Senior Security & Compliance Consultant & Architect Location: Hybrid - Manchester HQ with occasional customer site visits as required Salary: Dependant on Experience Please note - We cannot accept candidates who are currently on, or may require a Visa at this or any time. Overview This role exists to strengthen and mature the security capability across consultancy, architecture, and technical delivery. The successful candidate will design pragmatic security controls, produce actionable roadmaps, understand frameworks such as ISO 27001, CE+, NIST, CIS, and MOD/DEFSTAN, and ensure these controls are implemented effectively across customer environments. A key part of this role is working closely with the security-focused support desk analysts, providing ongoing mentoring, technical guidance, and structured development. This position will help shape and accelerate the growth of the Managed Security Services (MSS) offering. Key Responsibilities: Security Architecture & Technical Direction Define and lead the technical security direction across Microsoft 365, identity, endpoint, network, and cloud layers Translate framework requirements into practical, phased roadmaps for customer environments Perform environment reviews and define realistic uplift plans that balance risk, user experience, and operational impact Ensure architectural decisions are scalable, consistent, and repeatable across multi-tenant estates Framework & Compliance Interpretation Interpret ISO 27001, CE+, NIST CSF, CIS Benchmarks and MOD/DEFSTAN controls into implementable technical actions Support structured assessments and develop remediation plans with clear prioritisation. Provide the why behind recommendations to achieve stakeholder buy-in and avoid heavy-handed approaches Consultancy & Customer Engagement Act as a senior security advisor to customers at both technical and leadership levels Communicate security concepts clearly and confidently, tailoring detail to the audience Present options and risk-based reasoning Support pre-sales, account management, engineering, and service teams with expert security guidance Technical Delivery & Implementation Lead the end-to-end delivery of complex security transformation programmes, including identity re-architecture, Zero Trust alignment, and phased implementation of modern security controls across multi-tenant estates Design and implement Conditional Access frameworks that account for risk-based policies, break-glass strategy, device trust, session controls, privileged access scenarios, and operational edge-cases Oversee full Intune security baselining, including secure device provisioning, compliance models, remediation scripts, endpoint hardening, managed configurations, and integration with incident response Architect and tune the Microsoft Defender XDR stack, including advanced hunting, alert tuning, automation rules, vulnerability management, attack surface reduction, and integration with SOC workflows Design firewall and network segmentation strategies that reflect real operational usage, least privilege principles, east-west traffic controls, VPN hardening, and isolation of high-risk or high-value assets Implement identity governance and access control models covering privileged identity management, entitlement workflows, elevated access justification, and audit-ready forensic traceability Build out logging, monitoring, and incident response capabilities, ensuring telemetry is collected, correlated, enriched, and actionable for both engineering and SOC teams Champion technical evidence collection and audit readiness, ensuring controls are measurable, repeatable, and presented clearly during customer or external audits Validate end-to-end outcomes, confirm alignment between design intent and implementation, and ensure security uplift is embedded into operational practice rather than left as one-off actions Mentoring & MSS Growth Work closely with our security-focused support desk analyst, providing hands-on mentoring, coaching, and progression pathways Help define the processes, standards, and technical methods that underpin Managed Security Services (MSS) Ensure the internal team understands how and why controls are implemented to drive capability growth across the whole business Internal Capability Development Improve internal documentation, repeatable processes, and delivery frameworks Provide architectural oversight across security projects and initiatives Contribute to long-term planning for security service evolution Required Experience & Skills Technical Expertise Strong hands-on experience with Microsoft cloud security (Entra ID, Conditional Access, Intune, Defender XDR) Ability to design secure configurations across identity, endpoint, and network layers Proven experience delivering end-to-end security uplift projects Solid understanding of Zero Trust concepts and modern security architecture Framework Knowledge Practical understanding of ISO 27001, Cyber Essentials Plus, NIST CSF, CIS Benchmarks and similar Frameworks Experience turning framework requirements into realistic, implementable controls Comfortable producing structured gap analyses and remediation pathways Consultancy & Communication Skilled in presenting complex security concepts in simple, actionable terms Able to influence decision-making through clarity, options, and rationale Confident working directly with stakeholders ranging from engineers to leadership teams Professional Background Experience in an MSP, consultancy, or multi-tenant environment Exposure to defence, MOD, or high-assurance environments is strongly beneficial Security certifications advantageous (AZ-500, SC-100, SC-300, CISSP, CISM etc.)
05/12/2025
Full time
Senior Security & Compliance Consultant & Architect Location: Hybrid - Manchester HQ with occasional customer site visits as required Salary: Dependant on Experience Please note - We cannot accept candidates who are currently on, or may require a Visa at this or any time. Overview This role exists to strengthen and mature the security capability across consultancy, architecture, and technical delivery. The successful candidate will design pragmatic security controls, produce actionable roadmaps, understand frameworks such as ISO 27001, CE+, NIST, CIS, and MOD/DEFSTAN, and ensure these controls are implemented effectively across customer environments. A key part of this role is working closely with the security-focused support desk analysts, providing ongoing mentoring, technical guidance, and structured development. This position will help shape and accelerate the growth of the Managed Security Services (MSS) offering. Key Responsibilities: Security Architecture & Technical Direction Define and lead the technical security direction across Microsoft 365, identity, endpoint, network, and cloud layers Translate framework requirements into practical, phased roadmaps for customer environments Perform environment reviews and define realistic uplift plans that balance risk, user experience, and operational impact Ensure architectural decisions are scalable, consistent, and repeatable across multi-tenant estates Framework & Compliance Interpretation Interpret ISO 27001, CE+, NIST CSF, CIS Benchmarks and MOD/DEFSTAN controls into implementable technical actions Support structured assessments and develop remediation plans with clear prioritisation. Provide the why behind recommendations to achieve stakeholder buy-in and avoid heavy-handed approaches Consultancy & Customer Engagement Act as a senior security advisor to customers at both technical and leadership levels Communicate security concepts clearly and confidently, tailoring detail to the audience Present options and risk-based reasoning Support pre-sales, account management, engineering, and service teams with expert security guidance Technical Delivery & Implementation Lead the end-to-end delivery of complex security transformation programmes, including identity re-architecture, Zero Trust alignment, and phased implementation of modern security controls across multi-tenant estates Design and implement Conditional Access frameworks that account for risk-based policies, break-glass strategy, device trust, session controls, privileged access scenarios, and operational edge-cases Oversee full Intune security baselining, including secure device provisioning, compliance models, remediation scripts, endpoint hardening, managed configurations, and integration with incident response Architect and tune the Microsoft Defender XDR stack, including advanced hunting, alert tuning, automation rules, vulnerability management, attack surface reduction, and integration with SOC workflows Design firewall and network segmentation strategies that reflect real operational usage, least privilege principles, east-west traffic controls, VPN hardening, and isolation of high-risk or high-value assets Implement identity governance and access control models covering privileged identity management, entitlement workflows, elevated access justification, and audit-ready forensic traceability Build out logging, monitoring, and incident response capabilities, ensuring telemetry is collected, correlated, enriched, and actionable for both engineering and SOC teams Champion technical evidence collection and audit readiness, ensuring controls are measurable, repeatable, and presented clearly during customer or external audits Validate end-to-end outcomes, confirm alignment between design intent and implementation, and ensure security uplift is embedded into operational practice rather than left as one-off actions Mentoring & MSS Growth Work closely with our security-focused support desk analyst, providing hands-on mentoring, coaching, and progression pathways Help define the processes, standards, and technical methods that underpin Managed Security Services (MSS) Ensure the internal team understands how and why controls are implemented to drive capability growth across the whole business Internal Capability Development Improve internal documentation, repeatable processes, and delivery frameworks Provide architectural oversight across security projects and initiatives Contribute to long-term planning for security service evolution Required Experience & Skills Technical Expertise Strong hands-on experience with Microsoft cloud security (Entra ID, Conditional Access, Intune, Defender XDR) Ability to design secure configurations across identity, endpoint, and network layers Proven experience delivering end-to-end security uplift projects Solid understanding of Zero Trust concepts and modern security architecture Framework Knowledge Practical understanding of ISO 27001, Cyber Essentials Plus, NIST CSF, CIS Benchmarks and similar Frameworks Experience turning framework requirements into realistic, implementable controls Comfortable producing structured gap analyses and remediation pathways Consultancy & Communication Skilled in presenting complex security concepts in simple, actionable terms Able to influence decision-making through clarity, options, and rationale Confident working directly with stakeholders ranging from engineers to leadership teams Professional Background Experience in an MSP, consultancy, or multi-tenant environment Exposure to defence, MOD, or high-assurance environments is strongly beneficial Security certifications advantageous (AZ-500, SC-100, SC-300, CISSP, CISM etc.)
Job Title: Technical Consultant Location: Home Based Salary: Highly Competitive + Bonus Job type: Full Time, Permanent About the role; As a Technical Consultant, you will be part of the Technical Delivery team. The Microsoft Cloud platforms are central to our business strategy, and this role will require you to architect and deploy solutions within Microsoft 365 and Azure. You will design, plan, execute and complete projects according to agreed deadlines and within budget. Who are we? TSG (Technology Services Group) are a Managed IT Services provider supporting businesses UK wide with their technology solutions. As a Microsoft Partner we are committed to delivering excellence for our customers alongside investing in our colleagues to provide them with the knowledge and tools required to deliver great results. TSG are one of the few Microsoft Partners in the UK who hold all six Microsoft designations, and one of the only partners who specialise in mid-market. Our commitment to excellence for our customers and employees is backed by our consistent world class NPS score of and our accreditation as a 'Great Place to Work' in addition to being placed on the 'UK's Best Workplaces in Tech' list in both 2024 and again in 2025. Our guiding principles of Team TSG, Service Excellence and Shared growth are at the heart of everything we do. Job responsibilities will include, but are not limited to; Design and implement technical solutions predominately within Microsoft 365 and Microsoft Azure Design authority for Project Delivery team Pre-project liaison with customers / Client Success Managers / Client Directors and Technical Specialists to agree objectives Prepare technical plans and execution of plan to completion with customer acceptance Hardware and software installations based primarily around Microsoft / Hewlett Packard technologies at customer sites UK Wide Document all project work to a high standard Maintain awareness of new and emerging technologies Assist with post-installation issues where required About you: Knowledge, Skills & Experience; Educated to degree level or equivalent At least one Microsoft Azure certification - preferably Microsoft Azure Architect Expert (AZ303/304 or AZ104/305) Current or working towards; Microsoft Expert, CCNA, VCP or equivalent qualification would be desirable Prince2 Foundation/Practitioner or other project management qualifications would be a distinct advantage Significant experience in a similar role Proven effective communication and influencing skills Excellent knowledge of current IT Technologies Excellent knowledge of the following technologies; Microsoft Azure, Azure IAAS, PAAS, Storage and Networking, Identity and Authentication (MFA), Azure HA/DR, scaling and backup, Azure Monitor Microsoft 365 Threat Protection, Identity and Access Management, Device and Application Management, Information Protection, Compliance, Email and Teams Microsoft Windows Serve (up to at least 2024) Virtualisation - Microsoft Hyper-V, VMware Microsoft desktop operating systems - Windows 11 etc LAN technologies - switching, routing, VLANs etc. (hardware to include HPE, Cisco.) WAN technologies - routers, firewalls (hardware to include Sophos, Cisco, Draytek.) Private Cloud infrastructure - Private and IAAS also including hybrid deployments Antivirus (Preferably Microsoft Defender and Sophos Endpoint) Backup Technologies - Datto, Veeam, Azure. Experience with; Azure Automation, Azure CLI, PowerShell scripting Azure DevOps, including Automation Kubernetes and Docker HPE Server and SAN infrastructure Benefits; - 25 days annual leave + public holidays, rising with length of service - Employee benefits trust - Company bonus scheme - Life assurance 4 x Salary -Contributory pension scheme at 4% matched - Healthcare and cash plan - Electric vehicle salary sacrifice scheme - Cycle to work scheme - Employee discounts - Employee assistance programme - Paid CSR Days - Company sick pay and income protection cover - Enhanced Maternity and Paternity pay - Employee recognition scheme - Eyecare vouchers - Discounted gym membership - Long service rewards Please click on the APPLY button to be redirected to our website to complete your application. Candidates with the relevant experience or job titles of: IT Technical Consultant, IT Support, Technical Consultant, Technical & Training Consultant, Cybersecurity Consultant, Cybersecurity Technical Consultant, Business Intelligence Technical Advisor, Technical Advisor, Technical Specialist, Data Architect, Business Consultant, Networking and Security Consultant, Data Migration Consultant, Technical Implementation Consultant, Technical Support Advisor, Technical Service Delivery Advisor may also be considered for this role.
04/12/2025
Full time
Job Title: Technical Consultant Location: Home Based Salary: Highly Competitive + Bonus Job type: Full Time, Permanent About the role; As a Technical Consultant, you will be part of the Technical Delivery team. The Microsoft Cloud platforms are central to our business strategy, and this role will require you to architect and deploy solutions within Microsoft 365 and Azure. You will design, plan, execute and complete projects according to agreed deadlines and within budget. Who are we? TSG (Technology Services Group) are a Managed IT Services provider supporting businesses UK wide with their technology solutions. As a Microsoft Partner we are committed to delivering excellence for our customers alongside investing in our colleagues to provide them with the knowledge and tools required to deliver great results. TSG are one of the few Microsoft Partners in the UK who hold all six Microsoft designations, and one of the only partners who specialise in mid-market. Our commitment to excellence for our customers and employees is backed by our consistent world class NPS score of and our accreditation as a 'Great Place to Work' in addition to being placed on the 'UK's Best Workplaces in Tech' list in both 2024 and again in 2025. Our guiding principles of Team TSG, Service Excellence and Shared growth are at the heart of everything we do. Job responsibilities will include, but are not limited to; Design and implement technical solutions predominately within Microsoft 365 and Microsoft Azure Design authority for Project Delivery team Pre-project liaison with customers / Client Success Managers / Client Directors and Technical Specialists to agree objectives Prepare technical plans and execution of plan to completion with customer acceptance Hardware and software installations based primarily around Microsoft / Hewlett Packard technologies at customer sites UK Wide Document all project work to a high standard Maintain awareness of new and emerging technologies Assist with post-installation issues where required About you: Knowledge, Skills & Experience; Educated to degree level or equivalent At least one Microsoft Azure certification - preferably Microsoft Azure Architect Expert (AZ303/304 or AZ104/305) Current or working towards; Microsoft Expert, CCNA, VCP or equivalent qualification would be desirable Prince2 Foundation/Practitioner or other project management qualifications would be a distinct advantage Significant experience in a similar role Proven effective communication and influencing skills Excellent knowledge of current IT Technologies Excellent knowledge of the following technologies; Microsoft Azure, Azure IAAS, PAAS, Storage and Networking, Identity and Authentication (MFA), Azure HA/DR, scaling and backup, Azure Monitor Microsoft 365 Threat Protection, Identity and Access Management, Device and Application Management, Information Protection, Compliance, Email and Teams Microsoft Windows Serve (up to at least 2024) Virtualisation - Microsoft Hyper-V, VMware Microsoft desktop operating systems - Windows 11 etc LAN technologies - switching, routing, VLANs etc. (hardware to include HPE, Cisco.) WAN technologies - routers, firewalls (hardware to include Sophos, Cisco, Draytek.) Private Cloud infrastructure - Private and IAAS also including hybrid deployments Antivirus (Preferably Microsoft Defender and Sophos Endpoint) Backup Technologies - Datto, Veeam, Azure. Experience with; Azure Automation, Azure CLI, PowerShell scripting Azure DevOps, including Automation Kubernetes and Docker HPE Server and SAN infrastructure Benefits; - 25 days annual leave + public holidays, rising with length of service - Employee benefits trust - Company bonus scheme - Life assurance 4 x Salary -Contributory pension scheme at 4% matched - Healthcare and cash plan - Electric vehicle salary sacrifice scheme - Cycle to work scheme - Employee discounts - Employee assistance programme - Paid CSR Days - Company sick pay and income protection cover - Enhanced Maternity and Paternity pay - Employee recognition scheme - Eyecare vouchers - Discounted gym membership - Long service rewards Please click on the APPLY button to be redirected to our website to complete your application. Candidates with the relevant experience or job titles of: IT Technical Consultant, IT Support, Technical Consultant, Technical & Training Consultant, Cybersecurity Consultant, Cybersecurity Technical Consultant, Business Intelligence Technical Advisor, Technical Advisor, Technical Specialist, Data Architect, Business Consultant, Networking and Security Consultant, Data Migration Consultant, Technical Implementation Consultant, Technical Support Advisor, Technical Service Delivery Advisor may also be considered for this role.
ICS OT Cyber Security Consultant Home based with travel to Staffordshire and UK-wide customer sites Are you an OT/ICS cyber specialist who enjoys getting hands-on with red team activities in critical industrial environments? Do you want a role that mixes penetration testing, threat emulation and resilience validation with security architecture and incident response? Would you like to help major UK operators strengthen their cyber resilience across energy, water, renewables and manufacturing? What's in it for you Fantastic basic salary 28 days holiday plus bank holidays 6.5% pension scheme Life assurance policy Private health care Green car scheme Support in achieving or maintaining chartered status (e.g. IET, BCS, CIISEC) with professional membership fees covered What will you be doing? Delivering OT-focused red team activities with specialist partners, including penetration testing, adversary simulation and incident response exercises Planning and executing security assessments and incident response exercises in OT/ICS environments Developing and implementing attack scenarios and detection use cases using frameworks such as MITRE ATT&CK for ICS Performing vulnerability assessments, threat modelling and attack path analysis to identify and address security weaknesses Supporting risk assessments and compliance against standards such as IEC 62443, NIST SP800-82 and NIS-R Helping deploy, configure and maintain OT cybersecurity and security monitoring solutions Contributing to crisis simulations, incident response plans and cybersecurity awareness training Preparing reports, documenting findings and recommending improvements to strengthen cyber resilience Supporting proposal development and wider service delivery documentation Where you'll be doing it You'll be joining a long-established advanced systems integrator focused on operational technology and digital transformation. They deliver complex, business-critical projects across highly regulated industrial sectors including energy, water, renewables and manufacturing, helping clients optimise performance and manage cyber risk at scale. What you'll need A degree in Engineering, Computer Science or a related discipline, plus around 3-5 years' practical cyber security experience Hands-on experience in offensive security (penetration testing, vulnerability assessment, adversary simulation) Working knowledge of ICS/OT environments (e.g. SCADA, PLCs, RTUs) and securing IT/OT interfaces At least one relevant ICS/OT certification (e.g. SANS GICSP, SANS GRID, or IEC 62443) Familiarity with ICS protocols (MODBUS, OPC, DNP3) and core network security principles (switching, routing, firewalls) Experience deploying or supporting OT cybersecurity solutions and monitoring tools Ability to develop attack scenarios and validate security posture against recognised frameworks (e.g. NIST 800-53/82, IEC 62443) Exposure to incident response, including testing and improving detection and response capabilities Strong communication and stakeholder engagement skills, comfortable with both technical and non-technical audiences Eligible for UK Cyber Security Council Practitioner registration (or close to it - SFIA Level 4) Eligible for SC clearance We appreciate your CV may not be up to date. No problem, just apply and we can deal with that later. Important Information: We endeavour to process your personal data in a fair and transparent manner. In applying for this role, Russell Taylor will be acting within your interest and will contact you in relation to the role, either by email, phone or text message. For more information see our Privacy Policy on our website. It is important you are aware of your individual rights and the provisions the company has put in place to protect your data. If you would like further information on the policy or GDPR please get in touch with us here.
26/11/2025
Full time
ICS OT Cyber Security Consultant Home based with travel to Staffordshire and UK-wide customer sites Are you an OT/ICS cyber specialist who enjoys getting hands-on with red team activities in critical industrial environments? Do you want a role that mixes penetration testing, threat emulation and resilience validation with security architecture and incident response? Would you like to help major UK operators strengthen their cyber resilience across energy, water, renewables and manufacturing? What's in it for you Fantastic basic salary 28 days holiday plus bank holidays 6.5% pension scheme Life assurance policy Private health care Green car scheme Support in achieving or maintaining chartered status (e.g. IET, BCS, CIISEC) with professional membership fees covered What will you be doing? Delivering OT-focused red team activities with specialist partners, including penetration testing, adversary simulation and incident response exercises Planning and executing security assessments and incident response exercises in OT/ICS environments Developing and implementing attack scenarios and detection use cases using frameworks such as MITRE ATT&CK for ICS Performing vulnerability assessments, threat modelling and attack path analysis to identify and address security weaknesses Supporting risk assessments and compliance against standards such as IEC 62443, NIST SP800-82 and NIS-R Helping deploy, configure and maintain OT cybersecurity and security monitoring solutions Contributing to crisis simulations, incident response plans and cybersecurity awareness training Preparing reports, documenting findings and recommending improvements to strengthen cyber resilience Supporting proposal development and wider service delivery documentation Where you'll be doing it You'll be joining a long-established advanced systems integrator focused on operational technology and digital transformation. They deliver complex, business-critical projects across highly regulated industrial sectors including energy, water, renewables and manufacturing, helping clients optimise performance and manage cyber risk at scale. What you'll need A degree in Engineering, Computer Science or a related discipline, plus around 3-5 years' practical cyber security experience Hands-on experience in offensive security (penetration testing, vulnerability assessment, adversary simulation) Working knowledge of ICS/OT environments (e.g. SCADA, PLCs, RTUs) and securing IT/OT interfaces At least one relevant ICS/OT certification (e.g. SANS GICSP, SANS GRID, or IEC 62443) Familiarity with ICS protocols (MODBUS, OPC, DNP3) and core network security principles (switching, routing, firewalls) Experience deploying or supporting OT cybersecurity solutions and monitoring tools Ability to develop attack scenarios and validate security posture against recognised frameworks (e.g. NIST 800-53/82, IEC 62443) Exposure to incident response, including testing and improving detection and response capabilities Strong communication and stakeholder engagement skills, comfortable with both technical and non-technical audiences Eligible for UK Cyber Security Council Practitioner registration (or close to it - SFIA Level 4) Eligible for SC clearance We appreciate your CV may not be up to date. No problem, just apply and we can deal with that later. Important Information: We endeavour to process your personal data in a fair and transparent manner. In applying for this role, Russell Taylor will be acting within your interest and will contact you in relation to the role, either by email, phone or text message. For more information see our Privacy Policy on our website. It is important you are aware of your individual rights and the provisions the company has put in place to protect your data. If you would like further information on the policy or GDPR please get in touch with us here.
Cyber Security - Secure by Design Consultant (Contract) London 680 per day 6-month initial contract (with strong potential to go permanent) Deerfoot Recruitment is working with a leading financial services organisation to recruit a Secure by Design Consultant to join their IT Risk, Security & Control function in London. This is a 6-month contract paying 680 per day (Inside IR35) , with a high likelihood of converting to a permanent role. The successful candidate will play a key role in delivering secure-by-design assessments across technology projects, ensuring compliance with IT security policies and industry standards. You will work closely with senior stakeholders, providing assurance on cybersecurity controls, identifying risks, and recommending actions to strengthen the organisation's security posture. Key responsibilities include: Conducting IT security assessments across infrastructure, cloud, applications, and service operations projects. Reviewing and testing security controls to ensure operating effectiveness. Documenting risks, gaps, and recommendations for remediation. Supporting project teams to embed security requirements from the outset. Engaging with senior stakeholders and providing clear, actionable reporting. Skills & experience sought: Strong background in IT Security, Cyber Assurance, or IT Audit. Hands-on knowledge across areas such as governance, IAM, threat management, vulnerability management, and incident response. Good understanding of security frameworks (e.g. ISO27001, NIST, PCI-DSS, SOX). Experience engaging with senior stakeholders within complex environments. Relevant certifications (CISSP, CISM, CISA, CRISC) desirable. This is an exciting opportunity to join a high-performing cyber security team within a global financial services organisation, with genuine long-term career potential. Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate 1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd acts as an Employment Business in relation to this vacancy.
02/10/2025
Contractor
Cyber Security - Secure by Design Consultant (Contract) London 680 per day 6-month initial contract (with strong potential to go permanent) Deerfoot Recruitment is working with a leading financial services organisation to recruit a Secure by Design Consultant to join their IT Risk, Security & Control function in London. This is a 6-month contract paying 680 per day (Inside IR35) , with a high likelihood of converting to a permanent role. The successful candidate will play a key role in delivering secure-by-design assessments across technology projects, ensuring compliance with IT security policies and industry standards. You will work closely with senior stakeholders, providing assurance on cybersecurity controls, identifying risks, and recommending actions to strengthen the organisation's security posture. Key responsibilities include: Conducting IT security assessments across infrastructure, cloud, applications, and service operations projects. Reviewing and testing security controls to ensure operating effectiveness. Documenting risks, gaps, and recommendations for remediation. Supporting project teams to embed security requirements from the outset. Engaging with senior stakeholders and providing clear, actionable reporting. Skills & experience sought: Strong background in IT Security, Cyber Assurance, or IT Audit. Hands-on knowledge across areas such as governance, IAM, threat management, vulnerability management, and incident response. Good understanding of security frameworks (e.g. ISO27001, NIST, PCI-DSS, SOX). Experience engaging with senior stakeholders within complex environments. Relevant certifications (CISSP, CISM, CISA, CRISC) desirable. This is an exciting opportunity to join a high-performing cyber security team within a global financial services organisation, with genuine long-term career potential. Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate 1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd acts as an Employment Business in relation to this vacancy.
Start your Jacobs career with a company that inspires and empowers you to deliver your best work so you can evolve, grow and succeed - today and into tomorrow. Our Critical Mission Solutions business - we are invested in you and your success. Everything we do - whether Aerospace, Defence, Intelligence, Information Technology, Cybersecurity, Nuclear, Automotive, or Telecommunications - is more than just a project. It is our challenge as human beings, too. That is why we bring a thoughtful and collaborative approach to every one of our partnerships. It is our promise to challenge the status quo as we redefine how to solve the world's greatest challenges and transform big ideas into intelligent solutions for a more connected, sustainable world. About the opportunity: The Systems Engineering Team are a key part our Critical Missions International business, working on a varied range of projects, both within the UK and internationally, assisting our clients with the delivery of their products, projects and programmes - safely, effectively and efficiently. The team is a highly motivated, inclusive and diverse group, responsible for providing systems engineering, technical system safety, reliability, dependability and risk management services to the Energy, Nuclear, Defence and Security industries. We are looking for Systems Engineers (Consultant/Senior/Principal grades) to join our UK team; base location is flexible, but ideally one Bristol or Glasgow. You will be joining a rapidly growing team who is delivering strategic and tactical support to some of the world's most inspiring projects and programmes across many industries including Energy, Nuclear, Defence and Security. This role provides a fantastic career opportunity, whilst developing your skills and experience under the guidance and mentorship of our industry-recognised senior team. You will be able to work across a range of activities at various stages of the systems engineering lifecycle. You will thrive on doing something different every day and be comfortable with ambiguity. You will have a strong desire to learn new things. You will be a good communicator at all levels, able to understand and decompose complexity and present it in simple terms. Typically, you will be involved in: Concept development of systems solutions. Development and management of system requirements including the use of tools such as DOORS. Development of abstract architectures to describe systems, using tools such as SparxWorks. Design process engineering for hardware, software and mixed technology systems. Systems safety engineering and RAM activities. Systems integration, including structuring and partitioning of complex systems. Systems performance evaluation and its application to verification and validation. System Integrity analysis including resilience and impact assessment. Systems qualification and acceptance. The System Engineering Team is distributed nationally, supporting our clients globally. We are a progressive and flexible team and offer the opportunity to work from home, business needs permitting. Travel may be required to project and client offices with occasional overnight stays or longer-term secondments. This may include opportunities for working overseas. Here's What You'll Need: A minimum of a technical Degree, equivalent qualification, or experience Broad experience of Systems Engineering activities in a complex, safety focussed and regulated organisation with multiple complex interfaces. Ideally in Nuclear, Defence or Security (but we are interested in relevant experience across industry Comfortable with, and demonstrable experience of, resolving ambiguity in task, system and requirements definition Able to communicate effectively with a variety of stakeholders Delivery focussed with an enthusiasm to make a positive difference Demonstrable experience of change management, rapidly adapting to emerging requirements, changing circumstances and high levels of uncertainty and ambiguity in a fast-changing environment. SC Cleared British National Ideally, here's what you'll also have Corporate membership with an appropriate professional institution (e.g. INCOSE, SaRS, IET, IMechE). Professional qualified or working towards professional qualification (e.g. IEng/CEng) INCOSE recognised status, e.g. Certified Systems Engineering Professional (CSEP) Demonstrable experience of Requirements capture, analysis and management Verification and validation Interface identification, control, and management Systems architecture development Systems migration planning Working experience of setting up and enabling Enterprise Architecture and Modelling activities for complex 'System of Systems' (SoS) projects Experience in the application of systems assurance standards such as EN 50126, EN 50128, EN 50129, IEC 61508 etc. Experience of Systems Engineering standards ISO 15288 Experience in SPARX Enterprise Architect, Cameo Systems Modeler ™, IBM Rational Rhapsody Architect, Capella or other similar MBSE tool Model Based Systems Engineering experience Experience Working within Defence or Security (or highly regulated) environment Why Jacobs? We clear the way for inventive thinking, so you have the support, means and space to deliver the boldest solutions for the extraordinary and every day. Jacobs. A world where you can. Our Culture: We're invested in you and your success. Our values stand on a foundation of safety, integrity, inclusion and diversity. We put people at the heart of our business and we truly believe that by supporting one another through our culture of caring, we all succeed. We value positive mental health and a sense of belonging for all employees. We aim to make inclusion and diversity core attributes of our identity, embedded in all our employment and business practices in all locations. We know that if we are inclusive, we're more connected, and if we are diverse, we're more creative. Jacobs partners with VERCIDA to help us attract and retain diverse talent. For greater online accessibility please visit to view and access our roles. As a Disability Confident employer, we will interview all disabled applicants who meet the minimum criteria for a vacancy. We welcome applications from candidates who are seeking flexible working and from those who may not meet all the listed requirements for a role. If you have any queries regarding the application process, please contact the team here. Successful candidates will be asked to complete a Baseline Personnel Security Standard Pre-Employment check and will be required to undergo various checks including: Identity, Right to Work; Employment/Education History and Criminal Record. If you are unable to meet this and any associated criteria, then your employment may be delayed or rejected.
01/02/2022
Full time
Start your Jacobs career with a company that inspires and empowers you to deliver your best work so you can evolve, grow and succeed - today and into tomorrow. Our Critical Mission Solutions business - we are invested in you and your success. Everything we do - whether Aerospace, Defence, Intelligence, Information Technology, Cybersecurity, Nuclear, Automotive, or Telecommunications - is more than just a project. It is our challenge as human beings, too. That is why we bring a thoughtful and collaborative approach to every one of our partnerships. It is our promise to challenge the status quo as we redefine how to solve the world's greatest challenges and transform big ideas into intelligent solutions for a more connected, sustainable world. About the opportunity: The Systems Engineering Team are a key part our Critical Missions International business, working on a varied range of projects, both within the UK and internationally, assisting our clients with the delivery of their products, projects and programmes - safely, effectively and efficiently. The team is a highly motivated, inclusive and diverse group, responsible for providing systems engineering, technical system safety, reliability, dependability and risk management services to the Energy, Nuclear, Defence and Security industries. We are looking for Systems Engineers (Consultant/Senior/Principal grades) to join our UK team; base location is flexible, but ideally one Bristol or Glasgow. You will be joining a rapidly growing team who is delivering strategic and tactical support to some of the world's most inspiring projects and programmes across many industries including Energy, Nuclear, Defence and Security. This role provides a fantastic career opportunity, whilst developing your skills and experience under the guidance and mentorship of our industry-recognised senior team. You will be able to work across a range of activities at various stages of the systems engineering lifecycle. You will thrive on doing something different every day and be comfortable with ambiguity. You will have a strong desire to learn new things. You will be a good communicator at all levels, able to understand and decompose complexity and present it in simple terms. Typically, you will be involved in: Concept development of systems solutions. Development and management of system requirements including the use of tools such as DOORS. Development of abstract architectures to describe systems, using tools such as SparxWorks. Design process engineering for hardware, software and mixed technology systems. Systems safety engineering and RAM activities. Systems integration, including structuring and partitioning of complex systems. Systems performance evaluation and its application to verification and validation. System Integrity analysis including resilience and impact assessment. Systems qualification and acceptance. The System Engineering Team is distributed nationally, supporting our clients globally. We are a progressive and flexible team and offer the opportunity to work from home, business needs permitting. Travel may be required to project and client offices with occasional overnight stays or longer-term secondments. This may include opportunities for working overseas. Here's What You'll Need: A minimum of a technical Degree, equivalent qualification, or experience Broad experience of Systems Engineering activities in a complex, safety focussed and regulated organisation with multiple complex interfaces. Ideally in Nuclear, Defence or Security (but we are interested in relevant experience across industry Comfortable with, and demonstrable experience of, resolving ambiguity in task, system and requirements definition Able to communicate effectively with a variety of stakeholders Delivery focussed with an enthusiasm to make a positive difference Demonstrable experience of change management, rapidly adapting to emerging requirements, changing circumstances and high levels of uncertainty and ambiguity in a fast-changing environment. SC Cleared British National Ideally, here's what you'll also have Corporate membership with an appropriate professional institution (e.g. INCOSE, SaRS, IET, IMechE). Professional qualified or working towards professional qualification (e.g. IEng/CEng) INCOSE recognised status, e.g. Certified Systems Engineering Professional (CSEP) Demonstrable experience of Requirements capture, analysis and management Verification and validation Interface identification, control, and management Systems architecture development Systems migration planning Working experience of setting up and enabling Enterprise Architecture and Modelling activities for complex 'System of Systems' (SoS) projects Experience in the application of systems assurance standards such as EN 50126, EN 50128, EN 50129, IEC 61508 etc. Experience of Systems Engineering standards ISO 15288 Experience in SPARX Enterprise Architect, Cameo Systems Modeler ™, IBM Rational Rhapsody Architect, Capella or other similar MBSE tool Model Based Systems Engineering experience Experience Working within Defence or Security (or highly regulated) environment Why Jacobs? We clear the way for inventive thinking, so you have the support, means and space to deliver the boldest solutions for the extraordinary and every day. Jacobs. A world where you can. Our Culture: We're invested in you and your success. Our values stand on a foundation of safety, integrity, inclusion and diversity. We put people at the heart of our business and we truly believe that by supporting one another through our culture of caring, we all succeed. We value positive mental health and a sense of belonging for all employees. We aim to make inclusion and diversity core attributes of our identity, embedded in all our employment and business practices in all locations. We know that if we are inclusive, we're more connected, and if we are diverse, we're more creative. Jacobs partners with VERCIDA to help us attract and retain diverse talent. For greater online accessibility please visit to view and access our roles. As a Disability Confident employer, we will interview all disabled applicants who meet the minimum criteria for a vacancy. We welcome applications from candidates who are seeking flexible working and from those who may not meet all the listed requirements for a role. If you have any queries regarding the application process, please contact the team here. Successful candidates will be asked to complete a Baseline Personnel Security Standard Pre-Employment check and will be required to undergo various checks including: Identity, Right to Work; Employment/Education History and Criminal Record. If you are unable to meet this and any associated criteria, then your employment may be delayed or rejected.
Governance Risk and Control Analyst / Tester IT Security / Cyber Security International Bank Work from home / London 6 months initially £586.50 pd all-in figure PAYE As a trusted and established IT recruitment partner to this international bank, we have been asked to assist in the hire of a Governance Risk and Control Analyst / Tester. This role sits within IT Risk, Security & Control and covers cyber security strategy maintenance and tactical planning and operations to provide IT Security protection, governance, risk management and reporting. Main Purpose of the Role: To conduct controls testing of cybersecurity controls against industry security frameworks (e.g., SOX ISO27001. NIST Cybersecurity Improvement framework, FFIEC): Key Responsibilities: Interviewing business and technology stakeholders responsible for controls (technical and non-technical) Developing risk and controls matrices Assessing control design Developing a testing strategy for testing operating effectiveness of controls Identifying and reviewing the relevant evidence required to demonstrate the operating effectiveness Arriving at informed conclusions regarding gaps in control operating effectiveness Documentation of risks, gaps, findings and recommended actions Preparing accurate reports and using tools such as PowerPoint, Word, Excel, SharePoint, Open Pages Essential skill Experience of working as an IT auditor, security auditor or governance, risk and compliance analyst Good understanding of cybersecurity/IT control frameworks including but not limited to frameworks from SOX, FFIEC, ISO27001, NIST, Cloud Security Alliance, and PCI-DSS Proven understanding of current best practice approach to security assurance and the application of security frameworks Experience in project management Experience of security risk management Broad knowledge of computer, networking and IT security systems including operating systems, databases, firewalls, SIEM, DLP etc This role may suit individuals who have held the following roles: IT Security Analyst, IT Security Auditor, IT Security Consultant. £586.50 pd all-in figure PAYE (This is the figure we would pay your nominated umbrella. It includes holiday accrual. All statutory taxes would come out of this figure). Deerfoot IT is one of the UK's most established, independent IT recruitment specialists. We are keen to foster strong relationships with IT consultants based on providing a transparent and supportive service. Now in our 24th year we pay promptly and are a stable contracting partner in good financial health. Deerfoot IT: Est. 1997. REC member. ISO certified. *Each time we send a CV to a recruiting client we donate £1 to The Born Free Foundation (charity no. ). We never send your CV without your email authorisation.
13/09/2021
Full time
Governance Risk and Control Analyst / Tester IT Security / Cyber Security International Bank Work from home / London 6 months initially £586.50 pd all-in figure PAYE As a trusted and established IT recruitment partner to this international bank, we have been asked to assist in the hire of a Governance Risk and Control Analyst / Tester. This role sits within IT Risk, Security & Control and covers cyber security strategy maintenance and tactical planning and operations to provide IT Security protection, governance, risk management and reporting. Main Purpose of the Role: To conduct controls testing of cybersecurity controls against industry security frameworks (e.g., SOX ISO27001. NIST Cybersecurity Improvement framework, FFIEC): Key Responsibilities: Interviewing business and technology stakeholders responsible for controls (technical and non-technical) Developing risk and controls matrices Assessing control design Developing a testing strategy for testing operating effectiveness of controls Identifying and reviewing the relevant evidence required to demonstrate the operating effectiveness Arriving at informed conclusions regarding gaps in control operating effectiveness Documentation of risks, gaps, findings and recommended actions Preparing accurate reports and using tools such as PowerPoint, Word, Excel, SharePoint, Open Pages Essential skill Experience of working as an IT auditor, security auditor or governance, risk and compliance analyst Good understanding of cybersecurity/IT control frameworks including but not limited to frameworks from SOX, FFIEC, ISO27001, NIST, Cloud Security Alliance, and PCI-DSS Proven understanding of current best practice approach to security assurance and the application of security frameworks Experience in project management Experience of security risk management Broad knowledge of computer, networking and IT security systems including operating systems, databases, firewalls, SIEM, DLP etc This role may suit individuals who have held the following roles: IT Security Analyst, IT Security Auditor, IT Security Consultant. £586.50 pd all-in figure PAYE (This is the figure we would pay your nominated umbrella. It includes holiday accrual. All statutory taxes would come out of this figure). Deerfoot IT is one of the UK's most established, independent IT recruitment specialists. We are keen to foster strong relationships with IT consultants based on providing a transparent and supportive service. Now in our 24th year we pay promptly and are a stable contracting partner in good financial health. Deerfoot IT: Est. 1997. REC member. ISO certified. *Each time we send a CV to a recruiting client we donate £1 to The Born Free Foundation (charity no. ). We never send your CV without your email authorisation.
