Ready to take the next step in your penetration testing career and lead a high-performing team at a respected, fast-growing cybersecurity consultancy? This is your opportunity to join a CREST-certified organisation committed to excellence, innovation and integrity. As our new Penetration Testing Team Leader , you ll play a pivotal role in shaping cutting-edge testing services, developing talented testers, and helping protect clients across government, telecoms, finance, digital currencies and other critical sectors. With structured development, meaningful progression opportunities, and the chance to make a visible impact from day one, this is a role designed for a driven, highly skilled Team Lead who thrives on technical depth, leadership and solving complex security challenges. The Role at a Glance: Penetration Testing Team Leader Remote with travel to client sites and occasional meetings in London, UK or Channel Islands Up to £95,000 DOE Plus Benefits Benefits: 23 days holiday plus Bank Holidays and extra days based on service, 6% contributory pension and career progression opportunities. Growth: A structured career development plan and training Hours: 09:00 am to 17:30 pm Monday Friday Development Opportunity: Career progression opportunities to develop a growing team of penetration testers and break new ground in testing. Company: Specialist information and cybersecurity consultancy and audit services Company Values: We stand for honesty, integrity and fair practice and are committed to delivering value in every client engagement. Our people are creative, pragmatic and passionate about our purpose. Your Skills / Background: Existing CHECK Team Lead qualification and Team Lead experience. You will also be a tenacious problem solver and communicator with strong client-facing and leadership experience to lead engagements, mentor testers at all levels, and scope complex projects. The Penetration Testing Team Leader Opportunity: As Penetration Testing Team Leader, you will support our clients by delivering excellent penetration testing services and cloud security assessments that are ultimately articulated in high quality and valuable reports. You will deliver hands-on technical penetration testing on a variety of projects and guide and direct the team. In return, you will benefit from an inspiring environment with a team of highly experienced colleagues working across a diverse range of interesting security and assurance projects. This role also includes excellent progression opportunities as we always match enthusiasm and skill with training, opportunity and structured development plans. Key Responsibilities: • Improve and develop penetration testing methodologies, guide project scoping and execution, establish new testing services, and shape the future direction of the testing function with senior management. • Deliver high-quality penetration tests across infrastructure, applications (including APIs and mobile apps), wireless, segmentation and breakout scenarios, and cloud security assessments. • Work with client teams to research vulnerabilities and emerging attack vectors, plan assessments accordingly, and support clients during ongoing incidents. • Conduct vulnerability scans, unauthorised host discovery exercises, analyse findings, and translate results into actionable technical and business-risk recommendations. • Produce high-quality technical reports and create internal documentation, tooling, threat libraries, methodologies, and policies to ensure consistent, informed, and meaningful testing outcomes. • Provide technical presales support, contribute thought-leadership content (papers, articles, online posts, marketing material), and identify business development opportunities. • Mentor, coach, and help build the technical team, supporting their growth in knowledge, skills, and career development. About You: • A driven, battle-tested Team Leader, holding a current CHECK Team Leader qualification and proven senior-level experience • Extensive, hands-on penetration testing expertise backed by deep technical mastery • Fluent in a wide arsenal of security testing tools, using the right tech for maximum impact • Up-to-date, cutting-edge understanding of modern technologies, threats, and security trends • Well-versed in key industry bodies, frameworks, and security standards • Strong ability to translate vulnerabilities into real-world business risk, paired with standout reporting and client presentation skills • Proven track record in growing and developing technical teams, including reviews, appraisals, training plans, and long-term career progression • A credible, personable communicator who builds trust with clients, peers, and technical teams alike • Self-starter with a proactive mindset, comfortable taking initiative and driving outcomes • Genuinely passionate about penetration testing and nurturing teams across all skill levels • Eligible to work in the UK and obtain Government clearance (ILR is required as a minimum but we are unfortunately not able to offer sponsorship) About Us: We are a specialist information and cybersecurity consultancy and expert at understanding information security risks, creating appropriate security destinations and protecting clients from a range of security threats. We hold a CREST certification and offer certification services for PCI-DSS and Cyber Essentials /Essentials Plus. Our clients span telecommunications, Government infrastructure, and digital currencies - covering essential services and critical payment infrastructure. Services include: • Security consulting across the area of security governance, risk, compliance and standards alignment • Penetration testing • Security architecture for cloud and infrastructure • Detection and response • Fractional heads and virtual support • NCSC Assurance service provider for Cyber Essentials and a Certifying Body • Security auditing across varying standards such as ISO27001, NIST, PCI DSS and Cyber Essentials • Training and awareness If you re a proven Penetration Testing Team Leader with CHECK TL status, a passion for advancing security testing, and the drive to mentor and grow a talented team, we d love to hear from you. Step into a role where your expertise shapes real-world defence, your ideas influence future testing services, and your career continues to accelerate in a supportive, forward-thinking environment. Interested? Apply here for a fast-track path to our Hiring Manager Application notice We take your privacy seriously. When you apply, we shall process your details and pass your application to our client for review for this vacancy only. As you might expect you may be contacted by email, text or telephone. Your data is processed on the basis of our legitimate interests in fulfilling the recruitment process. Please refer to our Data Privacy Policy & Notice on our website for further details. If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.
09/03/2026
Full time
Ready to take the next step in your penetration testing career and lead a high-performing team at a respected, fast-growing cybersecurity consultancy? This is your opportunity to join a CREST-certified organisation committed to excellence, innovation and integrity. As our new Penetration Testing Team Leader , you ll play a pivotal role in shaping cutting-edge testing services, developing talented testers, and helping protect clients across government, telecoms, finance, digital currencies and other critical sectors. With structured development, meaningful progression opportunities, and the chance to make a visible impact from day one, this is a role designed for a driven, highly skilled Team Lead who thrives on technical depth, leadership and solving complex security challenges. The Role at a Glance: Penetration Testing Team Leader Remote with travel to client sites and occasional meetings in London, UK or Channel Islands Up to £95,000 DOE Plus Benefits Benefits: 23 days holiday plus Bank Holidays and extra days based on service, 6% contributory pension and career progression opportunities. Growth: A structured career development plan and training Hours: 09:00 am to 17:30 pm Monday Friday Development Opportunity: Career progression opportunities to develop a growing team of penetration testers and break new ground in testing. Company: Specialist information and cybersecurity consultancy and audit services Company Values: We stand for honesty, integrity and fair practice and are committed to delivering value in every client engagement. Our people are creative, pragmatic and passionate about our purpose. Your Skills / Background: Existing CHECK Team Lead qualification and Team Lead experience. You will also be a tenacious problem solver and communicator with strong client-facing and leadership experience to lead engagements, mentor testers at all levels, and scope complex projects. The Penetration Testing Team Leader Opportunity: As Penetration Testing Team Leader, you will support our clients by delivering excellent penetration testing services and cloud security assessments that are ultimately articulated in high quality and valuable reports. You will deliver hands-on technical penetration testing on a variety of projects and guide and direct the team. In return, you will benefit from an inspiring environment with a team of highly experienced colleagues working across a diverse range of interesting security and assurance projects. This role also includes excellent progression opportunities as we always match enthusiasm and skill with training, opportunity and structured development plans. Key Responsibilities: • Improve and develop penetration testing methodologies, guide project scoping and execution, establish new testing services, and shape the future direction of the testing function with senior management. • Deliver high-quality penetration tests across infrastructure, applications (including APIs and mobile apps), wireless, segmentation and breakout scenarios, and cloud security assessments. • Work with client teams to research vulnerabilities and emerging attack vectors, plan assessments accordingly, and support clients during ongoing incidents. • Conduct vulnerability scans, unauthorised host discovery exercises, analyse findings, and translate results into actionable technical and business-risk recommendations. • Produce high-quality technical reports and create internal documentation, tooling, threat libraries, methodologies, and policies to ensure consistent, informed, and meaningful testing outcomes. • Provide technical presales support, contribute thought-leadership content (papers, articles, online posts, marketing material), and identify business development opportunities. • Mentor, coach, and help build the technical team, supporting their growth in knowledge, skills, and career development. About You: • A driven, battle-tested Team Leader, holding a current CHECK Team Leader qualification and proven senior-level experience • Extensive, hands-on penetration testing expertise backed by deep technical mastery • Fluent in a wide arsenal of security testing tools, using the right tech for maximum impact • Up-to-date, cutting-edge understanding of modern technologies, threats, and security trends • Well-versed in key industry bodies, frameworks, and security standards • Strong ability to translate vulnerabilities into real-world business risk, paired with standout reporting and client presentation skills • Proven track record in growing and developing technical teams, including reviews, appraisals, training plans, and long-term career progression • A credible, personable communicator who builds trust with clients, peers, and technical teams alike • Self-starter with a proactive mindset, comfortable taking initiative and driving outcomes • Genuinely passionate about penetration testing and nurturing teams across all skill levels • Eligible to work in the UK and obtain Government clearance (ILR is required as a minimum but we are unfortunately not able to offer sponsorship) About Us: We are a specialist information and cybersecurity consultancy and expert at understanding information security risks, creating appropriate security destinations and protecting clients from a range of security threats. We hold a CREST certification and offer certification services for PCI-DSS and Cyber Essentials /Essentials Plus. Our clients span telecommunications, Government infrastructure, and digital currencies - covering essential services and critical payment infrastructure. Services include: • Security consulting across the area of security governance, risk, compliance and standards alignment • Penetration testing • Security architecture for cloud and infrastructure • Detection and response • Fractional heads and virtual support • NCSC Assurance service provider for Cyber Essentials and a Certifying Body • Security auditing across varying standards such as ISO27001, NIST, PCI DSS and Cyber Essentials • Training and awareness If you re a proven Penetration Testing Team Leader with CHECK TL status, a passion for advancing security testing, and the drive to mentor and grow a talented team, we d love to hear from you. Step into a role where your expertise shapes real-world defence, your ideas influence future testing services, and your career continues to accelerate in a supportive, forward-thinking environment. Interested? Apply here for a fast-track path to our Hiring Manager Application notice We take your privacy seriously. When you apply, we shall process your details and pass your application to our client for review for this vacancy only. As you might expect you may be contacted by email, text or telephone. Your data is processed on the basis of our legitimate interests in fulfilling the recruitment process. Please refer to our Data Privacy Policy & Notice on our website for further details. If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.
Excellent opportunity for a Senior Penetration Tester to join a highly-skilled and growing CREST-certified cybersecurity consultancy committed to excellence, innovation and integrity. The company offers great career progression opportunities, a generous training and development budget, and time to support research projects that allow you to break new ground in testing. You will need to be enthusiastic about continuous development and either have or wish to gain a current CRT qualification. The role is predominantly home based although will include some travel to customer sites and attendance at company meetings as needed. The Role at a Glance: Senior Penetration Tester Home based with visits to client sites and company meetings as required Up to £70,000 to £80,000 Per Annum depending on experience & qualifications Benefits: 23 days holiday plus Bank Holidays and extra days based on service, 6% contributory pension and career progression opportunities. Growth: A structured career development plan and training Hours: 09:00 am to 17:30 pm Monday Friday Development Opportunity: Career progression and training opportunities available Company: Specialist information and cyber security consultancy and audit services Company Values: We stand for honesty, integrity and fair practice and are committed to delivering value in every client engagement. Our people are creative, pragmatic and passionate about our purpose. Your Skills / Background: 4+ years hands-on penetration testing experience and ideally an existing CRT qualification or the aspiration to gain the qualification. You will also be a tenacious problem solver and good communicator. The Senior Penetration Tester Opportunity: As Senior Penetration Tester, you will support our clients by delivering excellent penetration testing services and cloud security assessments that are ultimately articulated in high quality and valuable reports. In return, you will work in an inspiring environment with a team of highly experienced colleagues working across a diverse range of interesting security and assurance projects. This role also includes excellent progression opportunities as we always match enthusiasm and skill with training, opportunity and structured development plans, and support/sponsorship to attain future qualifications. Key Responsibilities: • Delivering high quality infrastructure, applications (including APIs and mobile apps), wireless, segmentation and breakout penetration tests, along with cloud security assessments • Working with client teams to research potential vulnerabilities and then plan accordingly • Working with clients to research and identify new and emerging attack vectors • Conducting vulnerability assessment scanning and unauthorised host discovery exercises • Analysing findings and translating them into actionable recommendations • Delivering high-quality technical reports, outlining technical and business risk • Providing support to clients during on-going incidents • Creating and developing tooling, knowledge/threat libraries, methodologies and policies that ensure high quality and informed testing assessments are undertaken • Creating and developing internal documentation to ensure our reporting is meaningful • Authoring appropriate thought leadership papers, articles, online posts, and marketing materials About You: • A tenacious tester with 4+ years' demonstrable hands-on penetration testing experience • Have mastered a variety of security testing tools • Current and relevant technical understanding of technologies, security threats and trends • Familiar with relevant bodies and security standards • Strong demonstrated ability to take vulnerabilities and articulate the actual business risk along with good reporting writing and client presentation skills • Current CRT, OSCP and/or CTM / CTL qualification would be advantageous, but we are also considering applications from candidates with relevant work experience who would be ready and keen to obtain these qualifications in the near future (with relevant company sponsorship) • The desire to gain new skills, continuous learning and development, attend training courses and obtain future qualifications / accreditations • Strong verbal and written communication skills including report writing • Eligible to work in the UK and obtain Government clearance (ILR is required as a minimum, but we are unfortunately not able to offer sponsorship) About Us: We are a specialist information and cybersecurity consultancy and expert at understanding information security risks, creating appropriate security destinations and protecting clients from a range of security threats. We hold a CREST certification and offer certification services for PCI-DSS and Cyber Essentials /Essentials Plus. Our clients span telecommunications, Government infrastructure, and digital currencies - covering essential services and critical payment infrastructure. Services include: • Security consulting across the area of security governance, risk, compliance and standards alignment • Penetration testing • Security architecture for cloud and infrastructure • Detection and response • Fractional heads and virtual support • NCSC Assurance service provider for Cyber Essentials and a Certifying Body • Security auditing across varying standards such as ISO27001, NIST, PCI DSS and Cyber E Essentials • Training and awareness Interested? Apply here for a fast-track path to our Hiring Manager Application notice We take your privacy seriously. When you apply, we shall process your details and pass your application to our client for review for this vacancy only. As you might expect you may be contacted by email, text or telephone. Your data is processed on the basis of our legitimate interests in fulfilling the recruitment process. Please refer to our Data Privacy Policy & Notice on our website for further details. If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.
09/03/2026
Full time
Excellent opportunity for a Senior Penetration Tester to join a highly-skilled and growing CREST-certified cybersecurity consultancy committed to excellence, innovation and integrity. The company offers great career progression opportunities, a generous training and development budget, and time to support research projects that allow you to break new ground in testing. You will need to be enthusiastic about continuous development and either have or wish to gain a current CRT qualification. The role is predominantly home based although will include some travel to customer sites and attendance at company meetings as needed. The Role at a Glance: Senior Penetration Tester Home based with visits to client sites and company meetings as required Up to £70,000 to £80,000 Per Annum depending on experience & qualifications Benefits: 23 days holiday plus Bank Holidays and extra days based on service, 6% contributory pension and career progression opportunities. Growth: A structured career development plan and training Hours: 09:00 am to 17:30 pm Monday Friday Development Opportunity: Career progression and training opportunities available Company: Specialist information and cyber security consultancy and audit services Company Values: We stand for honesty, integrity and fair practice and are committed to delivering value in every client engagement. Our people are creative, pragmatic and passionate about our purpose. Your Skills / Background: 4+ years hands-on penetration testing experience and ideally an existing CRT qualification or the aspiration to gain the qualification. You will also be a tenacious problem solver and good communicator. The Senior Penetration Tester Opportunity: As Senior Penetration Tester, you will support our clients by delivering excellent penetration testing services and cloud security assessments that are ultimately articulated in high quality and valuable reports. In return, you will work in an inspiring environment with a team of highly experienced colleagues working across a diverse range of interesting security and assurance projects. This role also includes excellent progression opportunities as we always match enthusiasm and skill with training, opportunity and structured development plans, and support/sponsorship to attain future qualifications. Key Responsibilities: • Delivering high quality infrastructure, applications (including APIs and mobile apps), wireless, segmentation and breakout penetration tests, along with cloud security assessments • Working with client teams to research potential vulnerabilities and then plan accordingly • Working with clients to research and identify new and emerging attack vectors • Conducting vulnerability assessment scanning and unauthorised host discovery exercises • Analysing findings and translating them into actionable recommendations • Delivering high-quality technical reports, outlining technical and business risk • Providing support to clients during on-going incidents • Creating and developing tooling, knowledge/threat libraries, methodologies and policies that ensure high quality and informed testing assessments are undertaken • Creating and developing internal documentation to ensure our reporting is meaningful • Authoring appropriate thought leadership papers, articles, online posts, and marketing materials About You: • A tenacious tester with 4+ years' demonstrable hands-on penetration testing experience • Have mastered a variety of security testing tools • Current and relevant technical understanding of technologies, security threats and trends • Familiar with relevant bodies and security standards • Strong demonstrated ability to take vulnerabilities and articulate the actual business risk along with good reporting writing and client presentation skills • Current CRT, OSCP and/or CTM / CTL qualification would be advantageous, but we are also considering applications from candidates with relevant work experience who would be ready and keen to obtain these qualifications in the near future (with relevant company sponsorship) • The desire to gain new skills, continuous learning and development, attend training courses and obtain future qualifications / accreditations • Strong verbal and written communication skills including report writing • Eligible to work in the UK and obtain Government clearance (ILR is required as a minimum, but we are unfortunately not able to offer sponsorship) About Us: We are a specialist information and cybersecurity consultancy and expert at understanding information security risks, creating appropriate security destinations and protecting clients from a range of security threats. We hold a CREST certification and offer certification services for PCI-DSS and Cyber Essentials /Essentials Plus. Our clients span telecommunications, Government infrastructure, and digital currencies - covering essential services and critical payment infrastructure. Services include: • Security consulting across the area of security governance, risk, compliance and standards alignment • Penetration testing • Security architecture for cloud and infrastructure • Detection and response • Fractional heads and virtual support • NCSC Assurance service provider for Cyber Essentials and a Certifying Body • Security auditing across varying standards such as ISO27001, NIST, PCI DSS and Cyber E Essentials • Training and awareness Interested? Apply here for a fast-track path to our Hiring Manager Application notice We take your privacy seriously. When you apply, we shall process your details and pass your application to our client for review for this vacancy only. As you might expect you may be contacted by email, text or telephone. Your data is processed on the basis of our legitimate interests in fulfilling the recruitment process. Please refer to our Data Privacy Policy & Notice on our website for further details. If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.
Directorate: Strategy & Innovation Contract Type: 18 Months Fixed Term Contract Hours: 36 Salary: 71,713 - 79,409 Location: Colindale Closing Date: Midnight March 9th 2026 About Barnet Council Barnet is a borough with much to be proud of. Our excellent schools, vibrant town centers, vast green spaces and diverse communities all help make it a great place to live and work. As a council we want to build on these strengths as we move into the future. We are growing and developing as an organisation to meet the challenges facing our borough and we are committed to working with partner organisations and residents to make Barnet even better. As an organisation, our staff are committed to Our Values: Learning to Improve, Caring, Inclusive, Collaborative - which drive everything we do. About the role This is an exciting time to join Barnet as we grow our Digital, Data and Technology (DDaT) capabilities and ensure our technology services and IT providers provide robust, secure services and Cyber security mitigation is designed into any digital transformation work. We're investing in smarter services, better use of data, modern technology, and you'll play a key part in shaping this future. The Cyber Security Manager will lead the Council's approach to safeguarding its technology assets, systems, and data against evolving cyber threats. This role is responsible for developing and implementing a robust cyber security strategy aligned with national standards and local government best practice. The postholder will oversee risk management, compliance, and incident response, ensuring the resilience of critical services and the protection of sensitive information. Acting as the Council's subject matter expert, the Cyber Security Manager will drive a culture of security awareness across the organisation, provide strategic advice to senior leaders, and manage relationships with external partners to maintain a secure and trusted digital and data environment. This is a high impact role with visibility across the organisation. You'll influence senior leaders, guide major technology decisions, and help create a modern and secure, integrated architecture that supports better services and outcomes for residents. This is a hybrid role. You will be expected to attend monthly in-person team days in our Colindale office. We also come into the office to meet service stakeholders, work together on collaboration, discovery and user testing sessions and department days Please click here to download the Job description for this role. About you You are an experienced cyber security professional who brings both strategic insight and handson expertise. You have a strong track record of protecting complex organisations from evolving cyber threats, ideally within the public sector or other regulated environments. You understand national standards and frameworks such as NCSC guidance, PSN, PCIDSS, GDPR and Cyber Essentials Plus, and you know how to translate these into practical, proportionate controls that keep systems, people and data safe. Relationship building is one of your strengths. You know how to influence, challenge constructively and collaborate across organisational boundaries, including with outsourced partners and internal stakeholders. You champion security by design, drive cultural change, and communicate in a way that brings people with you. Strong communication and negotiation skills, with proven experience influencing senior stakeholders. You are confident working with modern security technologies including Microsoft Sentinel, Microsoft Defender, and the wider Microsoft E5 security suite. You can analyse risks, interpret complex technical information, and provide clear advice to senior leaders, project teams and service managers. You're proactive, highly organised, and able to balance multiple priorities while keeping residents, partners and staff at the heart of your decision-making. You are motivated by public service, committed to learning and continuous improvement, and you share our values of caring, collaboration, inclusivity and curiosity. Above all, you want to help create a safer, more resilient and more secure Council for the residents and communities of Barnet. Please see full job description for further details What we offer - 31 days annual leave, plus public and bank holidays - Access to the Local Government Pension Scheme, which provides a valuable guaranteed income in your retirement together with security for your dependents - Work-life balance options may include hybrid working, flexitime, job share, home working, part-time - A vast range of lifestyle discounts from major retailers, supermarkets, energy suppliers and more - Broad range of payroll benefits including cycle to work, eye care vouchers, travel and gym membership - Excellent training and development opportunities - Employee well- being training programs including confidential employee assistance How to apply Read the job description and person specification before clicking 'Apply' to commence the online application form. If you would like any further information about the role before applying, please contact James Rapkin, Head of Organisational Insight & Intelligence, Barnet Council is committed to safeguarding and promoting the welfare of children, young people, and vulnerable adults and expects all staff and volunteers to share this commitment. Barnet operates stringent safer recruitment procedures, this may include AI Detection Screening, Biometric ID/Right to Work Checks, Qualification and Registration Checks, Up to 6 years of Employment Data and Insights to Accelerate Screening (Konfir), Up to 5 years of Employment History References, DBS (Disclosure & Barring Service) Checks, Credit Checks and Social Media, Sanctions and Occupational Health Screening. To deliver Barnet Council's commitment to equality of opportunity in the provision of services, all staff are expected to promote equality in the workplace and in the services the Council delivers. As such we value diversity and welcome applications from all backgrounds. Barnet Council embraces all forms of flexible working (including part-time, compressed hours, and hybrid working) and is committed to offering employees a healthy work-life balance. Candidates are encouraged to talk about relevant requirements and preferences at interview. We can't promise to give you exactly what you want, but we do promise not to judge you for asking. Barnet Council is a Disability Confident Committed Employer. We welcome and encourage job applications of all abilities. If you require any reasonable adjustments in the application or interview, please contact the lead contact on this advert. We will make reasonable adjustments to make sure our disabled applicants and those with health conditions are supported throughout our recruitment process. We support the access to work scheme, further details are available at (url removed) All posts with the council are subject to a probationary period of six months, during which time you will be required to demonstrate to the council satisfaction your suitability for the position in which you will be employed. Due to the high number of applications that are received for some posts we may close vacancies before the stated closing date if sufficient number of applications are received. Therefore, please apply as soon as possible. Please ensure you regularly check the email account (including JUNK MAIL folders) that you use to submit your application, as any further communication regarding your application will be sent electronically. Should you not hear from us within four working weeks of the closing date for this post, then regretfully in this instance, you have not been shortlisted.
13/02/2026
Contractor
Directorate: Strategy & Innovation Contract Type: 18 Months Fixed Term Contract Hours: 36 Salary: 71,713 - 79,409 Location: Colindale Closing Date: Midnight March 9th 2026 About Barnet Council Barnet is a borough with much to be proud of. Our excellent schools, vibrant town centers, vast green spaces and diverse communities all help make it a great place to live and work. As a council we want to build on these strengths as we move into the future. We are growing and developing as an organisation to meet the challenges facing our borough and we are committed to working with partner organisations and residents to make Barnet even better. As an organisation, our staff are committed to Our Values: Learning to Improve, Caring, Inclusive, Collaborative - which drive everything we do. About the role This is an exciting time to join Barnet as we grow our Digital, Data and Technology (DDaT) capabilities and ensure our technology services and IT providers provide robust, secure services and Cyber security mitigation is designed into any digital transformation work. We're investing in smarter services, better use of data, modern technology, and you'll play a key part in shaping this future. The Cyber Security Manager will lead the Council's approach to safeguarding its technology assets, systems, and data against evolving cyber threats. This role is responsible for developing and implementing a robust cyber security strategy aligned with national standards and local government best practice. The postholder will oversee risk management, compliance, and incident response, ensuring the resilience of critical services and the protection of sensitive information. Acting as the Council's subject matter expert, the Cyber Security Manager will drive a culture of security awareness across the organisation, provide strategic advice to senior leaders, and manage relationships with external partners to maintain a secure and trusted digital and data environment. This is a high impact role with visibility across the organisation. You'll influence senior leaders, guide major technology decisions, and help create a modern and secure, integrated architecture that supports better services and outcomes for residents. This is a hybrid role. You will be expected to attend monthly in-person team days in our Colindale office. We also come into the office to meet service stakeholders, work together on collaboration, discovery and user testing sessions and department days Please click here to download the Job description for this role. About you You are an experienced cyber security professional who brings both strategic insight and handson expertise. You have a strong track record of protecting complex organisations from evolving cyber threats, ideally within the public sector or other regulated environments. You understand national standards and frameworks such as NCSC guidance, PSN, PCIDSS, GDPR and Cyber Essentials Plus, and you know how to translate these into practical, proportionate controls that keep systems, people and data safe. Relationship building is one of your strengths. You know how to influence, challenge constructively and collaborate across organisational boundaries, including with outsourced partners and internal stakeholders. You champion security by design, drive cultural change, and communicate in a way that brings people with you. Strong communication and negotiation skills, with proven experience influencing senior stakeholders. You are confident working with modern security technologies including Microsoft Sentinel, Microsoft Defender, and the wider Microsoft E5 security suite. You can analyse risks, interpret complex technical information, and provide clear advice to senior leaders, project teams and service managers. You're proactive, highly organised, and able to balance multiple priorities while keeping residents, partners and staff at the heart of your decision-making. You are motivated by public service, committed to learning and continuous improvement, and you share our values of caring, collaboration, inclusivity and curiosity. Above all, you want to help create a safer, more resilient and more secure Council for the residents and communities of Barnet. Please see full job description for further details What we offer - 31 days annual leave, plus public and bank holidays - Access to the Local Government Pension Scheme, which provides a valuable guaranteed income in your retirement together with security for your dependents - Work-life balance options may include hybrid working, flexitime, job share, home working, part-time - A vast range of lifestyle discounts from major retailers, supermarkets, energy suppliers and more - Broad range of payroll benefits including cycle to work, eye care vouchers, travel and gym membership - Excellent training and development opportunities - Employee well- being training programs including confidential employee assistance How to apply Read the job description and person specification before clicking 'Apply' to commence the online application form. If you would like any further information about the role before applying, please contact James Rapkin, Head of Organisational Insight & Intelligence, Barnet Council is committed to safeguarding and promoting the welfare of children, young people, and vulnerable adults and expects all staff and volunteers to share this commitment. Barnet operates stringent safer recruitment procedures, this may include AI Detection Screening, Biometric ID/Right to Work Checks, Qualification and Registration Checks, Up to 6 years of Employment Data and Insights to Accelerate Screening (Konfir), Up to 5 years of Employment History References, DBS (Disclosure & Barring Service) Checks, Credit Checks and Social Media, Sanctions and Occupational Health Screening. To deliver Barnet Council's commitment to equality of opportunity in the provision of services, all staff are expected to promote equality in the workplace and in the services the Council delivers. As such we value diversity and welcome applications from all backgrounds. Barnet Council embraces all forms of flexible working (including part-time, compressed hours, and hybrid working) and is committed to offering employees a healthy work-life balance. Candidates are encouraged to talk about relevant requirements and preferences at interview. We can't promise to give you exactly what you want, but we do promise not to judge you for asking. Barnet Council is a Disability Confident Committed Employer. We welcome and encourage job applications of all abilities. If you require any reasonable adjustments in the application or interview, please contact the lead contact on this advert. We will make reasonable adjustments to make sure our disabled applicants and those with health conditions are supported throughout our recruitment process. We support the access to work scheme, further details are available at (url removed) All posts with the council are subject to a probationary period of six months, during which time you will be required to demonstrate to the council satisfaction your suitability for the position in which you will be employed. Due to the high number of applications that are received for some posts we may close vacancies before the stated closing date if sufficient number of applications are received. Therefore, please apply as soon as possible. Please ensure you regularly check the email account (including JUNK MAIL folders) that you use to submit your application, as any further communication regarding your application will be sent electronically. Should you not hear from us within four working weeks of the closing date for this post, then regretfully in this instance, you have not been shortlisted.
OT Security Risk & Compliance Lead Permanent Salary + £15% bonus + 10% pension Hybrid 1 day a week on site in your desired office location, Glasgow, London, Leeds or Ipswich Are you passionate about driving security standards in OT/ICS environments? This is an exciting opportunity to join a leading global renewables business as they strengthen their Cyber and Information Security capability. Reporting to the Head of InfoSec Governance, Risk & Compliance (via the OT Security Risk & Compliance Manager), the OT Security Risk & Compliance Lead will play a pivotal role in shaping, managing and influencing security risk management activities across the Group, with a particular focus on OT/ICS. Key Responsibilities: Define and deliver security risk assessments and maintain accurate risk registers and reports. Lead security risk review meetings with stakeholders and represent Security at senior leadership forums. Support the development, rollout and adoption of the Group Security Framework, Policies and Standards, ensuring alignment to external regulations (NIS Regulation 2018, SEC, PCI-DSS, etc.). Oversee compliance activities, promote a risk-aware culture, and manage non-compliance or exceptions. Provide security SME input into projects, supporting delivery teams and asset owners in understanding their responsibilities. Assist with supply chain security assessments and contribute to enterprise-wide risk and audit reporting. What We re Looking For: Previous experience working with OT Systems or applying engineering principles in production environments. Knowledge of control frameworks such as NIST, IEC 62443, ISO27001, ITIL, SABSA. Strong technical understanding across OT/ICS environments. Excellent stakeholder management skills with the ability to influence and communicate effectively at all levels. Why Join? Be part of a forward-thinking organisation investing heavily in innovation, renewables, AI and IoT. Play a key role in enhancing their global cyber resilience. Enjoy a flexible hybrid model with 95% remote working. Competitive package including bonus and pension.
06/10/2025
Full time
OT Security Risk & Compliance Lead Permanent Salary + £15% bonus + 10% pension Hybrid 1 day a week on site in your desired office location, Glasgow, London, Leeds or Ipswich Are you passionate about driving security standards in OT/ICS environments? This is an exciting opportunity to join a leading global renewables business as they strengthen their Cyber and Information Security capability. Reporting to the Head of InfoSec Governance, Risk & Compliance (via the OT Security Risk & Compliance Manager), the OT Security Risk & Compliance Lead will play a pivotal role in shaping, managing and influencing security risk management activities across the Group, with a particular focus on OT/ICS. Key Responsibilities: Define and deliver security risk assessments and maintain accurate risk registers and reports. Lead security risk review meetings with stakeholders and represent Security at senior leadership forums. Support the development, rollout and adoption of the Group Security Framework, Policies and Standards, ensuring alignment to external regulations (NIS Regulation 2018, SEC, PCI-DSS, etc.). Oversee compliance activities, promote a risk-aware culture, and manage non-compliance or exceptions. Provide security SME input into projects, supporting delivery teams and asset owners in understanding their responsibilities. Assist with supply chain security assessments and contribute to enterprise-wide risk and audit reporting. What We re Looking For: Previous experience working with OT Systems or applying engineering principles in production environments. Knowledge of control frameworks such as NIST, IEC 62443, ISO27001, ITIL, SABSA. Strong technical understanding across OT/ICS environments. Excellent stakeholder management skills with the ability to influence and communicate effectively at all levels. Why Join? Be part of a forward-thinking organisation investing heavily in innovation, renewables, AI and IoT. Play a key role in enhancing their global cyber resilience. Enjoy a flexible hybrid model with 95% remote working. Competitive package including bonus and pension.
2nd Line Support Analyst Are you an experienced 2nd Line Support Analyst who thrives in a hands-on role, supporting a wide range of systems and users who enjoys working in a internal IT team? About the Role As our IT Support Engineer, you'll report directly to the IT Manager and play a key role in maintaining and improving our IT systems and services. You'll provide support across Servers, desktops, laptops, tablets, mobile devices, and applications (including MS Office), while also getting involved in specialist software and infrastructure with exposure to Azure cloud. This is a varied role where no two days are the same - from logging and resolving helpdesk tickets, to site setups, Active Directory management, and ensuring our compliance standards are met. You'll also spend at least one day a week on-site at one of our construction projects, making sure IT services run smoothly. Key Responsibilities Provide 1st and 2nd line IT support for hardware, software, and applications. Manage and escalate issues to 3rd line support or external suppliers where required. Support specialist systems such as AutoCAD, Bluebeam, Asta Powerproject, and Lecia. Maintain and improve IT documentation, ensuring compliance with standards (PCI DSS, Cyber Essentials, GDPR). Assist with site setups, network infrastructure, and mobile phone provisioning. Support core IT systems including Exchange 365, Mimecast, Manage Engine Service Desk Plus, and security tools. Travel to sites (minimum one day per week) to provide and maintain IT services. What We're Looking For Hands on experience within an IT support/service role. Hands on exposure to Exchange 365, Mimecast, Azure would be great Strong working knowledge of MS Office, including Access and SharePoint. A problem-solver with excellent customer service skills. A confident communicator who enjoys working as part of a team. Full UK driving licence (manual) and own car. Right to work in the UK.
03/10/2025
Full time
2nd Line Support Analyst Are you an experienced 2nd Line Support Analyst who thrives in a hands-on role, supporting a wide range of systems and users who enjoys working in a internal IT team? About the Role As our IT Support Engineer, you'll report directly to the IT Manager and play a key role in maintaining and improving our IT systems and services. You'll provide support across Servers, desktops, laptops, tablets, mobile devices, and applications (including MS Office), while also getting involved in specialist software and infrastructure with exposure to Azure cloud. This is a varied role where no two days are the same - from logging and resolving helpdesk tickets, to site setups, Active Directory management, and ensuring our compliance standards are met. You'll also spend at least one day a week on-site at one of our construction projects, making sure IT services run smoothly. Key Responsibilities Provide 1st and 2nd line IT support for hardware, software, and applications. Manage and escalate issues to 3rd line support or external suppliers where required. Support specialist systems such as AutoCAD, Bluebeam, Asta Powerproject, and Lecia. Maintain and improve IT documentation, ensuring compliance with standards (PCI DSS, Cyber Essentials, GDPR). Assist with site setups, network infrastructure, and mobile phone provisioning. Support core IT systems including Exchange 365, Mimecast, Manage Engine Service Desk Plus, and security tools. Travel to sites (minimum one day per week) to provide and maintain IT services. What We're Looking For Hands on experience within an IT support/service role. Hands on exposure to Exchange 365, Mimecast, Azure would be great Strong working knowledge of MS Office, including Access and SharePoint. A problem-solver with excellent customer service skills. A confident communicator who enjoys working as part of a team. Full UK driving licence (manual) and own car. Right to work in the UK.
Salary - £60,000 - £80,000 About Technology at Which? Our Information Security, Product & Technology teams use leading technologies and tools - from AWS and Docker to Java, React.js and Salesforce - along with Agile working practices, to solve the technical challenges that enable Which? to champion consumers as a powerful digital force. About the role Information Security Technology Manager Reporting to our Head of Information Security, you'll be responsible for: Owning the operational and technical side of our security function. This will include reviewing and questioning current processes, suppliers, technologies and ways of working and collaborating with the Head of Information Security to use this insight and inform our strategy Partnering with technologists, business SMEs and our data compliance office to ensure that our teams are enabled and that controls are fit for purpose , this will also include partnering with our squads and engineering teams to automate tasks and optimise existing processes Owning security operations including managing incident management Partnering with our Managed Service Provider Evolving our information security function so that Which? continues to mature Recruiting, leading and supporting a small high performing Information Security Team Partnering with technologists to help inform and design security architecture All aspects of security change What we'll need from you You'll have a technical infosec background, so perhaps you are an existing security manager looking for a new challenge, a security engineer looking for your next step or a security architect that's looking to transition to a leadership role You'll enjoy working collaboratively with those around you, will be improvement focused and will make information security accessible to those that you partner with You'll be flexible, proactive and comfortable working as part of a small team that requires you to wear different hats at any one time Experience in PCI DSS would be an advantage, or a willingness to learn We also have these benefits for you to consider: 28 days holiday + all bank holidays 35 hour working week Hybrid way of working, with patterns agreed at team level, based on the requirements for the role Award winning pension scheme - when you pay in 3%,Which? paysin 6% (rising to 11% after one year of service.) Healthcare insurance Private medical insurance and opportunity to participate in Vitality rewards programme - at 6 months Free life assurance cover (worth at least 4x your annual salary) Free access to Which? member content Free access to Which? money and legal helplines 50% off making a will with Which? wills Tax-free cycle to work scheme Our office is across the road from Great Portland St Underground and a few minutes' walk from Regents Park Underground station. About Which? Which? is the UK's consumer champion, here to make life simpler, fairer and safer for everyone. As an organisation we're not for profit and all for making consumers more powerful - and as people we're brave, caring, rigorous and insightful in the way we connect with each other to make change happen. Our work impacts in high profile areas such as consumer rights, scams, data protection and unfair pricing. Our investigations go deep and our expert advice is completely impartial. Same goes for our product reviews - our rigorous tests and expert recommendations help consumers to make better decisions. Come and champion consumers with us - it's important work. At Which? we value diversity and we're committed to creating an inclusive culture where everyone is able to be themselves and to reach their full potential. We want to receive applications from all regardless of age, gender identity, disability, marriage or civil partnership, pregnancy or maternity, religion or belief, race or ethnic origin, sex, sexual orientation, transgender status, social economic background etc. We believe that a diverse workforce helps us to understand and create a positive impact for consumers. We want to ensure that everybody can apply and be part of our recruitment processes, and therefore when required we make reasonable adjustments to accommodate our candidates. If this sounds like the role for you then we would love to hear from you We're committed to making sure our application process is accessible to everyone who would like to apply for any of our vacancies! Please reach out to if you need us to provide an alternative application method to support your accessibility needs.
22/09/2022
Full time
Salary - £60,000 - £80,000 About Technology at Which? Our Information Security, Product & Technology teams use leading technologies and tools - from AWS and Docker to Java, React.js and Salesforce - along with Agile working practices, to solve the technical challenges that enable Which? to champion consumers as a powerful digital force. About the role Information Security Technology Manager Reporting to our Head of Information Security, you'll be responsible for: Owning the operational and technical side of our security function. This will include reviewing and questioning current processes, suppliers, technologies and ways of working and collaborating with the Head of Information Security to use this insight and inform our strategy Partnering with technologists, business SMEs and our data compliance office to ensure that our teams are enabled and that controls are fit for purpose , this will also include partnering with our squads and engineering teams to automate tasks and optimise existing processes Owning security operations including managing incident management Partnering with our Managed Service Provider Evolving our information security function so that Which? continues to mature Recruiting, leading and supporting a small high performing Information Security Team Partnering with technologists to help inform and design security architecture All aspects of security change What we'll need from you You'll have a technical infosec background, so perhaps you are an existing security manager looking for a new challenge, a security engineer looking for your next step or a security architect that's looking to transition to a leadership role You'll enjoy working collaboratively with those around you, will be improvement focused and will make information security accessible to those that you partner with You'll be flexible, proactive and comfortable working as part of a small team that requires you to wear different hats at any one time Experience in PCI DSS would be an advantage, or a willingness to learn We also have these benefits for you to consider: 28 days holiday + all bank holidays 35 hour working week Hybrid way of working, with patterns agreed at team level, based on the requirements for the role Award winning pension scheme - when you pay in 3%,Which? paysin 6% (rising to 11% after one year of service.) Healthcare insurance Private medical insurance and opportunity to participate in Vitality rewards programme - at 6 months Free life assurance cover (worth at least 4x your annual salary) Free access to Which? member content Free access to Which? money and legal helplines 50% off making a will with Which? wills Tax-free cycle to work scheme Our office is across the road from Great Portland St Underground and a few minutes' walk from Regents Park Underground station. About Which? Which? is the UK's consumer champion, here to make life simpler, fairer and safer for everyone. As an organisation we're not for profit and all for making consumers more powerful - and as people we're brave, caring, rigorous and insightful in the way we connect with each other to make change happen. Our work impacts in high profile areas such as consumer rights, scams, data protection and unfair pricing. Our investigations go deep and our expert advice is completely impartial. Same goes for our product reviews - our rigorous tests and expert recommendations help consumers to make better decisions. Come and champion consumers with us - it's important work. At Which? we value diversity and we're committed to creating an inclusive culture where everyone is able to be themselves and to reach their full potential. We want to receive applications from all regardless of age, gender identity, disability, marriage or civil partnership, pregnancy or maternity, religion or belief, race or ethnic origin, sex, sexual orientation, transgender status, social economic background etc. We believe that a diverse workforce helps us to understand and create a positive impact for consumers. We want to ensure that everybody can apply and be part of our recruitment processes, and therefore when required we make reasonable adjustments to accommodate our candidates. If this sounds like the role for you then we would love to hear from you We're committed to making sure our application process is accessible to everyone who would like to apply for any of our vacancies! Please reach out to if you need us to provide an alternative application method to support your accessibility needs.
This is a new position which means we are looking for a motivated and enthusiastic Cyber Security Manager to help establish and develop good practice within the service and the wider Authority. The role offers the opportunity for hybrid working in a flexible service.
The post holder will become the Authority’s expert in Cyber Security. They will have responsibility for the effective operational management of the Cyber Security agenda across the Authority, ensuring the protection of IT Systems utilised to support customer and back-office functions. This person is expected to become expert in and up to date with policies, procedures, legislation, and good practice surrounding Cyber Security.
This is a varied hands-on role that involves working closely with all areas of ICT Services and the wider organisation to promote and develop a security first approach and practice.
You will support the ICT Service teams in strategic security projects focusing on patching and vulnerability management.
Responsibilities / Essential Skills
Reporting to the Head of Digital and Technology, you will be responsible for driving and implementing security initiatives to protect the business from security threats and cyber-attacks, delivering best practice security controls and processes
Establish and execute the security strategy for the development of information security technologies, cyber risk management and policies and practices while ensuring information security and compliance within applicable regulations
Providing hands-on leadership in risk identification to accurately map out critical security issues and recommendations
Plan and manage security testing and simulations, including red assessments and phishing simulations.
Investigate and respond to breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
Scheduling and conducting periodic security assessments, including desktop and red team exercises.
Proven experience of strategically leading security operations.
Ability to communicate at all levels (technical / non-technical) with clarity and precision, both written and verbally.
Ideally hold at least one Security Compliance certification (CISSP, CEH, CISM)
Main Skills/ Requirements:
Security Incident Management and Crisis Management experience
Sound knowledge and experience with compliance frameworks such as NIST, MITRE ATT&CK, and PCI DSS
Experience with SIEM systems
Scripting with Python and/or PowerShell
Experience of Data Leakage prevention strategies
Excellent understanding across multiple technology areas - Networking, Operating Systems (Windows, Linux, and Mac), Application Security, AWS.
Experience leading investigations, threat hunting and writing playbooks.
Knowledge of Mitre security framework, NIST standards and Controls, ISO27001 and PCI-DSS
Knowledge of Microsoft Azure Sentinel and Defender Advanced Threat Protection.
Knowledge of Microsoft Active Directory.
For an informal discussion please contact David Strong on 01228 817298 or David.Strong@carlisle.gov.uk
We offer an excellent benefits package with flexible working, a generous pension scheme and fabulous development opportunities.
For further details and an application form please visit our website www.carlisle.gov.uk/Jobs
The closing date for applications is 12 noon on Friday 22 October 2021 and interviews are anticipated to take place week commencing 8 November 2021.
01/10/2021
Full time
This is a new position which means we are looking for a motivated and enthusiastic Cyber Security Manager to help establish and develop good practice within the service and the wider Authority. The role offers the opportunity for hybrid working in a flexible service.
The post holder will become the Authority’s expert in Cyber Security. They will have responsibility for the effective operational management of the Cyber Security agenda across the Authority, ensuring the protection of IT Systems utilised to support customer and back-office functions. This person is expected to become expert in and up to date with policies, procedures, legislation, and good practice surrounding Cyber Security.
This is a varied hands-on role that involves working closely with all areas of ICT Services and the wider organisation to promote and develop a security first approach and practice.
You will support the ICT Service teams in strategic security projects focusing on patching and vulnerability management.
Responsibilities / Essential Skills
Reporting to the Head of Digital and Technology, you will be responsible for driving and implementing security initiatives to protect the business from security threats and cyber-attacks, delivering best practice security controls and processes
Establish and execute the security strategy for the development of information security technologies, cyber risk management and policies and practices while ensuring information security and compliance within applicable regulations
Providing hands-on leadership in risk identification to accurately map out critical security issues and recommendations
Plan and manage security testing and simulations, including red assessments and phishing simulations.
Investigate and respond to breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
Scheduling and conducting periodic security assessments, including desktop and red team exercises.
Proven experience of strategically leading security operations.
Ability to communicate at all levels (technical / non-technical) with clarity and precision, both written and verbally.
Ideally hold at least one Security Compliance certification (CISSP, CEH, CISM)
Main Skills/ Requirements:
Security Incident Management and Crisis Management experience
Sound knowledge and experience with compliance frameworks such as NIST, MITRE ATT&CK, and PCI DSS
Experience with SIEM systems
Scripting with Python and/or PowerShell
Experience of Data Leakage prevention strategies
Excellent understanding across multiple technology areas - Networking, Operating Systems (Windows, Linux, and Mac), Application Security, AWS.
Experience leading investigations, threat hunting and writing playbooks.
Knowledge of Mitre security framework, NIST standards and Controls, ISO27001 and PCI-DSS
Knowledge of Microsoft Azure Sentinel and Defender Advanced Threat Protection.
Knowledge of Microsoft Active Directory.
For an informal discussion please contact David Strong on 01228 817298 or David.Strong@carlisle.gov.uk
We offer an excellent benefits package with flexible working, a generous pension scheme and fabulous development opportunities.
For further details and an application form please visit our website www.carlisle.gov.uk/Jobs
The closing date for applications is 12 noon on Friday 22 October 2021 and interviews are anticipated to take place week commencing 8 November 2021.
Project Manager - Information Security | £5-600 p/day | Outside IR35 | Contract (5months) You will manage and lead all phases of global information security projects and contribute to execution of the strategy by solving a business need through the application of project management practices. Understand the business strategy and information security needs to drive change within the company. Identify and monitor efforts and costs required in Information Security and other IT functions to deliver optimal secure solutions to the company. Your 'day to day' · Understand the business strategy, global InfoSec strategic roadmap and specific project information security needs to drive change within the company. Get deep understanding of the company's global information security baselines and help defining InfoSec requirements, propose optimal solution, confirm financial proposal of the project and drive change management activities. · Manage and build a flexible, agile and innovative IT project organization that attracts, develops and retains the best global talent in order to deliver IT required, currently and in the future. · Apply project management, change management, service management methodology and usability practices based on known solutions, applications and best practices assuring adherence to standards. Resolve complex project related issues by analysing, identifying and facilitating the emergence of solutions leading to optimal resolution. · Drive communication and co-ordination for the success of the project and provide project status reports and other project information to project stakeholders and senior management on a regular basis. Timely identify project needs impacting other IT platforms or teams, and coordinate project efforts in close collaboration with these teams to ensure timely and effective project delivery. · Drive the projects within agreed scope, budget, resources and timing. Allocate and manage resources for assigned projects based on historical information, input from other staff, and general understanding of project tasks; anticipate and mobilise cross functional resources when required (procurement, legal, technology, finance, 3rd party suppliers and consultant, etc.). Monitor and measure results and provide constructive feedback to assigned resources in terms of deliverables on what and how. · Ensure development and distribution of quality project-related documentation to all interested parties, including project plan and schedule, project charter, communications plan, requirements document, design document, deployment plan, test plan, maintenance transition plan, and closing report. Who we're looking for · 5-10 years of experience in leading IT projects, preferably in information security related domains, within a large organization · Experience in Agile development methodology · Deep understanding of IT processes: logical and physical access management, change management, system operations, system availability and continuity, risk assessment · Good presentation, analytic, conceptual design, and decision-making skills · Knowledge of information security management systems such as the National Institute of Standards and Technology (NIST) Special Publication 800-53, ISO 2700x, COBIT 2019 · Knowledge of Sarbanes-Oxley (SOX) compliance and PCI-DSS compliance · University degree (Computer Sciences, Information Systems, Engineering, Business Administration or equivalent) · Professional certifications in IT audit, information security, or risk management (e.g. ISACA CISA, ISACA CISM, ISACA CRISC, CISSP, ISO 27001 Lead Auditor/Implementer, GIAC Security Essentials Certification (GSEC), etc.) · Professional certifications in project management (e.g. PRINCE2, Project Management Professional (PMP), Agile, SCRUM) · Delivery of DLP, Cloud Security, Endpoint Security, Infrastructure Security projects will be added advantage. The job/role offer is subject to valid right to work in UK
10/09/2021
Contractor
Project Manager - Information Security | £5-600 p/day | Outside IR35 | Contract (5months) You will manage and lead all phases of global information security projects and contribute to execution of the strategy by solving a business need through the application of project management practices. Understand the business strategy and information security needs to drive change within the company. Identify and monitor efforts and costs required in Information Security and other IT functions to deliver optimal secure solutions to the company. Your 'day to day' · Understand the business strategy, global InfoSec strategic roadmap and specific project information security needs to drive change within the company. Get deep understanding of the company's global information security baselines and help defining InfoSec requirements, propose optimal solution, confirm financial proposal of the project and drive change management activities. · Manage and build a flexible, agile and innovative IT project organization that attracts, develops and retains the best global talent in order to deliver IT required, currently and in the future. · Apply project management, change management, service management methodology and usability practices based on known solutions, applications and best practices assuring adherence to standards. Resolve complex project related issues by analysing, identifying and facilitating the emergence of solutions leading to optimal resolution. · Drive communication and co-ordination for the success of the project and provide project status reports and other project information to project stakeholders and senior management on a regular basis. Timely identify project needs impacting other IT platforms or teams, and coordinate project efforts in close collaboration with these teams to ensure timely and effective project delivery. · Drive the projects within agreed scope, budget, resources and timing. Allocate and manage resources for assigned projects based on historical information, input from other staff, and general understanding of project tasks; anticipate and mobilise cross functional resources when required (procurement, legal, technology, finance, 3rd party suppliers and consultant, etc.). Monitor and measure results and provide constructive feedback to assigned resources in terms of deliverables on what and how. · Ensure development and distribution of quality project-related documentation to all interested parties, including project plan and schedule, project charter, communications plan, requirements document, design document, deployment plan, test plan, maintenance transition plan, and closing report. Who we're looking for · 5-10 years of experience in leading IT projects, preferably in information security related domains, within a large organization · Experience in Agile development methodology · Deep understanding of IT processes: logical and physical access management, change management, system operations, system availability and continuity, risk assessment · Good presentation, analytic, conceptual design, and decision-making skills · Knowledge of information security management systems such as the National Institute of Standards and Technology (NIST) Special Publication 800-53, ISO 2700x, COBIT 2019 · Knowledge of Sarbanes-Oxley (SOX) compliance and PCI-DSS compliance · University degree (Computer Sciences, Information Systems, Engineering, Business Administration or equivalent) · Professional certifications in IT audit, information security, or risk management (e.g. ISACA CISA, ISACA CISM, ISACA CRISC, CISSP, ISO 27001 Lead Auditor/Implementer, GIAC Security Essentials Certification (GSEC), etc.) · Professional certifications in project management (e.g. PRINCE2, Project Management Professional (PMP), Agile, SCRUM) · Delivery of DLP, Cloud Security, Endpoint Security, Infrastructure Security projects will be added advantage. The job/role offer is subject to valid right to work in UK
Prism Digital
Information Security Analyst - SIEM - Famous Arts Institution A world-renowned arts institution based in South Kensington is looking for a Cyber Security Analyst You will be joining an IT department of circa 20 staff. Your role will be as a very hands on IT Security specialist to maintain the internal and external security of the business at a large scale; 3,000 devices and 1,200 end users. You will be responsible for the day-to-day actions that will ensure the established information security policies are adhered to by all staff and all systems. You will monitor all security and compliance systems regularly taking action where required or ensuring that others who are responsible for those systems are taking appropriate action. Main tasks: * Lead the development, documentation and maintenance of information security policies, procedures, and standards across the organisation * Proactively initiate, facilitate, and promote activities to create awareness of information security * Assist in system and software architecture and design to ensure that data and assets remain secure at all times * Perform Information Security Risk Assessments of all new systems implemented * Perform regular risk assessments and work closely with auditors to pre-empt, mitigate, and swiftly respond to any audit findings * To investigate suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken * Work with the IT Security Manager to implement and maintain the Information Security Management System (ISMS) * Manage the Security Information and Event Management system (SIEM) and other security systems ensuring appropriate actions are taken for all issues flagged for action by the system * Monitor all security compliance reporting ensuring appropriate actions are taken in response to the report details and escalating issues as required * Monitor security risks using data from security vendors, application vendors, government security organisations and other appropriate information sources and highlight areas of concern to the IT Security Manager * Monitor all security systems for potential security breaches and recommend remedial actions to be taken * Manage regular penetration tests (internal and external) Monitor the SIEM for issues arising Check compliance reports daily and get others to make appropriate updates Work with the Programme Manager on developing further compliance reports for regular review Verify Windows patches are applied by performing random checks Implement Nessus scanner with Cyber Essentials rules for internal systems to verify compliance levels Follow up on any phishing attacks or other security events to ensure proper process and documentation is followed Assist in putting together an Information Security Risk Assessment template and then conducting those for each of our systems. Follow up on penetration test results liaising with internal teams and external vendors to deliver required remediation Essential requirements: * Formal Information Security qualification (CISM, CISSP/CISA or equivalent) * At least 3 years of experience in Information Security Management or IT Audit related role * Understanding of ISO27001, Cyber Essentials, business continuity and compliance and audit frameworks * Understanding of IT infrastructure, networking systems and information management systems * Experienced in the selection and implementation of appropriate security controls * Ability to produce clear written material for Senior Management * Ability to communicate technical information in a clear and understandable manner to non-technical stakeholders * Ability to direct, interact and effectively share technical issues with IT staff and end users Desirable requirements: * Familiar with the configuration and operation of Nessus * Working within an ISO27001 or Cyber Essentials compliant environment * Strong understanding of GDPR and PCIDSS * Excellent analytical and problem-solving skills * Experience establishing an ISMS and SIEM Benefits: 28 days holiday 10% Co. Pension - no personal contrib needed Season Ticket Loan Cycle to Work Scheme Heavily subsidised Staff Canteen 36 Working Hour Week with a degree of flex Information Security Analyst - SIEM - Famous Arts Institution This is an amazing company to work for and they are looking for someone to start ASAP!
15/02/2019
Prism Digital
Information Security Analyst - SIEM - Famous Arts Institution A world-renowned arts institution based in South Kensington is looking for a Cyber Security Analyst You will be joining an IT department of circa 20 staff. Your role will be as a very hands on IT Security specialist to maintain the internal and external security of the business at a large scale; 3,000 devices and 1,200 end users. You will be responsible for the day-to-day actions that will ensure the established information security policies are adhered to by all staff and all systems. You will monitor all security and compliance systems regularly taking action where required or ensuring that others who are responsible for those systems are taking appropriate action. Main tasks: * Lead the development, documentation and maintenance of information security policies, procedures, and standards across the organisation * Proactively initiate, facilitate, and promote activities to create awareness of information security * Assist in system and software architecture and design to ensure that data and assets remain secure at all times * Perform Information Security Risk Assessments of all new systems implemented * Perform regular risk assessments and work closely with auditors to pre-empt, mitigate, and swiftly respond to any audit findings * To investigate suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken * Work with the IT Security Manager to implement and maintain the Information Security Management System (ISMS) * Manage the Security Information and Event Management system (SIEM) and other security systems ensuring appropriate actions are taken for all issues flagged for action by the system * Monitor all security compliance reporting ensuring appropriate actions are taken in response to the report details and escalating issues as required * Monitor security risks using data from security vendors, application vendors, government security organisations and other appropriate information sources and highlight areas of concern to the IT Security Manager * Monitor all security systems for potential security breaches and recommend remedial actions to be taken * Manage regular penetration tests (internal and external) Monitor the SIEM for issues arising Check compliance reports daily and get others to make appropriate updates Work with the Programme Manager on developing further compliance reports for regular review Verify Windows patches are applied by performing random checks Implement Nessus scanner with Cyber Essentials rules for internal systems to verify compliance levels Follow up on any phishing attacks or other security events to ensure proper process and documentation is followed Assist in putting together an Information Security Risk Assessment template and then conducting those for each of our systems. Follow up on penetration test results liaising with internal teams and external vendors to deliver required remediation Essential requirements: * Formal Information Security qualification (CISM, CISSP/CISA or equivalent) * At least 3 years of experience in Information Security Management or IT Audit related role * Understanding of ISO27001, Cyber Essentials, business continuity and compliance and audit frameworks * Understanding of IT infrastructure, networking systems and information management systems * Experienced in the selection and implementation of appropriate security controls * Ability to produce clear written material for Senior Management * Ability to communicate technical information in a clear and understandable manner to non-technical stakeholders * Ability to direct, interact and effectively share technical issues with IT staff and end users Desirable requirements: * Familiar with the configuration and operation of Nessus * Working within an ISO27001 or Cyber Essentials compliant environment * Strong understanding of GDPR and PCIDSS * Excellent analytical and problem-solving skills * Experience establishing an ISMS and SIEM Benefits: 28 days holiday 10% Co. Pension - no personal contrib needed Season Ticket Loan Cycle to Work Scheme Heavily subsidised Staff Canteen 36 Working Hour Week with a degree of flex Information Security Analyst - SIEM - Famous Arts Institution This is an amazing company to work for and they are looking for someone to start ASAP!
IT Jobs
Tamworth, Staffordshire near Birmingham, Midlands
Business Analyst (IT Infrastructure / InfoSec projects) with demonstrable experience of providing analysis for technical IT projects and business processes is required to support our Project Manager tasked with delivering numerous IT Infrastructure, Information Security and PCI-DSS related projects for this large Retail / FMCG / Logistics client.
The successful Business Analyst will be expected to gather requirements, provide ‘as-is’ / ‘to-be’ / gap analysis and to conduct operational process analysis within numerous business teams; providing relevant documentation allowing our Project Manager to define, plan, prioritise and to deliver proposed IT Infrastructure, Information Security and PCI-DSS related projects.
Business Analysts applying will be expected to have a logical, pragmatic, positive and self-driven attitude able to demonstrate the ability to thrive in a fast-paced semi-structured and loosely documented IT environment with limited support and resources. Please note that his position will not suit people used to having lots of structure, resources and documentation to hand.
Business Analysts MUST have experience of providing the above expertise whilst working on full lifecycle technical IT projects to qualify.
Business Analysts applying MUST also have exceptional people skills and proven experience of the above whilst ideally working within a retail, FMCG, logistics, supply-chain or similar fast paced sales driven environment where simplicity and minimal down time is essential to maintain core trading
IT Infrastructure projects that need to be delivered within this programme include the following technologies: Active Directory Upgrade (2008R2 to 2012R2/2016); MS DHCP & DNS System upgrades; Malware Protection solution; NTP Service Design and implementation; End User security training (Wombat); Identity Access Management; VPN solution (Cisco AnyConnect); Email (O265) Security Protection (ProofPoint); Application Firewall Implementation (F5/Netscaler); Vulnerability Discovery & Remediation (Nexpose); SIEM processes & configuration (Logrhythm); Hardware/Software Asset Management; Working towards PCI Compliance; Elements of GDPR Compliance
03/05/2017
Business Analyst (IT Infrastructure / InfoSec projects) with demonstrable experience of providing analysis for technical IT projects and business processes is required to support our Project Manager tasked with delivering numerous IT Infrastructure, Information Security and PCI-DSS related projects for this large Retail / FMCG / Logistics client.
The successful Business Analyst will be expected to gather requirements, provide ‘as-is’ / ‘to-be’ / gap analysis and to conduct operational process analysis within numerous business teams; providing relevant documentation allowing our Project Manager to define, plan, prioritise and to deliver proposed IT Infrastructure, Information Security and PCI-DSS related projects.
Business Analysts applying will be expected to have a logical, pragmatic, positive and self-driven attitude able to demonstrate the ability to thrive in a fast-paced semi-structured and loosely documented IT environment with limited support and resources. Please note that his position will not suit people used to having lots of structure, resources and documentation to hand.
Business Analysts MUST have experience of providing the above expertise whilst working on full lifecycle technical IT projects to qualify.
Business Analysts applying MUST also have exceptional people skills and proven experience of the above whilst ideally working within a retail, FMCG, logistics, supply-chain or similar fast paced sales driven environment where simplicity and minimal down time is essential to maintain core trading
IT Infrastructure projects that need to be delivered within this programme include the following technologies: Active Directory Upgrade (2008R2 to 2012R2/2016); MS DHCP & DNS System upgrades; Malware Protection solution; NTP Service Design and implementation; End User security training (Wombat); Identity Access Management; VPN solution (Cisco AnyConnect); Email (O265) Security Protection (ProofPoint); Application Firewall Implementation (F5/Netscaler); Vulnerability Discovery & Remediation (Nexpose); SIEM processes & configuration (Logrhythm); Hardware/Software Asset Management; Working towards PCI Compliance; Elements of GDPR Compliance
