within a global organisation committed to security and continuous improvement. Adecco acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. The Adecco Group UK & Ireland is an Equal Opportunities Employer. By applying for this role your details will be submitted to Adecco. Our Candidate Privacy Information Statement explaining how we will use your information is available on our website.

This role has a starting salary of 70,975 per annum, for working 36 hours per week. We are excited to be recruiting a Chief Information Security Officer to join our fantastic team based at Woodhatch Place in Reigate. We offer a hybrid working model with a minimum of two office days per week. Our Offer to You 26 days' holiday, rising to 28 days after 2 years' service and 31 days after 5 years' service (prorated for part time staff) Option to buy up to 10 days of additional annual leave A generous local government salary related pension Up to 5 days of carer's leave and 2 paid volunteering days per year Paternity, adoption and dependents leave An Employee Assistance Programme (EAP) to support health and wellbeing Learning and development hub where you can access a wealth of resources Wellbeing and lifestyle discounts including gym, travel, and shopping A chance to make a real difference to the lives of our residents. About the Role In this senior leadership role, you will own and drive cyber security strategy, governance and operational resilience across Surrey County Council's complex hybrid environment. Your typical week will include: Leading cyber risk management, governance forums and assurance activity across IT&D, ensuring risks are identified, assessed and clearly reported to senior stakeholders. Overseeing incident preparedness and live response, including coordination with suppliers, IT operations and information governance. Providing expert direction on security technologies, control effectiveness, logging/monitoring, and vulnerability management priorities. Setting clear security expectations and driving cultural change across service owners, technical teams and leadership groups. Developing and maintaining cyber policies, standards and evidence based reporting. This is a hands-on leadership role where strategic thinking and operational decision-making are equally important. You will hold line management responsibility for the cyber security function, including analysts or virtual team members through matrix management, and provide leadership and direction across IT&D and supplier teams. Within your first 12-18 months, you will be expected to lead or significantly contribute to: Delivery of a refreshed cyber security strategy and multi year improvement roadmap Establishment of strengthened cyber governance, including improved reporting, risk tracking and decision making structures Implementation of a formal cyber exercising programme (tabletop and technical) across IT&D, information governance and key suppliers Measurable improvements in vulnerability management, logging/monitoring coverage and supplier assurance Significant uplift in incident response maturity, including documentation of playbooks, interfaces and recovery expectations. This role is central to strengthening the resilience of essential public services. You will directly shape the council's ability to manage and reduce cyber risk, influence technology and service design decisions, and embed a cyber aware culture across one of the UK's largest local government environments. With a dedicated investment programme to drive security improvements, you will have a significant opportunity to transform how the organisation protects its people, data and systems. Your Application In order to be considered for shortlisting, your application will clearly evidence the following skills and align with our behaviours: Significant senior cyber security leadership experience in a complex organisation Strong capability to operate strategically and hands on, delivering measurable security improvements Deep understanding of cyber risk management, governance and assurance frameworks Proven experience leading cyber incidents, including response coordination and exercising Excellent communication and stakeholder influence skills across technical and non technical groups Familiarity with NCSC aligned approaches and/or frameworks such as NIST CSF Relevant professional qualifications such as CISSP or CISM To apply, we request that you submit a CV and you will be asked the following 4 questions: What steps would you take in your first few months to understand our cyber risks and priorities? Can you describe a complex cyber incident you have led, including how you coordinated the response and what improvements were implemented afterwards? How do you balance strategic cyber security planning with hands on delivery to ensure both long term resilience and quick, tactical gains? Which cyber security governance or risk management frameworks (e.g., NCSC CAF, NIST CSF) have you implemented, and how have they influenced decision making and assurance in your previous organisations? The job advert closes at 23:59 on 12/04/2026 with interviews planned shortly afterwards. Local Government Reorganisation (LGR) Surrey County Council is undergoing Local Government Reorganisation, moving from a two-tier system to two new unitary councils in April 2027. If you are employed by Surrey on 1st April 2027, your role will transfer with current terms and conditions to one of the new organisations, supporting local devolution and greater powers for our communities. Join our dynamic team and shape the future of local government. Make a lasting impact with innovative solutions and improved services for our community. Help us build a brighter future for our residents! Our Commitment We are a disability confident employer which means if you have shared a disability on your application form and have evidenced you meet the minimum criteria, we guarantee you an interview. Your skills and experience truly matter to us. From application to your first day, we're committed to supporting you with any adjustments you need, we value inclusion and warmly welcome you to join and help build a workplace where everyone be

Application Analyst - Hosting Services Home Based (UK) Our client, a leading provider of Local Government software solutions, is seeking an experienced Application Analyst to join their Hosting Services team. You will provide expert support for client-server and web applications, ensuring service continuity, troubleshooting issues, and enhancing customer experience in a Microsoft Windows-based environment. Key Responsibilities: Provide application expertise, guidance, and troubleshooting for hosted client-server and web applications. Lead incident management and escalate issues to ensure timely, high-quality customer updates. Collaborate with project and delivery teams for smooth customer onboarding. Maintain system build standards and support IT service management processes. Develop innovative solutions to improve service efficiency. Monitor environments and proactively identify issues using tools like PRTG or Zabbix. Ensure adherence to security, governance, and compliance policies. What we're looking for: 3+ years supporting client-server and web applications (Apache/IIS) in Windows Server environments. Strong SQL Server or Oracle database skills; scripting experience (SQL, PowerShell, Python, VBS). Knowledge of virtualized environments, data centres, and IT infrastructure (VMWare). ITIL-based incident, problem, and change management experience. Networking fundamentals (TCP/IP, DNS, Firewalls) and cybersecurity awareness. Strong troubleshooting, communication, and customer service skills. Desirable: Experience in Local Government application support. Basic project management skills. Why join: Home-based role with occasional travel. Flexible, supportive, and collaborative working environment. Opportunities for professional development and career growth. Apply Now: Submit your CV and a short cover letter (max 500 words, including salary expectations) ersg are an equal opportunities employer; we are committed to promoting equality of opportunity for all job applicants. We do not discriminate against applicants on the basis of age, sex, race, disability, pregnancy, marital status, sexual orientation, gender reassignment or religious background; all decisions are based on merit.

Cybersecurity Vulnerability Lead - £700 per day - Inside IR35 - Remote - 6 Months initial contract. Our client, the UKs leading producer of Zero Carbon energy, is looking for a Cybersecurity Vulnerability Lead to join them on a contract basis. This is a senior role with responsibility for the organisation s vulnerability management programme across multiple business units, technologies, and regulatory environments. The organisation has made significant investment in Tenable as its core vulnerability management platform. You ll be expected to lead its strategic and day-to-day usage, ensuring vulnerabilities are accurately identified, prioritised, and remediated while driving continuous improvement in how the platform is integrated and utilised. Candidates with strong Tenable expertise, particularly those who have embedded it at scale in large or regulated environments such as financial services, will be especially attractive for this role. Security Clearance - Due to the sensitive nature of the work, candidates must be eligible for SC clearance. Candidates with active or recently lapsed SC clearance will be prioritised. Applicants without clearance must be willing and eligible to undergo vetting. The Role - As Cybersecurity Vulnerability Lead, you will: Own the end-to-end vulnerability management programme, with Tenable One at the core. Define and deliver the strategy, policies, SLAs, and operating rhythm. Lead on risk-based prioritisation using exploit intelligence, asset criticality, and business impact. Translate scan data into clear, actionable remediation plans for technical teams. Build dashboards and executive reports (ServiceNow, Power BI). Provide rapid risk assessments and emergency patch governance during incidents. Support audits and regulatory compliance (ISO27001, CE+, GDPR, NIS2, ONR). Drive automation, integrating tools and workflows to improve efficiency. Act as subject matter expert for Tenable and related tooling, ensuring platforms are fully leveraged. Mentor analysts and security champions, building maturity across the team. About You - You will bring experience leading vulnerability management at enterprise scale, ideally in financial services or similarly regulated industries. You should also have hands-on knowledge of the following: Core Vulnerability Management - Tenable One (Exposure Management, Attack Surface Management, Attack Paths, Identity) AWS Inspector Agent-based and network-based scanning Cloud integrations (AWS, Azure, GCP) Dashboards and risk-based prioritisation Patch & Endpoint Management - Microsoft Intune / SCCM / WSUS Jamf Workflow & ITSM Integration - ServiceNow (dashboards, SOAR) Jira Cloud & Application Security - AWS Security Hub Azure Defender for Cloud Veracode Threat Intelligence & Exploit Context - Tenable Threat Intelligence Exploit DB Metasploit SIEM, SOAR & Monitoring - Microsoft Sentinel SOAR platforms (ServiceNow SOAR) Automation & Scripting - Python, PowerShell, Bash, Ansible Reporting & Metrics - Power BI ServiceNow dashboards Excel (advanced analysis) Frameworks & Standards - NIST CSF, ISO 27001, OWASP, CE / CE+, GDPR, NIS2, ONR Security Domains / Capabilities - Identity and Access Management (IAM) Network Security Data Protection Cloud Security Controls Application Security Security Monitoring Processes & Practices - Vulnerability Management Programmes Incident Response and Threat Assessment Emergency Patch Governance Risk-based Prioritisation (CVEs, exploit intelligence, asset criticality, business impact) Audit Support (internal assurance, penetration test follow-ups, external audits) Exception and exemption management Automation of manual tasks Dashboarding for risk and SLA metrics What's on Offer - A leadership role with significant influence across a major UK organisation. Opportunity to work with a forward-thinking Cyber Services function pushing boundaries in vulnerability management.

Purpose of the Job: Design, build, and maintain robust data systems and pipelines that support data storage, processing, and analysis on the Cloud. Work with large datasets, ensuring data quality, scalability, and performance, while collaborating. closely with data scientists, analysts, and other engineering teams to understand their data needs and provide them with high-quality, accessible data. They are responsible for ensuring that the underlying data infrastructure supports the organizations broader data and business goals, enabling more effective data-driven decision-making. Key Accountabilities: Design and implement scalable, efficient, and secure data architectures, ensuring optimal data flow across systems in order to achieve high service levels of support, maintenance and development You will own development and change projects to ensure requirements are met in the most cost-effective manner while minimising associated risk to expected standards. Responsibly for cloud data platform development, data modelling, shaping and technical planning You will be a mentor among the owning decision making and evaluation of requirement suitability, facilitate reliable estimates, technical project management, stakeholder management with a project Ensure that resource requirements are understood and planned/estimated effectively against demand, including identification of additional temporary resource capability within projects Maintain appropriate process procedures, compliance and service level monitoring, performance reporting and vendor management. Implementing best practices around data security, privacy, and compliance for the teams compliance with cyber security and data protection and supporting along with BI lead Strong stakeholder management will be required for maintaining relationships with our business users to clarify and influence requirements. Including liaising with internal business departments and functions to manage the service level expected from the data team. Collaborating with external organisations and third-party software/service suppliers for ongoing support, maintenance and development of systems. You will be able to demonstrate you are quality focused to ensure that they solutions are built to an appropriate standard whilst being balanced with a drive to deliver against tight deadlines. Support in developing and implementing best practices and process across the team along with BI lead. Influence the evolution of business and system requirements and contribute to the design of technical solutions to feed a delivery pipeline that increasingly employs Agile methods such as SCRUM and Kanban You will be required to develop unit tested code and then support test cycles including post implementation validation. You will be required to contribute to the transition into service and ongoing support of the applications in the area which provides the opportunity to reduce technical debt and rationalise our technical footprint Mentor data engineers, supporting their professional growth and development Outcome, Results and Key Performance Indicators: Delivery of projects to expected timely, cost and quality standards Excellent levels of application availability and resilience as required by business operations. Necessary governance and control requirements defined - design, code and test standards and guidelines. Ensure data systems comply with necessary governance and control requirements. Internally-developed data solutions are fit for purpose and fit correctly within the data architecture. Built and tested to user requirements, performing to defined performance and capacity requirements. Company data is secure, accurate, maintained and available according to requirements. Technical risks and issues correctly mitigated and managed on Projects and Production support. High quality software delivered in to production - zero critical and high defects before production release. Dimensions of Job: This role is part of a well-established data team, the role offers a great opportunity for the right candidate to hone their modern data management skills in a friendly and supportive environment. This role requires attendance to a Leeds based office as often as needed with a minimum 2 days a week. Able to work effectively as part of a remote team. A great opportunity for a motivated data engineer seeking a new opportunity with a friendly, newly formed data team and able to contribute to the team's growth with their technical expertise Key Relationships: Internal: Wider technical teams (including apps, test, dev ops and more), Project managers, business SME's, data teams and communities , Data scientists, BI Lead, Head of Data External: software & service suppliers, consultants. Knowledge and Skills: Knowledge - Broad data management technical knowledge so as to be able to work across full data cycle. - Proven Experience working with AWS data technologies (S3, Redshift, Glue, Lambda, Lake formation, Cloud Formation), GitHub, CI/CD - Coding experience in Apache Spark, Iceberg or Python (Pandas) - Experience in change and release management. - Experience in Database Warehouse design and data modelling - Experience managing Data Migration projects. - Cloud data platform development and deployment. - Experience of performance tuning in a variery of database settings. - Experience of Infrastructure as code practises. - Proven ability to organise and produce work within deadlines. Skills - Good project and people management skills. - Excellent data development skills. - Excellent data manipulation and analysis skills using a variety of tools including SQL, Phyton, AWS services and the MSBI stack. - Ability to prioritise and be flexible to change those priorities at short notice. - Commercial acumen. - Able to demonstrate a practical approach to problem solving. - Able to provide appropriate and understandable data to a wide ranging audience. - Well-developed and professional communication skills. - Strong analytical skills - ability to create models and analyse data in order to solve complex problems or reinforce commercial decisions. - Able to understand business processes and how this is achieved/influenced by technology. - Must be able to work as part of a collaborative team to solve problems and assist other colleagues. - Ability to learn new technologies, programs and procedures. Technical Essentials: - Expertise across data warehouse and ETL/ ELT development in AWS preferred with experience in the following: - Strong experience in some of the AWS services like Redshift, Lambda,S3,Step Functions, Batch, Cloud formation, Lake Formation, Code Build, CI/CD, GitHub, IAM, SQS, SNS, Aurora DB - Good experience with DBT, Apache Iceberg, Docker, Microsoft BI stack (nice to have) - Experience in data warehouse design (Kimball and lake house, medallion and data vault) is a definite preference as is knowledge of other data tools and programming languages such as Python & Spark and Strong SQL experience. - Experience is building Data lake and building CI/CD data pipelines - A candidate is expected to understand and can demonstrate experience across the delivery lifecycle and understand both Agile and Waterfall methods and when to apply these. Experience: This position requires several years of practical experience in a similar environment. We require a good balance of technical and personal/softer skills so successful candidates can be fully effective immediately. - Proven experience in developing, delivering and maintaining tactical and enterprise data management solutions. - Proven experience in delivering data solutions using cloud platform tools. - Proven experience in assessing the impact of proposed changes on production solutions. - Proven experience in managing and developing a team of technical experts to deliver business outcomes and meet performance criteria. - Exposure to Energy markets, Energy Supply industry sector - Developing and implementing operational processes and procedures.

SAP Basis Administrator £60,000 - £65,000 + Bonus and Benefits Full Time / Permanent Hybrid / Birmingham The Role I am looking for a driven SAP Basis Administrator / Analyst to join a large and nationally recognised manufacturing client based in the Birmingham area as the continue on their digital evolution. As a SAP Basis Administrator / Analyst you will be a key member of a dynamic internal IT team acting as the technical subject matter expert for all things SAP infrastructure. The successful candidate will work across a broad technical landscape - translating business needs into innovative SAP platform solutions, ensuring system availability, security, and performance. Responsibilities Lead SAP infrastructure service management activities, ensuring reliable, secure and cost-effective solutions. Manage third-party SAP hosting providers, ensuring delivery against SLAs and governance standards. Acting as SAP SME on IT and business transformation projects. Monitor system performance, capacity, and availability - and planning smart enhancements. Support compliance with SOx, audit and security standards such as ISO27001 and Cyber Essentials. Investigate and resolve incidents, support users, and ensure root cause analysis is actioned. The Person Experience in a similar SAP Basis Administration role in a large enterprise environment Extensive experience of SAP infrastructure and associated technologies Strong knowledge of IT governance, audit, and service management principles Ability to translate business requirements into robust, scalable solutions Excellent communication and stakeholder engagement skills Please apply via the link or contact for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

Cyber Security Project Manager (Change and Transformation) Utilities Hybrid: 1-4 days per month in Selby, Yorkshire 6 months £700 per day In short: Cyber PM required to join a cyber regulatory team in enhancing their NIS status. Classic PM skills, ideally utilities, oil, energy background and an understanding of cyber regulations would be great. This is not a techy PM role - this is change and transformation. In full: Purpose: Responsible for the delivery of complex projects to the agreed time, cost and ensuring standards and best practices are adhered to and that blockers are responded to robustly and quickly. Understands the NIS Regulatory Compliance roadmap and work with relevant business partners to prioritise and mobilise work in accordance with available capacity, ensuring demand view is kept up to date. Works with business sponsors and stakeholders to define how the projects will be delivered and methodology to be used. The role oversees all aspects of the project delivery through to handing over to business as usual, through the effective management of; assigned resources (both internal and external), approved suppliers, allocated budgets and financial approval process. Key accountabilities: Ensure all projects align to High Level EP plans and project reference numbers Ensure that all projects consider the appropriate scope and stakeholders, i.e. should the project deliver a Generation solution rather than a solution for an individual business unit such as DPS or Hydro? Ensure realistic project plans are in place and maintained with risk based contingency planning Ensure that requirements consider the Ofgem Guidance issued within the Cyber Assessment Framework (CAF) overlay associated with the Contributing Outcome and Indicators of Good Practice that projects are seeking to satisfy Ensure resources are committed and lead the matrix team to meet agreed timescales, assisting the team in removing blockers to their delivery Monitor costs, timescales, resourcing, and notify Programme Manager on any deviation from agreed tolerances through close management of risks and issues Ensure requirements aligned to business outcome of project, working closely with stakeholders and analysts to identify, challenge and agree/challenge the scope and critical purpose of the project. Ensure all projects follow the stage gate process and produce the appropriate artefacts, that are approved and signed off by relevant stakeholders Ensure any changes to the scope of a project is appropriately managed and approved Skills and experience: Experience delivering projects within same or similar industry Demonstrable experience in proactively managing and delivering all aspects of challenging systems changes in a complex and demanding environment while maintaining structure and clarity Demonstrable experience in proactively managing and delivering all aspects of challenging business change projects in a complex and demanding environment while maintaining structure and clarity Extensive knowledge of project management processes, systems development methods, organisational change management concepts, and business process improvement methods. Proactively manages changes in project scope, identifies risk and issues, and devises contingency plans. Ability to identify and resolve issues and conflicts within the project team(s). Ability to plan, schedule, and track project timelines, milestones, and deliverables using appropriate tools. Ability to utilise MS Project for project planning Ability to adhere to Programme Governance and reporting processes Strong planning, organisational, and leadership skills. Candidates will ideally show evidence of the above in their CV in order to be considered.Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.

Cyber Security Lead Oxfordshire - Hybrid - 2 days per week (Flexible) 50k - 60k plus Benefits Our Client are an award-winning leading IT company offering complete outsourced IT solutions to organisations across the UK and Europe. Based in Oxfordshire they provide a comprehensive range of support services, software and hardware solutions to major blue-chip clients and their technicians are highly skilled in planning, implementing and trouble shooting. They strive to become one of the top places to work in the UK - in fact, they believe that they already are! Most of the team have been here for years, have built a terrific career, and as corny as it may sound, they really do call themselves the Planet Family. They welcome new people to the team all the time, from all backgrounds and all levels of experience. They are able to attract talent to our business by investing in staff training and staff rewards, which has become a bedrock of our success. This initiative has resulted in staff becoming even better at what they do, great staff retention and greater company buy-in from the team. As part of this strategy, the more staff learn via official courses, the better the service and the more we reward them. Primary Purpose The Security Lead is both the client-facing strategist and the internal accountable owner of security within the MSP. They lead Quarterly Security Reviews (QSRs), own the client risk register and exception process, and ensure services are delivered in line with frameworks such as Cyber Essentials, ISO27001, and NIST. Internally, the Security Lead is accountable for the MSP's own security posture ensuring tools, processes, and teams meet the same standards we deliver to clients. They monitor measurable posture metrics (e.g., Microsoft Secure Score, Vulnerability etc.), ensure continuous improvement, and keep the MSP's security practice relevant through ongoing training, certifications, and emerging threat awareness. While day-to-day execution is delegated to Security Analysts and service teams, the Security Lead owns security end-to-end: identifying risks, embedding controls, and ensuring compliance is demonstrable. Key Responsibilities Client-Facing Lead Quarterly Security Reviews (QSRs), presenting patch/vulnerability posture, incidents, compliance status, and risk register updates. Translate technical security risks into clear business impact and outcomes. Own the client exception process, ensuring risks are documented, communicated, and signed off. Support Account Managers and Strategic Partnership Managers in roadmap and IT strategy sessions. Act as the strategic security escalation point for clients when risks require senior involvement. Internal MSP Security Own the MSP's internal security frameworks and certifications (e.g., CE+, ISO, SOC 2). Oversee patching, vulnerability, and risk management of MSP-owned infrastructure and tools. Ensure MSP's technology stack (RMM, XDR, PSA, backup, etc.) is securely deployed and monitored. Drive staff security awareness, training, and compliance with secure processes. Delegate operational tasks to Security Analysts while retaining accountability for end-to-end outcomes. Governance & Standards Maintain the client and internal risk registers. Define and evolve gold-standard security "whitepapers" for projects and BAU. Sign off security requirements for project scope/designs that impact compliance or frameworks. Collaborate with Service Delivery Manager and Project Delivery Manager to ensure security is embedded in BAU, change control, and project execution. Monitor and report on client posture metrics (e.g., Microsoft Secure Score, M365 compliance dashboards). Drive continuous posture improvement across client environments. Team Leadership & Growth Mentor and develop Security Analysts. Ensure team certifications remain up to date (minimum 2 per year per Analyst). Lead internal knowledge-sharing sessions to keep the team and wider MSP relevant against new threats and frameworks. Champion automation (RPA/AI) in evidence gathering, reporting, and triage. Identify scale points for growing the Security Practice (e.g., Security Architect, more Analysts). Behaviors Required Strategic Thinking - able to translate technical risks into business outcomes and align security initiatives with client goals and budgets. Strong Governance Mindset - experienced in managing frameworks (Cyber Essentials, ISO27001, NIST) and embedding them into MSP operations and client environments. Risk Communication - skilled at presenting complex security issues clearly to non-technical stakeholders, both internally and at client leadership level. Technical Depth - hands-on understanding of vulnerability management, patch governance, endpoint security (EDR/XDR), and cloud (M365/Azure security). Analytical Skills - capable of interpreting scan results, posture metrics (e.g., Microsoft Secure Score), and incident trends into actionable insights. Delegation & Leadership - experienced in mentoring Analysts and delegating effectively while retaining accountability for outcomes. Collaboration - able to work cross-functionally with Service Delivery, Projects, Account Managers, and vendors to embed security consistently. Continuous Learning - committed to staying current with evolving threats, frameworks, and technologies, and ensuring the team is trained and certified. Client-Facing Confidence - comfortable leading Quarterly Security Reviews (QSRs), participating in roadmap sessions, and engaging with C-level stakeholders. Change Agent - able to influence internal teams and clients to adopt best practice, even when it means shifting established ways of working. Person Specification: Minimum 5+ years in IT security or MSP environment. Strong knowledge of Cyber Essentials, ISO27001, or NIST frameworks. Experience with patch/vulnerability management governance. Ability to communicate technical risks in business language. Proven ability to run client-facing reviews or presentations. Desirable CISSP, CISM, or equivalent certifications. Experience delivering or auditing compliance frameworks. Familiarity with RMM/XDR/EDR, SIEM, and vulnerability scanning platforms. Experience leading small teams (mentoring, guiding). Exposure to incident response and tabletop exercises. What Success Looks Like: Success means the Security Lead is recognised by clients as a trusted advisor who simplifies security into business language. All client and internal risks are captured, visible, and acted upon with no blind spots. QSRs consistently deliver actionable improvements that feed into roadmaps and IT strategy, while client security posture measurably improves quarter-on-quarter (demonstrated in metrics such as Microsoft Secure Score, CE+ readiness, and vulnerability closure rates). Internally, the MSP leads by example: our own systems, tools, and processes are secure, audit-ready, and improving over time. The Security Lead ensures their team is certified, trained, and ahead of industry changes, delegating operational execution while embedding governance across service, INDIT Planet Recruitment acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. Planet Recruitment is an Equal Opportunities Employer. By applying for this role your details will be submitted to Planet Recruitment. Our Candidate Privacy Information Statement explains how we will use your information. Only candidates with the relevant skills and experience will be contacted after application, if you do not hear back from us within 7 days you have unfortunately been unsuccessful in your application. Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and abilities to perform the duties of the position.

Senior Business Analyst Daily rate paying Outside IR35 Location: Edinburgh Job Type: Hybrid (1 day per week in the office) Join a leading public sector initiative as a Senior Business Analyst, contributing to a major digital transformation in education, research, and innovation. This role is pivotal in shaping future technology strategies, improving system integration, and enhancing service delivery across Scotland's tertiary education landscape. Day-to-day of the role: Review systems and hosting models, assess contracts, and define transition costs. Explore options like buy, build, or managed services. Map system architecture, validate cost models, and analyse documentation and stakeholder input. Design future funding models, recommend simplification strategies, and align with existing structures. Collaborate with stakeholders, support communications, and maintain governance cadence. Required Skills & Qualifications: Demonstrable experience as a Senior Business Analyst within public organisations. Proficient in feasibility and strategic reporting. Skilled in requirements gathering, process mapping, and using BA techniques such as UML and BPMN. Strong stakeholder management skills, capable of engaging with senior managers and directors. Excellent communication, influencing, collaboration, and conflict management skills. Significant experience in business change and transformation projects. Ability to work effectively in both Waterfall and Agile project environments. Proactive, self-starter attitude with strong teamwork and collaboration skills. Benefits: Opportunity to contribute to a significant digital transformation in the education sector. Flexible hybrid working arrangement. Professional development and career advancement opportunities. To apply for the Cyber Policy Specialist position, please submit your CV and a member of the Reed Professional Services Talent Team will be in touch.

Information Security Analyst - £250 per day (Outside IR35) - 6 months - Manchester Information Security Analyst required to work closely with the Governance and Risk team you will be responsible for reviewing supplier applications and contracts. Key skills and responsibilities will include: Carrying out Cyber Security and 3rd Party risk assessments. Assessing software applications to confirm version and ensure product is not out of support and penetration testing has been undertaken. Understand underlying components to ensure their compliance too. Review security elements of contracts - identify vulnerabilities, gaps and risks. Request relevant certificates and accreditations - ensuring dates cover contract period. This is not a technical role, however an understanding from an Information Security/Governance perspective is required. NHS experience preferred.