Job Title: Physical Security Application Engineer Location: Newcastle / Remote Salary: Competitive Type: Permanent Sector: Public Sector The Physical Security Application Engineer operates within the Design & Engineering function, reporting to the Head of Design & Engineering in North's Public Services sector. This is a technical role combining deep platform expertise, hands-on commissioning capability, and design authority responsibilities across a portfolio of projects. The successful candidate will bring demonstrable hands-on experience across multiple enterprise security platforms, and will be expected to commission, configure, and technically lead deployments across the full range of platforms North delivers. They will be recognised internally as the primary technical reference for enterprise security platforms, and will operate as a trusted advisor to clients and project teams from requirements definition through to system handover. The role spans both direct delivery and technical leadership depending on project scale. On smaller or single-site projects the postholder will lead commissioning personally on site. On larger, more complex programmes they will direct and oversee commissioning teams, maintaining technical authority throughout. In both cases, they are the definitive go-to for platform knowledge, configuration standards, and commissioning quality across the business. Client & Requirements Engagement Work closely with clients and stakeholders to capture operational, functional, and technical requirements across the project lifecycle Provide trusted advisory services, helping clients shape their security technology strategy and understand the implications of design and platform decisions Support bids, tenders, and professional services engagements with credible technical input Operate consultatively across all phases of an engagement, not just at the point of delivery Solution Architecture & Design Develop High-Level Designs (HLDs) and system architectures during bid and solution stages Produce Stage 4 detailed designs and Low-Level Designs (LLDs) suitable for installation and delivery Design complex, multi-system integrated solutions (CCTV, Access Control, analytics, networks, and supporting infrastructure) Ensure designs incorporate resilience, scalability, cybersecurity, and compliance requirements Design Authority & Governance Act as Design Authority across assigned projects, ensuring all deliverables align to approved designs Provide technical oversight throughout installation, testing, and commissioning phases Govern design changes through structured review and approval processes Commissioning & Technical Handover Own and deliver commissioning activities across enterprise security platforms on projects Produce plans ahead of on-site activity, covering device configuration, platform build and bring-up, licensing validation, integration verification, and functional testing against design Lead commissioning delivery directly on site where required, and direct and oversee engineering teams Resolve technical issues during commissioning, maintaining alignment with approved design throughout Manage the transition to operational handover, including as-built records, commissioning sign-off documentation, and client-facing close-out deliverables Develop and maintain commissioning standards, configuration baselines, and reusable templates for enterprise platforms across the business Testing & Assurance Define and develop: FAT (Factory Acceptance Test) plans and reports SAT (Site Acceptance Test) plans and reports SIT (System Integration Test) plans and reports Ensure all solutions meet documented operational and performance requirements Delivery Collaboration Serve as the internal technical authority for enterprise security platforms across the business, acting as the primary point of escalation for platform-related questions and issues Provide platform guidance to project managers, engineers, and account teams throughout the project lifecycle Maintain deep working knowledge across multiple enterprise platforms including architecture, licensing models, integration capabilities, and commissioning requirements Monitor vendor technical bulletins, software releases, and roadmap developments, and advise the business on relevant implications Delivery Collaboration Deliver the technical commissioning-phase activities, directing installation and engineering teams as required Work closely with project managers to plan and sequence commissioning within the broader project programme Identify and mitigate technical risks throughout delivery, escalating where appropriate Provide on-site or remote technical guidance across the project portfolio as needed Multi-Disciplinary Design Leadership Act as Lead Designer on complex projects Coordinate and integrate designs across multiple disciplines: Networks & IT infrastructure,MEP systems,Fire systems,Building/construction elements Subject Matter Expertise Operate as a technical SME for security platforms such as Genetec, Milestone and Gallagher Maintain strong awareness of industry trends, standards, and emerging technologies Skills and Experience: Proven experience designing, architecting, and commissioning physical security systems in enterprise or public sector environments Hands-on delivery across enterprise VMS and access control platforms (e.g. Genetec, Milestone, Gallagher), with relevant certifications preferred Strong knowledge of CCTV, access control, IP networking, and infrastructure Experience producing HLDs, LLDs, and full system architecture documentation Familiar with FAT, SAT, and SIT testing processes Solid understanding of Windows Server, enterprise IT environments, and domain infrastructure Working knowledge of integration technologies and security system protocols Networking knowledge to CCNA level or equivalent
11/06/2026
Full time
Job Title: Physical Security Application Engineer Location: Newcastle / Remote Salary: Competitive Type: Permanent Sector: Public Sector The Physical Security Application Engineer operates within the Design & Engineering function, reporting to the Head of Design & Engineering in North's Public Services sector. This is a technical role combining deep platform expertise, hands-on commissioning capability, and design authority responsibilities across a portfolio of projects. The successful candidate will bring demonstrable hands-on experience across multiple enterprise security platforms, and will be expected to commission, configure, and technically lead deployments across the full range of platforms North delivers. They will be recognised internally as the primary technical reference for enterprise security platforms, and will operate as a trusted advisor to clients and project teams from requirements definition through to system handover. The role spans both direct delivery and technical leadership depending on project scale. On smaller or single-site projects the postholder will lead commissioning personally on site. On larger, more complex programmes they will direct and oversee commissioning teams, maintaining technical authority throughout. In both cases, they are the definitive go-to for platform knowledge, configuration standards, and commissioning quality across the business. Client & Requirements Engagement Work closely with clients and stakeholders to capture operational, functional, and technical requirements across the project lifecycle Provide trusted advisory services, helping clients shape their security technology strategy and understand the implications of design and platform decisions Support bids, tenders, and professional services engagements with credible technical input Operate consultatively across all phases of an engagement, not just at the point of delivery Solution Architecture & Design Develop High-Level Designs (HLDs) and system architectures during bid and solution stages Produce Stage 4 detailed designs and Low-Level Designs (LLDs) suitable for installation and delivery Design complex, multi-system integrated solutions (CCTV, Access Control, analytics, networks, and supporting infrastructure) Ensure designs incorporate resilience, scalability, cybersecurity, and compliance requirements Design Authority & Governance Act as Design Authority across assigned projects, ensuring all deliverables align to approved designs Provide technical oversight throughout installation, testing, and commissioning phases Govern design changes through structured review and approval processes Commissioning & Technical Handover Own and deliver commissioning activities across enterprise security platforms on projects Produce plans ahead of on-site activity, covering device configuration, platform build and bring-up, licensing validation, integration verification, and functional testing against design Lead commissioning delivery directly on site where required, and direct and oversee engineering teams Resolve technical issues during commissioning, maintaining alignment with approved design throughout Manage the transition to operational handover, including as-built records, commissioning sign-off documentation, and client-facing close-out deliverables Develop and maintain commissioning standards, configuration baselines, and reusable templates for enterprise platforms across the business Testing & Assurance Define and develop: FAT (Factory Acceptance Test) plans and reports SAT (Site Acceptance Test) plans and reports SIT (System Integration Test) plans and reports Ensure all solutions meet documented operational and performance requirements Delivery Collaboration Serve as the internal technical authority for enterprise security platforms across the business, acting as the primary point of escalation for platform-related questions and issues Provide platform guidance to project managers, engineers, and account teams throughout the project lifecycle Maintain deep working knowledge across multiple enterprise platforms including architecture, licensing models, integration capabilities, and commissioning requirements Monitor vendor technical bulletins, software releases, and roadmap developments, and advise the business on relevant implications Delivery Collaboration Deliver the technical commissioning-phase activities, directing installation and engineering teams as required Work closely with project managers to plan and sequence commissioning within the broader project programme Identify and mitigate technical risks throughout delivery, escalating where appropriate Provide on-site or remote technical guidance across the project portfolio as needed Multi-Disciplinary Design Leadership Act as Lead Designer on complex projects Coordinate and integrate designs across multiple disciplines: Networks & IT infrastructure,MEP systems,Fire systems,Building/construction elements Subject Matter Expertise Operate as a technical SME for security platforms such as Genetec, Milestone and Gallagher Maintain strong awareness of industry trends, standards, and emerging technologies Skills and Experience: Proven experience designing, architecting, and commissioning physical security systems in enterprise or public sector environments Hands-on delivery across enterprise VMS and access control platforms (e.g. Genetec, Milestone, Gallagher), with relevant certifications preferred Strong knowledge of CCTV, access control, IP networking, and infrastructure Experience producing HLDs, LLDs, and full system architecture documentation Familiar with FAT, SAT, and SIT testing processes Solid understanding of Windows Server, enterprise IT environments, and domain infrastructure Working knowledge of integration technologies and security system protocols Networking knowledge to CCNA level or equivalent
Job Title: Physical Security Application Engineer Location: Camberley/London Salary: Competitive Type: Permanent Sector: Public Sector The Physical Security Application Engineer operates within the Design & Engineering function, reporting to the Head of Design & Engineering in North's Public Services sector. This is a technical role combining deep platform expertise, hands-on commissioning capability, and design authority responsibilities across a portfolio of projects. The successful candidate will bring demonstrable hands-on experience across multiple enterprise security platforms, and will be expected to commission, configure, and technically lead deployments across the full range of platforms North delivers. They will be recognised internally as the primary technical reference for enterprise security platforms, and will operate as a trusted advisor to clients and project teams from requirements definition through to system handover. The role spans both direct delivery and technical leadership depending on project scale. On smaller or single-site projects the postholder will lead commissioning personally on site. On larger, more complex programmes they will direct and oversee commissioning teams, maintaining technical authority throughout. In both cases, they are the definitive go-to for platform knowledge, configuration standards, and commissioning quality across the business. Client & Requirements Engagement Work closely with clients and stakeholders to capture operational, functional, and technical requirements across the project lifecycle Provide trusted advisory services, helping clients shape their security technology strategy and understand the implications of design and platform decisions Support bids, tenders, and professional services engagements with credible technical input Operate consultatively across all phases of an engagement, not just at the point of delivery Solution Architecture & Design Develop High-Level Designs (HLDs) and system architectures during bid and solution stages Produce Stage 4 detailed designs and Low-Level Designs (LLDs) suitable for installation and delivery Design complex, multi-system integrated solutions (CCTV, Access Control, analytics, networks, and supporting infrastructure) Ensure designs incorporate resilience, scalability, cybersecurity, and compliance requirements Design Authority & Governance Act as Design Authority across assigned projects, ensuring all deliverables align to approved designs Provide technical oversight throughout installation, testing, and commissioning phases Govern design changes through structured review and approval processes Commissioning & Technical Handover Own and deliver commissioning activities across enterprise security platforms on projects Produce plans ahead of on-site activity, covering device configuration, platform build and bring-up, licensing validation, integration verification, and functional testing against design Lead commissioning delivery directly on site where required, and direct and oversee engineering teams Resolve technical issues during commissioning, maintaining alignment with approved design throughout Manage the transition to operational handover, including as-built records, commissioning sign-off documentation, and client-facing close-out deliverables Develop and maintain commissioning standards, configuration baselines, and reusable templates for enterprise platforms across the business Testing & Assurance Define and develop: FAT (Factory Acceptance Test) plans and reports SAT (Site Acceptance Test) plans and reports SIT (System Integration Test) plans and reports Ensure all solutions meet documented operational and performance requirements Delivery Collaboration Serve as the internal technical authority for enterprise security platforms across the business, acting as the primary point of escalation for platform-related questions and issues Provide platform guidance to project managers, engineers, and account teams throughout the project lifecycle Maintain deep working knowledge across multiple enterprise platforms including architecture, licensing models, integration capabilities, and commissioning requirements Monitor vendor technical bulletins, software releases, and roadmap developments, and advise the business on relevant implications Delivery Collaboration Deliver the technical commissioning-phase activities, directing installation and engineering teams as required Work closely with project managers to plan and sequence commissioning within the broader project programme Identify and mitigate technical risks throughout delivery, escalating where appropriate Provide on-site or remote technical guidance across the project portfolio as needed Multi-Disciplinary Design Leadership Act as Lead Designer on complex projects Coordinate and integrate designs across multiple disciplines: Networks & IT infrastructure,MEP systems,Fire systems,Building/construction elements Subject Matter Expertise Operate as a technical SME for security platforms such as Genetec, Milestone and Gallagher Maintain strong awareness of industry trends, standards, and emerging technologies Skills and Experience: Proven experience designing, architecting, and commissioning physical security systems in enterprise or public sector environments Hands-on delivery across enterprise VMS and access control platforms (e.g. Genetec, Milestone, Gallagher), with relevant certifications preferred Strong knowledge of CCTV, access control, IP networking, and infrastructure Experience producing HLDs, LLDs, and full system architecture documentation Familiar with FAT, SAT, and SIT testing processes Solid understanding of Windows Server, enterprise IT environments, and domain infrastructure Working knowledge of integration technologies and security system protocols Networking knowledge to CCNA level or equivalent
11/06/2026
Full time
Job Title: Physical Security Application Engineer Location: Camberley/London Salary: Competitive Type: Permanent Sector: Public Sector The Physical Security Application Engineer operates within the Design & Engineering function, reporting to the Head of Design & Engineering in North's Public Services sector. This is a technical role combining deep platform expertise, hands-on commissioning capability, and design authority responsibilities across a portfolio of projects. The successful candidate will bring demonstrable hands-on experience across multiple enterprise security platforms, and will be expected to commission, configure, and technically lead deployments across the full range of platforms North delivers. They will be recognised internally as the primary technical reference for enterprise security platforms, and will operate as a trusted advisor to clients and project teams from requirements definition through to system handover. The role spans both direct delivery and technical leadership depending on project scale. On smaller or single-site projects the postholder will lead commissioning personally on site. On larger, more complex programmes they will direct and oversee commissioning teams, maintaining technical authority throughout. In both cases, they are the definitive go-to for platform knowledge, configuration standards, and commissioning quality across the business. Client & Requirements Engagement Work closely with clients and stakeholders to capture operational, functional, and technical requirements across the project lifecycle Provide trusted advisory services, helping clients shape their security technology strategy and understand the implications of design and platform decisions Support bids, tenders, and professional services engagements with credible technical input Operate consultatively across all phases of an engagement, not just at the point of delivery Solution Architecture & Design Develop High-Level Designs (HLDs) and system architectures during bid and solution stages Produce Stage 4 detailed designs and Low-Level Designs (LLDs) suitable for installation and delivery Design complex, multi-system integrated solutions (CCTV, Access Control, analytics, networks, and supporting infrastructure) Ensure designs incorporate resilience, scalability, cybersecurity, and compliance requirements Design Authority & Governance Act as Design Authority across assigned projects, ensuring all deliverables align to approved designs Provide technical oversight throughout installation, testing, and commissioning phases Govern design changes through structured review and approval processes Commissioning & Technical Handover Own and deliver commissioning activities across enterprise security platforms on projects Produce plans ahead of on-site activity, covering device configuration, platform build and bring-up, licensing validation, integration verification, and functional testing against design Lead commissioning delivery directly on site where required, and direct and oversee engineering teams Resolve technical issues during commissioning, maintaining alignment with approved design throughout Manage the transition to operational handover, including as-built records, commissioning sign-off documentation, and client-facing close-out deliverables Develop and maintain commissioning standards, configuration baselines, and reusable templates for enterprise platforms across the business Testing & Assurance Define and develop: FAT (Factory Acceptance Test) plans and reports SAT (Site Acceptance Test) plans and reports SIT (System Integration Test) plans and reports Ensure all solutions meet documented operational and performance requirements Delivery Collaboration Serve as the internal technical authority for enterprise security platforms across the business, acting as the primary point of escalation for platform-related questions and issues Provide platform guidance to project managers, engineers, and account teams throughout the project lifecycle Maintain deep working knowledge across multiple enterprise platforms including architecture, licensing models, integration capabilities, and commissioning requirements Monitor vendor technical bulletins, software releases, and roadmap developments, and advise the business on relevant implications Delivery Collaboration Deliver the technical commissioning-phase activities, directing installation and engineering teams as required Work closely with project managers to plan and sequence commissioning within the broader project programme Identify and mitigate technical risks throughout delivery, escalating where appropriate Provide on-site or remote technical guidance across the project portfolio as needed Multi-Disciplinary Design Leadership Act as Lead Designer on complex projects Coordinate and integrate designs across multiple disciplines: Networks & IT infrastructure,MEP systems,Fire systems,Building/construction elements Subject Matter Expertise Operate as a technical SME for security platforms such as Genetec, Milestone and Gallagher Maintain strong awareness of industry trends, standards, and emerging technologies Skills and Experience: Proven experience designing, architecting, and commissioning physical security systems in enterprise or public sector environments Hands-on delivery across enterprise VMS and access control platforms (e.g. Genetec, Milestone, Gallagher), with relevant certifications preferred Strong knowledge of CCTV, access control, IP networking, and infrastructure Experience producing HLDs, LLDs, and full system architecture documentation Familiar with FAT, SAT, and SIT testing processes Solid understanding of Windows Server, enterprise IT environments, and domain infrastructure Working knowledge of integration technologies and security system protocols Networking knowledge to CCNA level or equivalent
Title Cyber Advisory Lead Reference No 2162 Company FTSE 100 Reports to Cyber Advisory Services Manager Location London Working Pattern 37.5 hours per week, Monday - Friday. Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Salary £59,000 - £72,000 Benefits Bupa, Matched pension contributions. Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. The Group operates a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi year transformation programme underway to build new security capabilities at pace. GCS sets the Group cyber standard, measures compliance against it across all the businesses, and delivers a portfolio of centrally managed security services that divisions can rely on. The Cyber Advisory Services function is the critical bridge between Group standards and divisional reality - translating GCS expertise into practical, context sensitive support that helps divisions understand, adopt, and embed the Group cyber standard in their specific environments. Role Summary Reporting to the Cyber Advisory Services Manager, the Cyber Advisory Lead is a senior individual contributor and the primary delivery resource within the advisory function. The role provides expert cyber security advice and guidance directly to the divisions, business units, and Group functions - operating as a trusted consultant who helps translate Group cyber standards into practical action on the ground. The Cyber Advisory Lead is the person divisions call when they need a credible, knowledgeable partner to work through a cyber security challenge with them: someone who understands both the Group standard and the operational reality of divisional environments. The role delivers a wide range of advisory services including technical standards interpretation and guidance, firewall rule base and security policy review, security input to non functional requirements for Group and divisional programmes, and advisory support to merger, acquisition, and divestiture activity. The Cyber Advisory Lead also plays a key role in managing and briefing flexible resources drawn from the GCS resourcing pool, ensuring they are deployed effectively and maintain the quality standards expected of the advisory function. This is a hands on role that demands breadth, consulting confidence, and the ability to calibrate advice to the needs and maturity of each divisional audience. Role Responsibilities / Accountabilities Technical Standards Advisory & Interpretation Act as the primary advisory point of contact for divisions and business units seeking guidance on the interpretation and application of Group cyber technical standards; provide clear, practical, and risk proportionate advice that helps divisions understand what compliance looks like in their specific environment. Translate Group technical standards into actionable divisional guidance; develop worked examples, implementation notes, and practical toolkits that make standards easier for divisional IT and security teams to adopt without losing the intent of the underlying requirement. Capture intelligence from advisory engagements - recurring questions, implementation blockers, divisional gaps - and feed it back to the Cyber Advisory Services Manager to inform improvements to standards, guidance materials, and the advisory service offering. Rule Base Assessment & Security Policy Review Plan and conduct firewall rule base reviews and security policy assessments for Group and divisional environments; identify technical debt, overly permissive rules, obsolete entries, and configuration drift, and produce clear, risk prioritised findings reports with actionable remediation guidance. Review and assess security policy change requests from divisions, evaluating proposed changes against Group standards and architectural principles and providing a clear recommendation with supporting rationale; act as a constructive challenge function rather than a bureaucratic gate. Support divisional teams in understanding and implementing remediation actions following rule base and policy reviews; track agreed actions to closure and provide follow up assurance that improvements have been embedded sustainably. Non Functional Security Requirements Engage with Group and divisional programme teams to define and validate non functional security requirements (NFRs); ensure that security properties - covering authentication, authorisation, encryption, logging, resilience, and data classification - are specified clearly and in a form that project and engineering teams can act on. Apply the Group NFR library to programme and project engagements, tailoring standard requirements to the specific technology context; identify where project proposals deviate from Group security expectations and work with project teams to find compliant or risk accepted alternatives. Contribute to the ongoing development and maintenance of the Group NFR library; identify gaps, outdated requirements, and emerging security considerations that should be reflected in standard NFR content. M&A, Project & Programme Advisory Support Provide cyber security advisory input to merger, acquisition, and divestiture activity, supporting the Cyber Advisory Services Manager in delivering the GCS M&A workstream; conduct cyber due diligence assessments, identify security risks associated with target entities, and develop recommendations for integration or separation. Support the delivery of cyber advisory input to Group and divisional strategic programmes - including technology transformations, cloud migrations, and ERP deployments - ensuring security considerations are raised and addressed at the right stage of each programme lifecycle. Produce high quality advisory outputs - reports, briefing notes, findings summaries, and recommendations - that reflect well on GCS and provide divisional stakeholders with clear, actionable intelligence. Flexible Resource Management & Divisional Engagement Support the Cyber Advisory Services Manager in managing the GCS flexible resourcing pool; brief and onboard flexible resources ahead of divisional deployments, maintain quality standards throughout engagements, and provide day to day direction to consultants and contractors working within the advisory function. Build and maintain trusted working relationships with divisional security leads, IT directors, and BISOs; position yourself as an accessible, credible, and practically minded partner who divisions want to engage with rather than a compliance overhead. Act as an active intelligence gatherer during divisional engagements; identify common challenges, recurring themes, and emerging risks across the estate, and feed structured insight back to the Cyber Advisory Services Manager and the wider GCS Leadership Team. Experience, Knowledge, Skills & Attributes Essential Experience 6+ years in cyber security, with a significant portion in advisory, consulting, or technical security roles requiring breadth across multiple domains. Demonstrable experience delivering cyber security advisory services to business units or divisions within a large organisation, or to enterprise clients as an external consultant. Hands on experience conducting firewall rule base reviews and security policy assessments, producing structured findings reports with risk prioritised recommendations. Experience defining or reviewing non functional security requirements for technology programmes, and the ability to translate security standards into specific, measurable project requirements. Experience providing cyber security input to M&A or other major business change programmes, including due diligence support and integration planning. Knowledge & Skills Broad technical knowledge spanning the core cyber security domains - network security, identity and access management, endpoint protection, cloud security, application security, and data protection - sufficient to advise credibly across all of them. Strong consulting and communication skills: able to listen carefully, form a well reasoned view, and articulate it clearly - whether in a written advisory report, a divisional workshop, or a one to one conversation with a BISO or IT director. Ability to translate Group technical standards into practical, context sensitive guidance that maintains the intent of the standard while acknowledging legitimate operational constraints of the division. Strong written output skills; able to produce high quality advisory reports and briefing materials that are accurate, clearly structured, and appropriate for a senior divisional or Group audience. Qualifications Degree level education in computer science, information security, or a related discipline; or equivalent professional experience. Professional certification in cyber security: CISSP, CISM, CompTIA Security+, or equivalent demonstrating technical breadth. Experience within a Big Four, specialist cyber consultancy, or in house advisory function of a large FTSE listed organisation . click apply for full job details
11/06/2026
Full time
Title Cyber Advisory Lead Reference No 2162 Company FTSE 100 Reports to Cyber Advisory Services Manager Location London Working Pattern 37.5 hours per week, Monday - Friday. Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Salary £59,000 - £72,000 Benefits Bupa, Matched pension contributions. Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. The Group operates a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi year transformation programme underway to build new security capabilities at pace. GCS sets the Group cyber standard, measures compliance against it across all the businesses, and delivers a portfolio of centrally managed security services that divisions can rely on. The Cyber Advisory Services function is the critical bridge between Group standards and divisional reality - translating GCS expertise into practical, context sensitive support that helps divisions understand, adopt, and embed the Group cyber standard in their specific environments. Role Summary Reporting to the Cyber Advisory Services Manager, the Cyber Advisory Lead is a senior individual contributor and the primary delivery resource within the advisory function. The role provides expert cyber security advice and guidance directly to the divisions, business units, and Group functions - operating as a trusted consultant who helps translate Group cyber standards into practical action on the ground. The Cyber Advisory Lead is the person divisions call when they need a credible, knowledgeable partner to work through a cyber security challenge with them: someone who understands both the Group standard and the operational reality of divisional environments. The role delivers a wide range of advisory services including technical standards interpretation and guidance, firewall rule base and security policy review, security input to non functional requirements for Group and divisional programmes, and advisory support to merger, acquisition, and divestiture activity. The Cyber Advisory Lead also plays a key role in managing and briefing flexible resources drawn from the GCS resourcing pool, ensuring they are deployed effectively and maintain the quality standards expected of the advisory function. This is a hands on role that demands breadth, consulting confidence, and the ability to calibrate advice to the needs and maturity of each divisional audience. Role Responsibilities / Accountabilities Technical Standards Advisory & Interpretation Act as the primary advisory point of contact for divisions and business units seeking guidance on the interpretation and application of Group cyber technical standards; provide clear, practical, and risk proportionate advice that helps divisions understand what compliance looks like in their specific environment. Translate Group technical standards into actionable divisional guidance; develop worked examples, implementation notes, and practical toolkits that make standards easier for divisional IT and security teams to adopt without losing the intent of the underlying requirement. Capture intelligence from advisory engagements - recurring questions, implementation blockers, divisional gaps - and feed it back to the Cyber Advisory Services Manager to inform improvements to standards, guidance materials, and the advisory service offering. Rule Base Assessment & Security Policy Review Plan and conduct firewall rule base reviews and security policy assessments for Group and divisional environments; identify technical debt, overly permissive rules, obsolete entries, and configuration drift, and produce clear, risk prioritised findings reports with actionable remediation guidance. Review and assess security policy change requests from divisions, evaluating proposed changes against Group standards and architectural principles and providing a clear recommendation with supporting rationale; act as a constructive challenge function rather than a bureaucratic gate. Support divisional teams in understanding and implementing remediation actions following rule base and policy reviews; track agreed actions to closure and provide follow up assurance that improvements have been embedded sustainably. Non Functional Security Requirements Engage with Group and divisional programme teams to define and validate non functional security requirements (NFRs); ensure that security properties - covering authentication, authorisation, encryption, logging, resilience, and data classification - are specified clearly and in a form that project and engineering teams can act on. Apply the Group NFR library to programme and project engagements, tailoring standard requirements to the specific technology context; identify where project proposals deviate from Group security expectations and work with project teams to find compliant or risk accepted alternatives. Contribute to the ongoing development and maintenance of the Group NFR library; identify gaps, outdated requirements, and emerging security considerations that should be reflected in standard NFR content. M&A, Project & Programme Advisory Support Provide cyber security advisory input to merger, acquisition, and divestiture activity, supporting the Cyber Advisory Services Manager in delivering the GCS M&A workstream; conduct cyber due diligence assessments, identify security risks associated with target entities, and develop recommendations for integration or separation. Support the delivery of cyber advisory input to Group and divisional strategic programmes - including technology transformations, cloud migrations, and ERP deployments - ensuring security considerations are raised and addressed at the right stage of each programme lifecycle. Produce high quality advisory outputs - reports, briefing notes, findings summaries, and recommendations - that reflect well on GCS and provide divisional stakeholders with clear, actionable intelligence. Flexible Resource Management & Divisional Engagement Support the Cyber Advisory Services Manager in managing the GCS flexible resourcing pool; brief and onboard flexible resources ahead of divisional deployments, maintain quality standards throughout engagements, and provide day to day direction to consultants and contractors working within the advisory function. Build and maintain trusted working relationships with divisional security leads, IT directors, and BISOs; position yourself as an accessible, credible, and practically minded partner who divisions want to engage with rather than a compliance overhead. Act as an active intelligence gatherer during divisional engagements; identify common challenges, recurring themes, and emerging risks across the estate, and feed structured insight back to the Cyber Advisory Services Manager and the wider GCS Leadership Team. Experience, Knowledge, Skills & Attributes Essential Experience 6+ years in cyber security, with a significant portion in advisory, consulting, or technical security roles requiring breadth across multiple domains. Demonstrable experience delivering cyber security advisory services to business units or divisions within a large organisation, or to enterprise clients as an external consultant. Hands on experience conducting firewall rule base reviews and security policy assessments, producing structured findings reports with risk prioritised recommendations. Experience defining or reviewing non functional security requirements for technology programmes, and the ability to translate security standards into specific, measurable project requirements. Experience providing cyber security input to M&A or other major business change programmes, including due diligence support and integration planning. Knowledge & Skills Broad technical knowledge spanning the core cyber security domains - network security, identity and access management, endpoint protection, cloud security, application security, and data protection - sufficient to advise credibly across all of them. Strong consulting and communication skills: able to listen carefully, form a well reasoned view, and articulate it clearly - whether in a written advisory report, a divisional workshop, or a one to one conversation with a BISO or IT director. Ability to translate Group technical standards into practical, context sensitive guidance that maintains the intent of the standard while acknowledging legitimate operational constraints of the division. Strong written output skills; able to produce high quality advisory reports and briefing materials that are accurate, clearly structured, and appropriate for a senior divisional or Group audience. Qualifications Degree level education in computer science, information security, or a related discipline; or equivalent professional experience. Professional certification in cyber security: CISSP, CISM, CompTIA Security+, or equivalent demonstrating technical breadth. Experience within a Big Four, specialist cyber consultancy, or in house advisory function of a large FTSE listed organisation . click apply for full job details
Cyber Security Delivery Manager £80-90k Portsmouth (Hybrid) SC Clearance Eligibility essential Are you a senior cyber security professional who can lead from the front - advising at board level one day and getting hands-on with a security architecture review the next? We're recruiting on behalf of a well-regarded cyber security consultancy based in Hampshire. They work with a range of clients on complex, meaningful security challenges - and they're looking for an experienced Cyber Manager to join the senior team. This isn't a purely strategic role. You'll lead engagements, grow client relationships, and help shape the direction of the business - but you'll also roll your sleeves up when the work demands it. Salary: £ Package: Gym, private medical insurance, company pension, work from home flex Working Structure: Hybrid remote in Portsmouth (2 days onsite) Security Clearance: Active or Eligible for SC clearance. The Role: As Cyber Security Delivery Manager, you'll take ownership of client engagements from start to finish, covering risk assessments, security architecture reviews, policy development, incident response planning, and governance work. You'll be the senior point of contact on engagements, ensuring quality and consistency across everything that goes out the door. What You'll Be Doing: Leading end-to-end cyber security engagements across advisory and hands-on delivery Managing multiple projects simultaneously, ensuring delivery quality and client satisfaction Building and maintaining strong relationships with clients, including at CISO and board level Leading proposals and bids, contributing to go-to-market strategy and service development Supporting and developing junior and mid-level consultants through active mentoring Putting sensible operational processes in place and keeping day-to-day delivery on track Contributing to hiring decisions as the team grows What You'll Need: Significant experience delivering cyber security projects in a consultancy or professional services environment Strong technical knowledge across core cyber domains - risk management, security architecture, governance, assurance, or incident response CISSP, CISM, or equivalent professional certification A proven track record of leading teams and managing senior client relationships The ability to communicate complex security topics clearly to both technical and non-technical stakeholders Eligibility to obtain or active SC (Security Clearance) Self-motivated, decisive, and comfortable operating with a high degree of autonomy Desired but not essential: Experience across multiple disciplines such as GRC, penetration testing, SOC, cloud security, or OT security Familiarity with frameworks including NIST, ISO 27001, CAF, or Cyber Essentials Experience working with government, defence, or critical national infrastructure clients Additional certifications such as CREST, OSCP, or NCSC Certified Professional If this sounds like the right next step, apply now or get in touch for a confidential conversation. Candidates must be eligible to work in the UK and able to obtain Security Clearance. Oscar Associates (UK) Limited is acting as an Employment Agency in relation to this vacancy. To understand more about what we do with your data please review our privacy policy in the privacy section of the Oscar website.
10/06/2026
Full time
Cyber Security Delivery Manager £80-90k Portsmouth (Hybrid) SC Clearance Eligibility essential Are you a senior cyber security professional who can lead from the front - advising at board level one day and getting hands-on with a security architecture review the next? We're recruiting on behalf of a well-regarded cyber security consultancy based in Hampshire. They work with a range of clients on complex, meaningful security challenges - and they're looking for an experienced Cyber Manager to join the senior team. This isn't a purely strategic role. You'll lead engagements, grow client relationships, and help shape the direction of the business - but you'll also roll your sleeves up when the work demands it. Salary: £ Package: Gym, private medical insurance, company pension, work from home flex Working Structure: Hybrid remote in Portsmouth (2 days onsite) Security Clearance: Active or Eligible for SC clearance. The Role: As Cyber Security Delivery Manager, you'll take ownership of client engagements from start to finish, covering risk assessments, security architecture reviews, policy development, incident response planning, and governance work. You'll be the senior point of contact on engagements, ensuring quality and consistency across everything that goes out the door. What You'll Be Doing: Leading end-to-end cyber security engagements across advisory and hands-on delivery Managing multiple projects simultaneously, ensuring delivery quality and client satisfaction Building and maintaining strong relationships with clients, including at CISO and board level Leading proposals and bids, contributing to go-to-market strategy and service development Supporting and developing junior and mid-level consultants through active mentoring Putting sensible operational processes in place and keeping day-to-day delivery on track Contributing to hiring decisions as the team grows What You'll Need: Significant experience delivering cyber security projects in a consultancy or professional services environment Strong technical knowledge across core cyber domains - risk management, security architecture, governance, assurance, or incident response CISSP, CISM, or equivalent professional certification A proven track record of leading teams and managing senior client relationships The ability to communicate complex security topics clearly to both technical and non-technical stakeholders Eligibility to obtain or active SC (Security Clearance) Self-motivated, decisive, and comfortable operating with a high degree of autonomy Desired but not essential: Experience across multiple disciplines such as GRC, penetration testing, SOC, cloud security, or OT security Familiarity with frameworks including NIST, ISO 27001, CAF, or Cyber Essentials Experience working with government, defence, or critical national infrastructure clients Additional certifications such as CREST, OSCP, or NCSC Certified Professional If this sounds like the right next step, apply now or get in touch for a confidential conversation. Candidates must be eligible to work in the UK and able to obtain Security Clearance. Oscar Associates (UK) Limited is acting as an Employment Agency in relation to this vacancy. To understand more about what we do with your data please review our privacy policy in the privacy section of the Oscar website.
WeAreTechWomen is looking for an Executive Consulting Senior Manager in Cyber Security. This hybrid role involves advising C-suite executives and board members on cyber threats and governance. Ideal candidates will possess over 10 years of experience in cyber security with strong leadership and communication skills. Responsibilities include developing advisory strategies and leading high-performing teams while ensuring compliance with regulatory standards. Willingness to travel across the UK and internationally is essential.
10/06/2026
Full time
WeAreTechWomen is looking for an Executive Consulting Senior Manager in Cyber Security. This hybrid role involves advising C-suite executives and board members on cyber threats and governance. Ideal candidates will possess over 10 years of experience in cyber security with strong leadership and communication skills. Responsibilities include developing advisory strategies and leading high-performing teams while ensuring compliance with regulatory standards. Willingness to travel across the UK and internationally is essential.
Job Description Executive Consulting Senior Manager - Cyber Security Location: Hybrid office/remote working - U.K. The Role Within our Cyber Security Strategy, Risk and Architecture practice, we are seeking a distinguished Executive Consulting Senior Manager to lead and shape our cyber security engagement at the highest organisational levels. This is a rare opportunity to operate at the intersection of cyber security expertise and executive leadership, providing board-level advisory services that directly influence the strategic direction of our clients. You will serve as a trusted adviser to C suite executives and non executive directors, translating complex cyber threats and risk landscapes into clear, actionable intelligence that informs strategic decision making at the very top of client organisations. You will be the authoritative voice in the room when cyber security matters are escalated to board level. Our Executive Consulting Senior Managers bring a depth of experience that spans industry sectors, regulatory environments, and global threat landscapes. They are equally at home presenting to a board of directors as they are constructing a cyber security strategy for a complex, multi national organisation. Key Responsibilities Executive & Board Advisory Lead the design and delivery of board level cyber security briefings, presenting complex threat intelligence and risk postures in a clear and compelling manner to non technical audiences. Serve as a senior point of engagement for CISOs, CIOs, CEOs, and non executive directors, building trusted long term advisory relationships at the top tier of client organisations. Provide strategic guidance to clients on cyber security governance, including the structuring and maturation of board level cyber oversight frameworks. Advise on the interpretation and implications of emerging cyber threats, regulatory developments, and geopolitical risks at an executive and board level. Support clients in developing executive level crisis response and incident communication strategies, including board notification protocols and regulatory disclosure frameworks. Senior Leadership & Practice Development Lead and develop a high performing team of cyber security consultants, providing mentorship, technical direction, and career development guidance. Take ownership of the growth and maturation of executive advisory service offerings, including the development of methodologies, frameworks, and thought leadership. Drive the strategic direction of the cyber advisory practice, working collaboratively with senior leadership to define and execute business objectives. Represent Accenture at senior industry forums, conferences, and working groups, positioning the business as a leading voice in executive cyber security advisory. Contribute to continual improvement in quality standards for client deliverables, ensuring outputs meet the expectations of the most senior client stakeholders. Business Development & Client Engagement Identify and develop new business opportunities at senior client levels, leading pursuit efforts for strategic engagements and framework positions. Contribute to the design and commercial structuring of executive advisory engagements, ensuring proposals articulate value at a strategic level. Maintain and grow a network of senior client relationships across key sectors including financial services, critical national infrastructure, central government, and technology. Collaborate with the wider business development function to align executive advisory capabilities with evolving client demand. Governance & Programme Oversight Oversee the delivery of complex, multi workstream cyber security advisory programmes, ensuring consistency, quality, and alignment with client strategic objectives. Ensure project and programme delivery meets defined quality gates, timescales, and budgetary constraints across a portfolio of executive level engagements. Maintain compliance with relevant professional, legal, and regulatory obligations relevant to executive advisory services. Qualification Person Specification (Essential) Significant and demonstrable experience (minimum 10 years) in senior cyber security roles, with a clear track record of operating at executive and board level. Proven experience providing cyber security advisory or consulting services to C suite executives and boards of directors, including the delivery of board briefings and executive risk reporting. Deep understanding of the cyber security risk landscape, including threat intelligence, regulatory compliance, incident response, and security governance frameworks. Exceptional communication and influencing skills, with the ability to convey complex technical risk in terms of business impact to non technical senior audiences. Demonstrated ability to build and maintain trusted relationships with senior client stakeholders, including CISO, CIO, CEO, and board level contacts. Strong commercial acumen with experience of contributing to business development at a senior level, including proposal development and client negotiations. Experience leading and developing high performing consulting or advisory teams. Relevant senior cyber security qualifications (e.g. CISSP, CISM, or equivalent) and membership of recognised industry bodies. Willingness to travel across the UK and internationally to support client engagements at short notice. Strong organisational and programme oversight skills, with experience managing multiple high value, concurrent engagements. Person Specification (Desirable) Experience working with or advising HMG departments, regulators, or national security bodies, including familiarity with NCSC guidance and frameworks. Prior experience as a CISO, Deputy CISO, or equivalent senior in house cyber security leadership role. Experience advising on cyber security matters within Critical National Infrastructure (CNI) sectors. Established presence in the cyber security industry including speaking engagements, publications, or active participation in professional working groups. Knowledge of international cyber regulatory frameworks (e.g. NIS2, DORA, SEC Cybersecurity Disclosure Rules). Full UK driving licence. Eligibility for UK government security clearance (SC or above). Locations London Equal Employment Opportunity Statement All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process. Accenture is committed to providing veteran employment opportunities to our service men and women.
10/06/2026
Full time
Job Description Executive Consulting Senior Manager - Cyber Security Location: Hybrid office/remote working - U.K. The Role Within our Cyber Security Strategy, Risk and Architecture practice, we are seeking a distinguished Executive Consulting Senior Manager to lead and shape our cyber security engagement at the highest organisational levels. This is a rare opportunity to operate at the intersection of cyber security expertise and executive leadership, providing board-level advisory services that directly influence the strategic direction of our clients. You will serve as a trusted adviser to C suite executives and non executive directors, translating complex cyber threats and risk landscapes into clear, actionable intelligence that informs strategic decision making at the very top of client organisations. You will be the authoritative voice in the room when cyber security matters are escalated to board level. Our Executive Consulting Senior Managers bring a depth of experience that spans industry sectors, regulatory environments, and global threat landscapes. They are equally at home presenting to a board of directors as they are constructing a cyber security strategy for a complex, multi national organisation. Key Responsibilities Executive & Board Advisory Lead the design and delivery of board level cyber security briefings, presenting complex threat intelligence and risk postures in a clear and compelling manner to non technical audiences. Serve as a senior point of engagement for CISOs, CIOs, CEOs, and non executive directors, building trusted long term advisory relationships at the top tier of client organisations. Provide strategic guidance to clients on cyber security governance, including the structuring and maturation of board level cyber oversight frameworks. Advise on the interpretation and implications of emerging cyber threats, regulatory developments, and geopolitical risks at an executive and board level. Support clients in developing executive level crisis response and incident communication strategies, including board notification protocols and regulatory disclosure frameworks. Senior Leadership & Practice Development Lead and develop a high performing team of cyber security consultants, providing mentorship, technical direction, and career development guidance. Take ownership of the growth and maturation of executive advisory service offerings, including the development of methodologies, frameworks, and thought leadership. Drive the strategic direction of the cyber advisory practice, working collaboratively with senior leadership to define and execute business objectives. Represent Accenture at senior industry forums, conferences, and working groups, positioning the business as a leading voice in executive cyber security advisory. Contribute to continual improvement in quality standards for client deliverables, ensuring outputs meet the expectations of the most senior client stakeholders. Business Development & Client Engagement Identify and develop new business opportunities at senior client levels, leading pursuit efforts for strategic engagements and framework positions. Contribute to the design and commercial structuring of executive advisory engagements, ensuring proposals articulate value at a strategic level. Maintain and grow a network of senior client relationships across key sectors including financial services, critical national infrastructure, central government, and technology. Collaborate with the wider business development function to align executive advisory capabilities with evolving client demand. Governance & Programme Oversight Oversee the delivery of complex, multi workstream cyber security advisory programmes, ensuring consistency, quality, and alignment with client strategic objectives. Ensure project and programme delivery meets defined quality gates, timescales, and budgetary constraints across a portfolio of executive level engagements. Maintain compliance with relevant professional, legal, and regulatory obligations relevant to executive advisory services. Qualification Person Specification (Essential) Significant and demonstrable experience (minimum 10 years) in senior cyber security roles, with a clear track record of operating at executive and board level. Proven experience providing cyber security advisory or consulting services to C suite executives and boards of directors, including the delivery of board briefings and executive risk reporting. Deep understanding of the cyber security risk landscape, including threat intelligence, regulatory compliance, incident response, and security governance frameworks. Exceptional communication and influencing skills, with the ability to convey complex technical risk in terms of business impact to non technical senior audiences. Demonstrated ability to build and maintain trusted relationships with senior client stakeholders, including CISO, CIO, CEO, and board level contacts. Strong commercial acumen with experience of contributing to business development at a senior level, including proposal development and client negotiations. Experience leading and developing high performing consulting or advisory teams. Relevant senior cyber security qualifications (e.g. CISSP, CISM, or equivalent) and membership of recognised industry bodies. Willingness to travel across the UK and internationally to support client engagements at short notice. Strong organisational and programme oversight skills, with experience managing multiple high value, concurrent engagements. Person Specification (Desirable) Experience working with or advising HMG departments, regulators, or national security bodies, including familiarity with NCSC guidance and frameworks. Prior experience as a CISO, Deputy CISO, or equivalent senior in house cyber security leadership role. Experience advising on cyber security matters within Critical National Infrastructure (CNI) sectors. Established presence in the cyber security industry including speaking engagements, publications, or active participation in professional working groups. Knowledge of international cyber regulatory frameworks (e.g. NIS2, DORA, SEC Cybersecurity Disclosure Rules). Full UK driving licence. Eligibility for UK government security clearance (SC or above). Locations London Equal Employment Opportunity Statement All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process. Accenture is committed to providing veteran employment opportunities to our service men and women.
Join OneAdvanced ITO Information Security Management delivers advisory and implementation services, helping organisations enhance their security maturity and resilience. We blend industry-leading frameworks with tailored strategies, risk assessments, and AI-driven automation to provide pragmatic, high-impact security solutions. What You Will Do Lead and mentor Consulting ISMs, fostering skill development and ensuring quality delivery across engagements. Develop customized security strategies and maturity roadmaps unique to each client organisation, aligning with frameworks such as NIST Cybersecurity Framework and ISO/IEC 27001. Ensure alignment with complex security frameworks and maturity assessment models, providing deep-dive expertise on topics such as Industrial Control Systems (ICS) security. Provide expert advice to IT Managers and IT Directors on information security strategy, risk management, and compliance with industry standards and legal requirements. Conduct advanced gap analyses, program assessments, and risk evaluations, recommending prioritized remediation plans. Shape project strategy and influence engagement outcomes by driving innovation in security practices, tools, and automation workflows. Guide clients through incident response planning and crisis management, offering expert support during exercises and real incidents. Collaborate with internal teams and client stakeholders to integrate security governance and compliance objectives into broader IT and business processes. Act as a visionary in organizational growth by contributing to process improvement, promoting best practices, and driving security culture. What You Will Have Proven experience in information security consulting, with demonstrated mentorship of junior consultants. ISACA certifications such as CRISC, CDPSE, CGEIT, or ISO/IEC 27001 Lead Auditor; and/or (ISC) CISSP with ISSAP or ISSMP concentration. Proven ability to develop and implement customized security strategies and maturity models for diverse industries. Deep domain knowledge of complex security frameworks, control systems security (ICS/SCADA), and maturity assessment methodologies. Strong skill in advising senior IT leaders (IT Manager, IT Director) on risk-based decision-making, strategy development, and governance. Experience driving technical direction, influencing project strategy, and delivering high-impact security solutions. Visionary leadership and collaboration skills, with a track record of fostering teamwork and contributing to organisational growth. Excellent communication, presentation, and stakeholder management abilities. Qualifications / Experience Bachelor's or Master's degree in Information Security, Computer Science, or related field, or equivalent professional experience. Advanced professional certifications as listed above. AI & Automation Responsibilities Drive the innovation and governance of AI prompt libraries and automated playbooks for consulting use cases such as risk assessments and policy automation. Lead proof-of-concepts and pilots for AI/ML security tools, guiding cross-functional integration and scaling successful solutions. Shape automation workflows that leverage AI insights for enhanced risk analysis, reporting, and continuous compliance monitoring. What We Do For You Wellbeing that means something 26 days' holiday + bank holidays (and the option to buy more) plus 1 paid volunteering day every year Exceptional family leave, 26 weeks fully paid maternity/adoption, 4 weeks fully paid paternity, 22 weeks fully paid shared parental leave, plus 5 days paid bereavement leave Robust sick pay of up to 13 weeks full pay + 13 weeks half pay 24/7 Employee Assistance Programme for confidential support Private medical insurance for everyone, no medical-history exclusions Financial benefits that have your back Performance-based rewards tailored to your role, from company-wide bonuses to OTE and commission structures Income protection: up to 75% salary for 5 years if you ever need it Grow your career with us SkillsHub learning platform with leadership pathways, future-manager training, and a huge online library Access to external training and apprenticeships Making a Difference MatchIt! Fundraise for a cause close to your heart and OneAdvanced will match part of the funding Pennies from Heaven donate the pennies from your pay check to help make a difference without lifting a finger Plus plenty other flexible benefits to suit your lifestyle on our RewardHub, including: ULEV car scheme with 1,000+ models Dental insurance, Health Cash Plan, Critical Illness Cover, Partner Life Cover Who We Are At OneAdvanced, we are at the forefront of delivering sector-focused technology solutions that simplify complexity, drive meaningful progress, and help build a fairer, more inclusive society. We're much more than a software company. We deliver SaaS workflow applications and IT services that power organisations across Education, Government, Healthcare, Legal, Manufacturing, Housing, Retail, and more. OneAdvanced is one of the UK's largest business software and services companies. Based in Birmingham (The Mailbox), operating across the UK, Ireland, India, and Australia. Our secure, scalable platform, including OneAdvanced AI, our private AI service for UK organisations, powers connectivity and innovation across critical sectors. Alongside our software are our IT services, including hosting, managed services, and application modernisation. We strive to create an inclusive workplace that drives innovation and collaboration, championing diverse perspectives, and ideas. Our Environmental, Social and Governance (ESG) strategy is embedded in everything we do, guiding us to create meaningful impact for our people, our customers and the planet. Join us and become part of a team that's powering the world of work and making a real difference. Learn more at
10/06/2026
Full time
Join OneAdvanced ITO Information Security Management delivers advisory and implementation services, helping organisations enhance their security maturity and resilience. We blend industry-leading frameworks with tailored strategies, risk assessments, and AI-driven automation to provide pragmatic, high-impact security solutions. What You Will Do Lead and mentor Consulting ISMs, fostering skill development and ensuring quality delivery across engagements. Develop customized security strategies and maturity roadmaps unique to each client organisation, aligning with frameworks such as NIST Cybersecurity Framework and ISO/IEC 27001. Ensure alignment with complex security frameworks and maturity assessment models, providing deep-dive expertise on topics such as Industrial Control Systems (ICS) security. Provide expert advice to IT Managers and IT Directors on information security strategy, risk management, and compliance with industry standards and legal requirements. Conduct advanced gap analyses, program assessments, and risk evaluations, recommending prioritized remediation plans. Shape project strategy and influence engagement outcomes by driving innovation in security practices, tools, and automation workflows. Guide clients through incident response planning and crisis management, offering expert support during exercises and real incidents. Collaborate with internal teams and client stakeholders to integrate security governance and compliance objectives into broader IT and business processes. Act as a visionary in organizational growth by contributing to process improvement, promoting best practices, and driving security culture. What You Will Have Proven experience in information security consulting, with demonstrated mentorship of junior consultants. ISACA certifications such as CRISC, CDPSE, CGEIT, or ISO/IEC 27001 Lead Auditor; and/or (ISC) CISSP with ISSAP or ISSMP concentration. Proven ability to develop and implement customized security strategies and maturity models for diverse industries. Deep domain knowledge of complex security frameworks, control systems security (ICS/SCADA), and maturity assessment methodologies. Strong skill in advising senior IT leaders (IT Manager, IT Director) on risk-based decision-making, strategy development, and governance. Experience driving technical direction, influencing project strategy, and delivering high-impact security solutions. Visionary leadership and collaboration skills, with a track record of fostering teamwork and contributing to organisational growth. Excellent communication, presentation, and stakeholder management abilities. Qualifications / Experience Bachelor's or Master's degree in Information Security, Computer Science, or related field, or equivalent professional experience. Advanced professional certifications as listed above. AI & Automation Responsibilities Drive the innovation and governance of AI prompt libraries and automated playbooks for consulting use cases such as risk assessments and policy automation. Lead proof-of-concepts and pilots for AI/ML security tools, guiding cross-functional integration and scaling successful solutions. Shape automation workflows that leverage AI insights for enhanced risk analysis, reporting, and continuous compliance monitoring. What We Do For You Wellbeing that means something 26 days' holiday + bank holidays (and the option to buy more) plus 1 paid volunteering day every year Exceptional family leave, 26 weeks fully paid maternity/adoption, 4 weeks fully paid paternity, 22 weeks fully paid shared parental leave, plus 5 days paid bereavement leave Robust sick pay of up to 13 weeks full pay + 13 weeks half pay 24/7 Employee Assistance Programme for confidential support Private medical insurance for everyone, no medical-history exclusions Financial benefits that have your back Performance-based rewards tailored to your role, from company-wide bonuses to OTE and commission structures Income protection: up to 75% salary for 5 years if you ever need it Grow your career with us SkillsHub learning platform with leadership pathways, future-manager training, and a huge online library Access to external training and apprenticeships Making a Difference MatchIt! Fundraise for a cause close to your heart and OneAdvanced will match part of the funding Pennies from Heaven donate the pennies from your pay check to help make a difference without lifting a finger Plus plenty other flexible benefits to suit your lifestyle on our RewardHub, including: ULEV car scheme with 1,000+ models Dental insurance, Health Cash Plan, Critical Illness Cover, Partner Life Cover Who We Are At OneAdvanced, we are at the forefront of delivering sector-focused technology solutions that simplify complexity, drive meaningful progress, and help build a fairer, more inclusive society. We're much more than a software company. We deliver SaaS workflow applications and IT services that power organisations across Education, Government, Healthcare, Legal, Manufacturing, Housing, Retail, and more. OneAdvanced is one of the UK's largest business software and services companies. Based in Birmingham (The Mailbox), operating across the UK, Ireland, India, and Australia. Our secure, scalable platform, including OneAdvanced AI, our private AI service for UK organisations, powers connectivity and innovation across critical sectors. Alongside our software are our IT services, including hosting, managed services, and application modernisation. We strive to create an inclusive workplace that drives innovation and collaboration, championing diverse perspectives, and ideas. Our Environmental, Social and Governance (ESG) strategy is embedded in everything we do, guiding us to create meaningful impact for our people, our customers and the planet. Join us and become part of a team that's powering the world of work and making a real difference. Learn more at
Senior Cyber Security Analyst (OWASP / SAST /DAST - Banking Client Application Security Secure Design Threat Modelling DevSecOps) Locations: London, Paris, Brussels, Amsterdam Rate: Flexible Duration: 12 months Job Overview We are looking for a Cyber Security Analyst specialising in Application Security and Secure Architecture to join a high-performing security team responsible for protecting large-scale enterprise platforms. This role focuses on embedding security into application design and development, performing security risk assessments, and ensuring that modern applications and platforms are built following secure-by-design principles. You will work closely with software engineers, architects, DevOps teams and security engineers to ensure security is integrated throughout the technology lifecycle. Key Responsibilities Application Security & Secure SDLC - Perform application security assessments across modern enterprise platforms, review application architecture and ensure alignment with secure-by-design principles, embed security into the software development lifecycle (SDLC), support development teams in implementing secure coding practices aligned with OWASP guidelines. Security Testing & DevSecOps - Define and review security testing activities including SAST, DAST and software composition analysis (SCA), work with engineering teams to integrate security scanning into CI/CD pipelines, analyse vulnerability scan results and support remediation of application security issues. Threat Modelling & Security Risk Assessments - Conduct threat modelling exercises using frameworks such as STRIDE or MITRE ATT&CK, identify potential security threats, vulnerabilities and attack scenarios within applications and supporting infrastructure, perform structured security risk assessments and provide remediation recommendations. Security Architecture & Secure Design - Review application and platform architectures to ensure appropriate security controls are implemented, translate high-level security policies into technical security requirements for development teams, work with architects to ensure applications are built following secure architecture patterns. Security Advisory - Provide security expertise to engineering teams, project managers and technology leaders, support security decision-making during application design and implementation, contribute to security best practices, standards and guidelines. Key Technical Skills Strong experience in application security and secure software development including Secure Software Development Lifecycle (SSDLC) OWASP Top 10 and secure coding practices Application security testing (SAST / DAST / SCA) Threat modelling methodologies (STRIDE, MITRE ATT&CK) Vulnerability management and remediation Secure architecture and design reviews DevSecOps and CI/CD security integration API security and modern application architectures Experience with Tools SAST / DAST platforms Code scanning tools CI/CD pipelines (GitHub, GitLab, Jenkins etc.) Container security platforms Cloud security tooling Technology Environment Cloud platforms (AWS, Azure or GCP) Containerised platforms (Docker / Kubernetes) Microservices architectures REST APIs and modern application frameworks Identity and access management solutions Ideal Candidate Background 7-12+ years experience in cyber security, strong focus on application security, experience working closely with software engineering teams, experience performing security architecture reviews, experience in DevSecOps environments, strong communication skills and ability to explain security risks clearly. Certifications (Optional) Relevant certifications may include: CISSP, OSCP, CSSLP, GIAC, Security+ or similar. What Makes This Role Interesting You will work in a highly technical security environment, collaborating directly with engineers and architects to secure modern platforms at scale. This role offers the opportunity to influence secure architecture, application security practices and DevSecOps adoption across complex enterprise systems.
10/06/2026
Full time
Senior Cyber Security Analyst (OWASP / SAST /DAST - Banking Client Application Security Secure Design Threat Modelling DevSecOps) Locations: London, Paris, Brussels, Amsterdam Rate: Flexible Duration: 12 months Job Overview We are looking for a Cyber Security Analyst specialising in Application Security and Secure Architecture to join a high-performing security team responsible for protecting large-scale enterprise platforms. This role focuses on embedding security into application design and development, performing security risk assessments, and ensuring that modern applications and platforms are built following secure-by-design principles. You will work closely with software engineers, architects, DevOps teams and security engineers to ensure security is integrated throughout the technology lifecycle. Key Responsibilities Application Security & Secure SDLC - Perform application security assessments across modern enterprise platforms, review application architecture and ensure alignment with secure-by-design principles, embed security into the software development lifecycle (SDLC), support development teams in implementing secure coding practices aligned with OWASP guidelines. Security Testing & DevSecOps - Define and review security testing activities including SAST, DAST and software composition analysis (SCA), work with engineering teams to integrate security scanning into CI/CD pipelines, analyse vulnerability scan results and support remediation of application security issues. Threat Modelling & Security Risk Assessments - Conduct threat modelling exercises using frameworks such as STRIDE or MITRE ATT&CK, identify potential security threats, vulnerabilities and attack scenarios within applications and supporting infrastructure, perform structured security risk assessments and provide remediation recommendations. Security Architecture & Secure Design - Review application and platform architectures to ensure appropriate security controls are implemented, translate high-level security policies into technical security requirements for development teams, work with architects to ensure applications are built following secure architecture patterns. Security Advisory - Provide security expertise to engineering teams, project managers and technology leaders, support security decision-making during application design and implementation, contribute to security best practices, standards and guidelines. Key Technical Skills Strong experience in application security and secure software development including Secure Software Development Lifecycle (SSDLC) OWASP Top 10 and secure coding practices Application security testing (SAST / DAST / SCA) Threat modelling methodologies (STRIDE, MITRE ATT&CK) Vulnerability management and remediation Secure architecture and design reviews DevSecOps and CI/CD security integration API security and modern application architectures Experience with Tools SAST / DAST platforms Code scanning tools CI/CD pipelines (GitHub, GitLab, Jenkins etc.) Container security platforms Cloud security tooling Technology Environment Cloud platforms (AWS, Azure or GCP) Containerised platforms (Docker / Kubernetes) Microservices architectures REST APIs and modern application frameworks Identity and access management solutions Ideal Candidate Background 7-12+ years experience in cyber security, strong focus on application security, experience working closely with software engineering teams, experience performing security architecture reviews, experience in DevSecOps environments, strong communication skills and ability to explain security risks clearly. Certifications (Optional) Relevant certifications may include: CISSP, OSCP, CSSLP, GIAC, Security+ or similar. What Makes This Role Interesting You will work in a highly technical security environment, collaborating directly with engineers and architects to secure modern platforms at scale. This role offers the opportunity to influence secure architecture, application security practices and DevSecOps adoption across complex enterprise systems.
Cyber Advisory Services Manager Location: London or Peterborough with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Working Pattern: 37.5 hours per week, Monday - Friday. Salary: £84,000 - £100,000 Benefits: Car allowance, Bupa, Matched pension contributions. Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. The Group operates a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on. Role Summary Reporting to the Deputy Group CISO, the Cyber Advisory Services Manager leads the GCS consulting and advisory capability - the function that turns Group cyber standards and expertise into practical, tailored support for all the divisions. This is a role for a confident, credible cyber security generalist with strong consulting instincts: someone who is equally comfortable advising a divisional CIO on strategic security posture, reviewing a firewall ruleset for technical debt, or scoping the cyber workstream of a merger integration programme. The role provides a broad portfolio of advisory services to the Group and its divisions, including technical standards advice and interpretation; security configuration, rule base assessment and policy change support; input to non functional security requirements for Group and divisional programmes; cyber security input to mergers, acquisitions, and divestiture activity; and the deployment of specialist consulting resource into divisions that need temporary uplift in cyber capability. The Cyber Advisory Services Manager acts as an important feedback loop into GCS: gathering intelligence from divisional engagements that informs the evolution of Group standards, identifies emerging needs, and ensures that GCS remains relevant and responsive to the businesses it serves. The role works in close partnership with the Cyber Architecture Manager, the Head of Cyber Assurance, and the Security Platform Engineering Manager to ensure that advisory activity is consistent with and supportive of the broader GCS strategy. Technical Standards Advisory & Interpretation Provide authoritative advice to divisions, business units, and Group functions on the interpretation and practical application of the Group cyber technical standards and security policies; acting as the primary advisory interface between GCS and the divisions on matters of standards compliance, technology and implementation. Help divisions translate Group cyber standards into their specific operational context - providing pragmatic, risk proportionate guidance on what good looks like in their environment, and a credible path from current state to compliant state. Feed intelligence from divisional advisory engagements back into the standards development process; identify where standards are unclear, impractical, or creating unintended barriers, and work with the Cyber Architecture Manager and Head of Cyber Assurance to drive improvements. Rule Base Assessment & Security Policy Change Lead and deliver security configuration and rule base reviews and security policy assessments for Group and divisional environments; identify technical debt, overly permissive rules, obsolete entries, and configuration drift, and provide clear, prioritised remediation recommendations. Provide technical review and advisory support for security policy change requests from divisions, assessing proposed changes against Group standards and architectural principles, and providing a clear recommendation with appropriate justification. Develop and maintain a structured approach to rule base and policy review across the Group, including tooling, methodology, scheduling, and output standards, ensuring consistent and repeatable assessment quality across different divisional environments. Non Functional Security Requirements Provide security input to non functional requirements (NFRs) for Group and divisional programmes and projects; define the security properties that technology solutions must meet - covering areas such as authentication, authorisation, encryption, logging, resilience, and data classification - in a form that is actionable by project and engineering teams. Maintain and evolve a Group standard NFR library derived from the Group cyber technical standards, enabling consistent security requirements to be applied across the programme portfolio without reinventing them for each project; work with the Cyber Architecture Manager to ensure NFRs remain aligned to the enterprise architecture. Engage with divisional and Group programme teams at the point where security NFRs are being defined, ensuring security is embedded by design rather than added retrospectively; provide advisory support through the project lifecycle where security design decisions need to be revisited or refined. Mergers, Acquisitions & Strategic Project Support Lead the GCS advisory contribution to mergers, acquisitions, and divestiture activity; scope and deliver the cyber workstream in M&A programmes, covering pre deal due diligence support, integration planning, and the transition of acquired entities onto the Group cyber standard. Provide cyber advisory resource and expertise to other significant Group and divisional strategic programmes - including major technology transformations, ERP deployments, cloud migrations, and site openings or closures - ensuring security considerations are addressed at the right point in the programme lifecycle. Maintain a forward view of the M&A and strategic programme pipeline in collaboration with Group corporate development and divisional leadership, enabling advisory resource to be planned and mobilised proactively rather than reactively. Divisional Resource Augmentation & Flexible Resourcing Pool Manage the GCS flexible resourcing pool as an advisory and consulting resource, deploying cyber consultants and specialist advisors into divisions that require temporary uplift in security capability - whether to support a programme, fill a capability gap, or accelerate compliance with Group standards. Work with divisional BISOs, CIOs, and IT security leads to understand their advisory and resource needs; define the scope and objectives of each deployment clearly, brief and onboard resources appropriately, and ensure that the output of each engagement meets the division's needs and GCS quality standards. Manage the demand pipeline for advisory and flexible resource deployments; prioritise requests in line with Group risk priorities, balance supply against demand, and ensure that resourcing decisions are transparent and agreed with the Deputy CISO and relevant divisional stakeholders. Ensure that flexible resources deployed into divisions are competent, well briefed on standards and culture, and set up to add genuine value from day one; maintain quality standards across the pool and build a pipeline of trusted specialists who understand the environment. Divisional Engagement & GCS Intelligence Loop Build and sustain trusted relationships with divisional BISOs, security leads, CIOs, and IT directors across all 11 divisions; position the Cyber Advisory Services function as a valued, accessible, and practical source of cyber expertise - not a bureaucratic overhead. Use divisional advisory engagements as an active intelligence gathering mechanism; identify common themes, recurring challenges, emerging risks, and capability gaps across the estate, and bring these insights back to the GCS Leadership Team to inform strategy, standards development, and investment priorities. Champion the GCS advisory model as a two way relationship; ensure divisions feel heard and that their feedback genuinely influences how GCS operates, while maintaining the Group standards and non negotiables that the advisory function exists to support. Team Leadership, Quality & Continuous Improvement Lead and develop the permanent Cyber Advisory Services team; set clear standards of advisory quality, professional conduct, and output, and foster a culture where consultants take personal pride in the value they add to the divisions they support. Develop and maintain a service catalogue for the Cyber Advisory Services function that clearly articulates what the function offers, how to engage it, what divisions can expect, and how outcomes will be measured; make the function easy to access and straightforward to work with. Work in close partnership with the Cyber Architecture Manager, Head of Cyber Assurance, and Security Platform Engineering Manager to ensure advisory activity is consistent with the GCS strategy, avoids duplication of effort, and is integrated into the broader GCS operating model. Experience, Knowledge, Skills & Attributes - Essential Experience 10+ years in cyber security, with a significant portion in advisory, consulting, or technical leadership roles requiring breadth across multiple security domains click apply for full job details
09/06/2026
Full time
Cyber Advisory Services Manager Location: London or Peterborough with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Working Pattern: 37.5 hours per week, Monday - Friday. Salary: £84,000 - £100,000 Benefits: Car allowance, Bupa, Matched pension contributions. Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. The Group operates a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on. Role Summary Reporting to the Deputy Group CISO, the Cyber Advisory Services Manager leads the GCS consulting and advisory capability - the function that turns Group cyber standards and expertise into practical, tailored support for all the divisions. This is a role for a confident, credible cyber security generalist with strong consulting instincts: someone who is equally comfortable advising a divisional CIO on strategic security posture, reviewing a firewall ruleset for technical debt, or scoping the cyber workstream of a merger integration programme. The role provides a broad portfolio of advisory services to the Group and its divisions, including technical standards advice and interpretation; security configuration, rule base assessment and policy change support; input to non functional security requirements for Group and divisional programmes; cyber security input to mergers, acquisitions, and divestiture activity; and the deployment of specialist consulting resource into divisions that need temporary uplift in cyber capability. The Cyber Advisory Services Manager acts as an important feedback loop into GCS: gathering intelligence from divisional engagements that informs the evolution of Group standards, identifies emerging needs, and ensures that GCS remains relevant and responsive to the businesses it serves. The role works in close partnership with the Cyber Architecture Manager, the Head of Cyber Assurance, and the Security Platform Engineering Manager to ensure that advisory activity is consistent with and supportive of the broader GCS strategy. Technical Standards Advisory & Interpretation Provide authoritative advice to divisions, business units, and Group functions on the interpretation and practical application of the Group cyber technical standards and security policies; acting as the primary advisory interface between GCS and the divisions on matters of standards compliance, technology and implementation. Help divisions translate Group cyber standards into their specific operational context - providing pragmatic, risk proportionate guidance on what good looks like in their environment, and a credible path from current state to compliant state. Feed intelligence from divisional advisory engagements back into the standards development process; identify where standards are unclear, impractical, or creating unintended barriers, and work with the Cyber Architecture Manager and Head of Cyber Assurance to drive improvements. Rule Base Assessment & Security Policy Change Lead and deliver security configuration and rule base reviews and security policy assessments for Group and divisional environments; identify technical debt, overly permissive rules, obsolete entries, and configuration drift, and provide clear, prioritised remediation recommendations. Provide technical review and advisory support for security policy change requests from divisions, assessing proposed changes against Group standards and architectural principles, and providing a clear recommendation with appropriate justification. Develop and maintain a structured approach to rule base and policy review across the Group, including tooling, methodology, scheduling, and output standards, ensuring consistent and repeatable assessment quality across different divisional environments. Non Functional Security Requirements Provide security input to non functional requirements (NFRs) for Group and divisional programmes and projects; define the security properties that technology solutions must meet - covering areas such as authentication, authorisation, encryption, logging, resilience, and data classification - in a form that is actionable by project and engineering teams. Maintain and evolve a Group standard NFR library derived from the Group cyber technical standards, enabling consistent security requirements to be applied across the programme portfolio without reinventing them for each project; work with the Cyber Architecture Manager to ensure NFRs remain aligned to the enterprise architecture. Engage with divisional and Group programme teams at the point where security NFRs are being defined, ensuring security is embedded by design rather than added retrospectively; provide advisory support through the project lifecycle where security design decisions need to be revisited or refined. Mergers, Acquisitions & Strategic Project Support Lead the GCS advisory contribution to mergers, acquisitions, and divestiture activity; scope and deliver the cyber workstream in M&A programmes, covering pre deal due diligence support, integration planning, and the transition of acquired entities onto the Group cyber standard. Provide cyber advisory resource and expertise to other significant Group and divisional strategic programmes - including major technology transformations, ERP deployments, cloud migrations, and site openings or closures - ensuring security considerations are addressed at the right point in the programme lifecycle. Maintain a forward view of the M&A and strategic programme pipeline in collaboration with Group corporate development and divisional leadership, enabling advisory resource to be planned and mobilised proactively rather than reactively. Divisional Resource Augmentation & Flexible Resourcing Pool Manage the GCS flexible resourcing pool as an advisory and consulting resource, deploying cyber consultants and specialist advisors into divisions that require temporary uplift in security capability - whether to support a programme, fill a capability gap, or accelerate compliance with Group standards. Work with divisional BISOs, CIOs, and IT security leads to understand their advisory and resource needs; define the scope and objectives of each deployment clearly, brief and onboard resources appropriately, and ensure that the output of each engagement meets the division's needs and GCS quality standards. Manage the demand pipeline for advisory and flexible resource deployments; prioritise requests in line with Group risk priorities, balance supply against demand, and ensure that resourcing decisions are transparent and agreed with the Deputy CISO and relevant divisional stakeholders. Ensure that flexible resources deployed into divisions are competent, well briefed on standards and culture, and set up to add genuine value from day one; maintain quality standards across the pool and build a pipeline of trusted specialists who understand the environment. Divisional Engagement & GCS Intelligence Loop Build and sustain trusted relationships with divisional BISOs, security leads, CIOs, and IT directors across all 11 divisions; position the Cyber Advisory Services function as a valued, accessible, and practical source of cyber expertise - not a bureaucratic overhead. Use divisional advisory engagements as an active intelligence gathering mechanism; identify common themes, recurring challenges, emerging risks, and capability gaps across the estate, and bring these insights back to the GCS Leadership Team to inform strategy, standards development, and investment priorities. Champion the GCS advisory model as a two way relationship; ensure divisions feel heard and that their feedback genuinely influences how GCS operates, while maintaining the Group standards and non negotiables that the advisory function exists to support. Team Leadership, Quality & Continuous Improvement Lead and develop the permanent Cyber Advisory Services team; set clear standards of advisory quality, professional conduct, and output, and foster a culture where consultants take personal pride in the value they add to the divisions they support. Develop and maintain a service catalogue for the Cyber Advisory Services function that clearly articulates what the function offers, how to engage it, what divisions can expect, and how outcomes will be measured; make the function easy to access and straightforward to work with. Work in close partnership with the Cyber Architecture Manager, Head of Cyber Assurance, and Security Platform Engineering Manager to ensure advisory activity is consistent with the GCS strategy, avoids duplication of effort, and is integrated into the broader GCS operating model. Experience, Knowledge, Skills & Attributes - Essential Experience 10+ years in cyber security, with a significant portion in advisory, consulting, or technical leadership roles requiring breadth across multiple security domains click apply for full job details
Overview Title: Cyber Platform Engineer Reference No: 2160 Company: FTSE 100 Reports to: Security Platform Engineering Manager Location: London Working Pattern: 37.5 hours per week, Monday - Friday. Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Salary: £59,000 - £72,000 Benefits: Bupa, Matched pension contributions. The Role Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. This is a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi-year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on. The Security Platform Engineering function is central to that portfolio - responsible for ensuring that the security tools the Group invests in are deeply understood, expertly configured, continuously improved, and consistently delivering their intended security and business value. Role Summary Reporting to the Security Platform Engineering Manager, the Cyber Platform Engineer is a hands-on technical specialist responsible for the day-to-day engineering, configuration, and operational health of one or more security platforms within the GCS portfolio. The role sits at the technical heart of the platform engineering function - doing the detailed, expert work that keeps the security tools performing at their best, configured to the right standards, and evolving in line with the Group's needs and the vendor's roadmap. The platforms in scope include Microsoft Defender (across the M365 Defender suite), Zscaler, Qualys, Abnormal Security, and Axonius. The Cyber Platform Engineer will typically own deep expertise in one or two of these platforms and maintain solid working knowledge across the others. The role shares the mindset that defines the whole function: genuine curiosity about the tools under its care, a desire to understand and exploit their full capability, and an instinct to identify where existing platform features can be applied creatively to address new problems rather than defaulting to new tooling. The Cyber Platform Engineer works closely with the SOC and security operations teams to ensure platforms are tuned for effective detection and response, and provides technical support and configuration guidance to divisional IT and security teams who are deploying or operating centrally managed platforms in their environments. Role Responsibilities / Accountabilities Platform Engineering & Technical Configuration Own the technical configuration and day-to-day engineering of assigned platforms within the GCS portfolio; maintain configurations to the approved baseline, apply updates and changes through the change management process, and ensure platform health is actively monitored and maintained. Develop and maintain detailed configuration documentation, runbooks, and change records for assigned platforms; ensure that configuration state is consistently documented, version-controlled, and auditable by the Security Platform Engineering Manager or by assurance functions. Utilising the Run team - Identify and implement improvements to platform configurations that improve security outcomes, reduce operational noise, or unlock additional capability; bring well-evidenced proposals to the Security Platform Engineering Manager for review before implementation. Maintain deep, current technical knowledge of assigned platforms; stay ahead of vendor releases, patch notes, and roadmap updates, and flag relevant developments to the Security Platform Engineering Manager with a view on their implications. Policy Configuration & Standards Alignment Translate Group cyber technical standards into platform-level policy configurations; ensure that policy settings in assigned platforms enforce the correct security controls, are consistently applied across all in-scope environments, and align with the Group cyber enterprise architecture. Identify and report divergence between the approved configuration baseline and the as-built state of assigned platforms; investigate root causes, assess risk, and work with the Security Platform Engineering Manager to agree and implement remediation. Provide technical configuration guidance to divisional IT and security teams deploying or operating centrally managed platforms in their environments; act as the technical point of contact for platform-specific queries, ensuring divisional implementations meet Group standards. SOC Support & Operational Tuning Work closely with the SOC and security operations teams to tune platform configurations for effective detection and response; adjust detection rules, alert thresholds, and data feeds in response to operational feedback, ensuring SOC analysts receive high-fidelity, actionable alerts. Act as the technical escalation point for platform-related operational issues raised by the SOC; diagnose platform problems, engage vendor support where required, and drive issues to resolution with minimal impact on SOC operational effectiveness. Develop and maintain platform integration configurations that connect assigned platforms to the SIEM, SOAR, and other operational tooling; ensure data feeds are reliable, well-formed, and provide the SOC with the visibility needed to detect and respond to threats effectively. Platform Capability Development & Innovation Actively explore the full capability of assigned platforms; identify licensable features, beta capabilities, and underused functionality that could improve the security posture, and bring well-structured proposals to the Security Platform Engineering Manager for consideration. Design and implement automation and integration workflows that improve the efficiency and effectiveness of platform operations; develop scripts, API integrations, and orchestration logic that reduce manual effort and enable platform capabilities to be delivered at scale. Support the delivery of platform deployments, upgrades, and new capability rollouts as part of the GCS transformation programme; plan and execute engineering work with precision, minimising disruption to the business and to SOC operations throughout. Vendor Engagement & Licence Management Maintain productive working relationships with vendor technical teams for assigned platforms; engage effectively with vendor support for issue resolution, participate in technical briefings and product roadmap sessions, and escalate product deficiencies through appropriate channels. Maintain accurate records of licence entitlements, feature adoption, and consumption for assigned platforms; flag any discrepancies, unused entitlements, or upcoming renewal milestones to the Security Platform Engineering Manager in a timely manner. Experience, Knowledge, Skills & Attributes Essential Experience 4+ years in a cyber security engineering or security operations technology role, with hands-on technical experience configuring and managing enterprise security platforms. Demonstrable, deep technical expertise in at least one platform from the portfolio - Microsoft Defender / M365 Defender suite, Zscaler, Qualys, Abnormal Security, or Axonius - including hands-on configuration, policy management, and operational tuning at enterprise scale. Experience working closely with a SOC or security operations team, with an understanding of how platform configuration decisions affect detection quality, alert fidelity, and analyst workflow. Experience maintaining configuration documentation and operating within a structured change management process for security platforms. Experience engaging with vendor technical support teams, logging and escalating issues effectively, and driving platform problems to resolution. Knowledge & Skills Genuine technical curiosity: the instinct to explore platforms beyond surface-level familiarity, understand their full capability depth, and think creatively about how features can be applied to solve real security problems. Strong working knowledge of the Microsoft security stack, including Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365, and M365 security policy configuration. Understanding of security platform integration patterns, including API connectivity, SIEM/SOAR data feeds, and log forwarding; practical experience implementing or maintaining at least one such integration. Ability to produce clear technical documentation - configuration records, runbooks, change requests - to a consistent and auditable standard. Qualifications Degree-level education in computer science, information security, or a related technical discipline; or equivalent professional experience. Vendor certification in at least one of the platforms in scope (e.g . click apply for full job details
09/06/2026
Full time
Overview Title: Cyber Platform Engineer Reference No: 2160 Company: FTSE 100 Reports to: Security Platform Engineering Manager Location: London Working Pattern: 37.5 hours per week, Monday - Friday. Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Salary: £59,000 - £72,000 Benefits: Bupa, Matched pension contributions. The Role Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. This is a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi-year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on. The Security Platform Engineering function is central to that portfolio - responsible for ensuring that the security tools the Group invests in are deeply understood, expertly configured, continuously improved, and consistently delivering their intended security and business value. Role Summary Reporting to the Security Platform Engineering Manager, the Cyber Platform Engineer is a hands-on technical specialist responsible for the day-to-day engineering, configuration, and operational health of one or more security platforms within the GCS portfolio. The role sits at the technical heart of the platform engineering function - doing the detailed, expert work that keeps the security tools performing at their best, configured to the right standards, and evolving in line with the Group's needs and the vendor's roadmap. The platforms in scope include Microsoft Defender (across the M365 Defender suite), Zscaler, Qualys, Abnormal Security, and Axonius. The Cyber Platform Engineer will typically own deep expertise in one or two of these platforms and maintain solid working knowledge across the others. The role shares the mindset that defines the whole function: genuine curiosity about the tools under its care, a desire to understand and exploit their full capability, and an instinct to identify where existing platform features can be applied creatively to address new problems rather than defaulting to new tooling. The Cyber Platform Engineer works closely with the SOC and security operations teams to ensure platforms are tuned for effective detection and response, and provides technical support and configuration guidance to divisional IT and security teams who are deploying or operating centrally managed platforms in their environments. Role Responsibilities / Accountabilities Platform Engineering & Technical Configuration Own the technical configuration and day-to-day engineering of assigned platforms within the GCS portfolio; maintain configurations to the approved baseline, apply updates and changes through the change management process, and ensure platform health is actively monitored and maintained. Develop and maintain detailed configuration documentation, runbooks, and change records for assigned platforms; ensure that configuration state is consistently documented, version-controlled, and auditable by the Security Platform Engineering Manager or by assurance functions. Utilising the Run team - Identify and implement improvements to platform configurations that improve security outcomes, reduce operational noise, or unlock additional capability; bring well-evidenced proposals to the Security Platform Engineering Manager for review before implementation. Maintain deep, current technical knowledge of assigned platforms; stay ahead of vendor releases, patch notes, and roadmap updates, and flag relevant developments to the Security Platform Engineering Manager with a view on their implications. Policy Configuration & Standards Alignment Translate Group cyber technical standards into platform-level policy configurations; ensure that policy settings in assigned platforms enforce the correct security controls, are consistently applied across all in-scope environments, and align with the Group cyber enterprise architecture. Identify and report divergence between the approved configuration baseline and the as-built state of assigned platforms; investigate root causes, assess risk, and work with the Security Platform Engineering Manager to agree and implement remediation. Provide technical configuration guidance to divisional IT and security teams deploying or operating centrally managed platforms in their environments; act as the technical point of contact for platform-specific queries, ensuring divisional implementations meet Group standards. SOC Support & Operational Tuning Work closely with the SOC and security operations teams to tune platform configurations for effective detection and response; adjust detection rules, alert thresholds, and data feeds in response to operational feedback, ensuring SOC analysts receive high-fidelity, actionable alerts. Act as the technical escalation point for platform-related operational issues raised by the SOC; diagnose platform problems, engage vendor support where required, and drive issues to resolution with minimal impact on SOC operational effectiveness. Develop and maintain platform integration configurations that connect assigned platforms to the SIEM, SOAR, and other operational tooling; ensure data feeds are reliable, well-formed, and provide the SOC with the visibility needed to detect and respond to threats effectively. Platform Capability Development & Innovation Actively explore the full capability of assigned platforms; identify licensable features, beta capabilities, and underused functionality that could improve the security posture, and bring well-structured proposals to the Security Platform Engineering Manager for consideration. Design and implement automation and integration workflows that improve the efficiency and effectiveness of platform operations; develop scripts, API integrations, and orchestration logic that reduce manual effort and enable platform capabilities to be delivered at scale. Support the delivery of platform deployments, upgrades, and new capability rollouts as part of the GCS transformation programme; plan and execute engineering work with precision, minimising disruption to the business and to SOC operations throughout. Vendor Engagement & Licence Management Maintain productive working relationships with vendor technical teams for assigned platforms; engage effectively with vendor support for issue resolution, participate in technical briefings and product roadmap sessions, and escalate product deficiencies through appropriate channels. Maintain accurate records of licence entitlements, feature adoption, and consumption for assigned platforms; flag any discrepancies, unused entitlements, or upcoming renewal milestones to the Security Platform Engineering Manager in a timely manner. Experience, Knowledge, Skills & Attributes Essential Experience 4+ years in a cyber security engineering or security operations technology role, with hands-on technical experience configuring and managing enterprise security platforms. Demonstrable, deep technical expertise in at least one platform from the portfolio - Microsoft Defender / M365 Defender suite, Zscaler, Qualys, Abnormal Security, or Axonius - including hands-on configuration, policy management, and operational tuning at enterprise scale. Experience working closely with a SOC or security operations team, with an understanding of how platform configuration decisions affect detection quality, alert fidelity, and analyst workflow. Experience maintaining configuration documentation and operating within a structured change management process for security platforms. Experience engaging with vendor technical support teams, logging and escalating issues effectively, and driving platform problems to resolution. Knowledge & Skills Genuine technical curiosity: the instinct to explore platforms beyond surface-level familiarity, understand their full capability depth, and think creatively about how features can be applied to solve real security problems. Strong working knowledge of the Microsoft security stack, including Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365, and M365 security policy configuration. Understanding of security platform integration patterns, including API connectivity, SIEM/SOAR data feeds, and log forwarding; practical experience implementing or maintaining at least one such integration. Ability to produce clear technical documentation - configuration records, runbooks, change requests - to a consistent and auditable standard. Qualifications Degree-level education in computer science, information security, or a related technical discipline; or equivalent professional experience. Vendor certification in at least one of the platforms in scope (e.g . click apply for full job details
About Us Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid. At Visa, you'll have the opportunity to create impact at scale - tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world. Join Visa and do work that matters - to you, to your community, and to the world. Progress starts with you. Job Description In your role as Information Security GRC Engineering Consultant - Featurespace, you will help us achieve our goals and deliver success on behalf of our customers by: Building systems and frameworks, in line with industry standards, Visa Key Controls and customer expectations, that make compliance continuous, measurable, and low friction, moving Featurespace away from point in time, audit driven assurance toward scalable, repeatable control based implementation. Acting as a hands on, solutions driven GRC engineering consultant, translating regulatory and control requirements (PCI DSS, SOC 2, Visa KCX) into practical, implementable controls within our products, teams and cloud environments. Designing and implementing automation where it adds genuine value, including control validation, evidence collection, workflow orchestration, and compliance telemetry. Leading compliance outcomes through expertise and influence (not direct line management), working cross functionally with the product, engineering and platform teams in Featurespace, and the central Visa Cyber, Risk and Legal teams. Helping Featurespace integrate effectively into Visa's security and compliance ecosystem, ensuring centrally provided capabilities (policies, third party risk, training, tooling) are correctly applied to Featurespace products, services, and delivery models. Providing assurance to our customers by providing appropriate responses to customer RFP questions and customer audits on topics such as cybersecurity, technology operations, and compliance with standards (e.g., PCI DSS, SOC 2). Responsibilities As a company we hire people with a willingness to adapt to a variable role, so along with the key responsibilities below, we ask for ownership of any other duties as required. 1. Control Framework Ownership & Assurance Lead the implementation and ongoing operation of Featurespace's security controls framework, ensuring alignment with Visa Key Controls, PCI DSS, SOC 2, and other applicable regulatory or customer requirements, and ensuring controls are implemented in a manner appropriate to Featurespace products, services, and delivery models. Coordinate and lead Featurespace's annual certification and assurance activities (e.g. PCI DSS, SOC 2), acting as the primary point of integration between Featurespace internal teams, external auditors, and Visa central control functions, and ensuring audit activities are delivered efficiently, accurately, and on time. Ensure all processes are operating effectively and are correctly evidenced, including the maintenance of appropriate documentation, dependency mapping, and traceability to responsible teams and subject matter experts. 2. GRC Engineering, Integration & Automation Translate regulatory, compliance, and control requirements into practical, product aware implementations, working directly with engineering and platform teams to embed controls into architectures, CI/CD pipelines, cloud environments, and operating processes. Design, build, and maintain automation to support compliance activities where it adds demonstrable value, including: control validation and continuous assurance evidence collection, normalisation, and retention workflow orchestration and exception handling metrics, reporting, and compliance visibility Apply engineering judgement to determine what should be automated in the short term, what requires process or architectural maturity or redesign to be effective, and what is not suitable for automation. Ensure Featurespace teams are effectively integrated with Visa's centrally provided security and compliance capabilities, identifying when changes in Featurespace products, architectures, suppliers, customer requirements, or operating models introduce new or materially changed obligations, and ensuring the appropriate Visa processes and assessments are engaged, including: policy and standards frameworks third party risk management processes security architecture assessments security awareness and training programmes legal and commercial contracting risk management and governance tooling 3. Advisory, Enablement & Secure by Design Act as a trusted advisor and subject matter expert to Featurespace engineering, product, commercial, and leadership teams, helping stakeholders understand information security and compliance expectations and how to meet them pragmatically. Drive a secure by design and shift left mindset, ensuring compliance and assurance considerations are addressed early in delivery rather than deferred to audit windows, and facilitating the timely closure of gaps and findings identified through Visa vulnerability management and secure assessment processes. Develop and maintain repeatable patterns, reference implementations, standards, procedures, and guidance that reduce friction for delivery teams while maintaining strong assurance, consulting with and coordinating input from subject matter experts as required. 4. Risk Management, Audit & External Engagement Conduct security risk assessments and business impact analyses, and recommend appropriate control improvements to address identified risks or weaknesses. Provide oversight and assurance of corrective, preventative, or remediation activities, utilising Visa risk management tooling, working with identified application and service owners, and escalating issues at risk of missing deadlines in a timely and effective manner. Represent Information Security with customers, auditors, and internal stakeholders, particularly during assurance windows and customer security engagements. Coordinate and lead responses to customer RFP questions and security audits, ensuring responses are timely, accurate, repeatable, re usable, traceable to responsible SMEs, and supported by appropriate evidence. Support incident response and recovery activities where compliance or control effectiveness is impacted, ensuring appropriate remediation actions are taken and evidenced. Travel periodically as required for customer, company, or relevant events. This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.
09/06/2026
Full time
About Us Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid. At Visa, you'll have the opportunity to create impact at scale - tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world. Join Visa and do work that matters - to you, to your community, and to the world. Progress starts with you. Job Description In your role as Information Security GRC Engineering Consultant - Featurespace, you will help us achieve our goals and deliver success on behalf of our customers by: Building systems and frameworks, in line with industry standards, Visa Key Controls and customer expectations, that make compliance continuous, measurable, and low friction, moving Featurespace away from point in time, audit driven assurance toward scalable, repeatable control based implementation. Acting as a hands on, solutions driven GRC engineering consultant, translating regulatory and control requirements (PCI DSS, SOC 2, Visa KCX) into practical, implementable controls within our products, teams and cloud environments. Designing and implementing automation where it adds genuine value, including control validation, evidence collection, workflow orchestration, and compliance telemetry. Leading compliance outcomes through expertise and influence (not direct line management), working cross functionally with the product, engineering and platform teams in Featurespace, and the central Visa Cyber, Risk and Legal teams. Helping Featurespace integrate effectively into Visa's security and compliance ecosystem, ensuring centrally provided capabilities (policies, third party risk, training, tooling) are correctly applied to Featurespace products, services, and delivery models. Providing assurance to our customers by providing appropriate responses to customer RFP questions and customer audits on topics such as cybersecurity, technology operations, and compliance with standards (e.g., PCI DSS, SOC 2). Responsibilities As a company we hire people with a willingness to adapt to a variable role, so along with the key responsibilities below, we ask for ownership of any other duties as required. 1. Control Framework Ownership & Assurance Lead the implementation and ongoing operation of Featurespace's security controls framework, ensuring alignment with Visa Key Controls, PCI DSS, SOC 2, and other applicable regulatory or customer requirements, and ensuring controls are implemented in a manner appropriate to Featurespace products, services, and delivery models. Coordinate and lead Featurespace's annual certification and assurance activities (e.g. PCI DSS, SOC 2), acting as the primary point of integration between Featurespace internal teams, external auditors, and Visa central control functions, and ensuring audit activities are delivered efficiently, accurately, and on time. Ensure all processes are operating effectively and are correctly evidenced, including the maintenance of appropriate documentation, dependency mapping, and traceability to responsible teams and subject matter experts. 2. GRC Engineering, Integration & Automation Translate regulatory, compliance, and control requirements into practical, product aware implementations, working directly with engineering and platform teams to embed controls into architectures, CI/CD pipelines, cloud environments, and operating processes. Design, build, and maintain automation to support compliance activities where it adds demonstrable value, including: control validation and continuous assurance evidence collection, normalisation, and retention workflow orchestration and exception handling metrics, reporting, and compliance visibility Apply engineering judgement to determine what should be automated in the short term, what requires process or architectural maturity or redesign to be effective, and what is not suitable for automation. Ensure Featurespace teams are effectively integrated with Visa's centrally provided security and compliance capabilities, identifying when changes in Featurespace products, architectures, suppliers, customer requirements, or operating models introduce new or materially changed obligations, and ensuring the appropriate Visa processes and assessments are engaged, including: policy and standards frameworks third party risk management processes security architecture assessments security awareness and training programmes legal and commercial contracting risk management and governance tooling 3. Advisory, Enablement & Secure by Design Act as a trusted advisor and subject matter expert to Featurespace engineering, product, commercial, and leadership teams, helping stakeholders understand information security and compliance expectations and how to meet them pragmatically. Drive a secure by design and shift left mindset, ensuring compliance and assurance considerations are addressed early in delivery rather than deferred to audit windows, and facilitating the timely closure of gaps and findings identified through Visa vulnerability management and secure assessment processes. Develop and maintain repeatable patterns, reference implementations, standards, procedures, and guidance that reduce friction for delivery teams while maintaining strong assurance, consulting with and coordinating input from subject matter experts as required. 4. Risk Management, Audit & External Engagement Conduct security risk assessments and business impact analyses, and recommend appropriate control improvements to address identified risks or weaknesses. Provide oversight and assurance of corrective, preventative, or remediation activities, utilising Visa risk management tooling, working with identified application and service owners, and escalating issues at risk of missing deadlines in a timely and effective manner. Represent Information Security with customers, auditors, and internal stakeholders, particularly during assurance windows and customer security engagements. Coordinate and lead responses to customer RFP questions and security audits, ensuring responses are timely, accurate, repeatable, re usable, traceable to responsible SMEs, and supported by appropriate evidence. Support incident response and recovery activities where compliance or control effectiveness is impacted, ensuring appropriate remediation actions are taken and evidenced. Travel periodically as required for customer, company, or relevant events. This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.
Overview Title: Cyber Security Platform Engineer - Microsoft Reference No: 2161 Company: FTSE 100 Reports to: Security Platform Engineering Manager Location: London Working Pattern: 37.5 hours per week, Monday - Friday. Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Salary: £59,000 - £72,000 Benefits: Bupa, Matched pension contributions. The Role Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across) the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. This is a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi-year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on. The Security Platform Engineering function is central to that portfolio - responsible for ensuring that the security tools the organisation invests in are deeply understood, expertly configured, continuously improved, and consistently delivering their intended security and business value. Microsoft is the most strategically significant security platform, and the uplift and optimisation of the Microsoft security estate is one of the most consequential engineering challenges in the GCS transformation programme. Role Summary Reporting to the Security Platform Engineering Manager, the Cyber Security Platform Engineer - Microsoft is the Group dedicated technical authority for the Microsoft security platform. The role carries implied ownership of the full Microsoft security stack: the M365 Defender suite, the security-relevant capabilities of Microsoft Entra ID (conditional access, Privileged Identity Management, access packages, and least privilege), Intune, and the foundational configuration of the Microsoft 365 and Azure environments on which all of these depend. This is a role that extends beyond BAU platform management: a significant part of the initial mandate is to critically assess the current state of the Microsoft estate - spanning E3, Active Directory, Entra ID, Intune, and existing Defender deployments - identify the gaps against vendor-recommended best practice and the Group cyber standard, and build a prioritised strategy and plan to close them. This role is the primary technical owner of that relationship on the GCS side - working directly with the Microsoft team to prioritise, plan, and drive the E5 deployment across the estate, and ensuring that the professional services and engineering resources available are directed at the highest-value activities. The role must navigate the realities of the federated organisation with skill: delivery will depend on partnership with divisional IT teams, and getting there will require excellent stakeholder management, a clear change communication approach, and an absolute commitment to end-user experience. Zero tolerance for avoidable downtime is not a preference - it is a non-negotiable operating constraint. The role works in close partnership with the Cyber Architecture Manager, the Group CTO function, the IT Frameworks Director, Assurance leads, Divisional Security Leads, and the Identity Transformation team. It shares the defining mindset of the whole platform engineering function: genuine passion for the Microsoft platform, curiosity about its full capability, and the drive to get to a secure, consistent, vendor-recommended configuration as quickly and as safely as possible. Role Responsibilities / Accountabilities Microsoft Estate Assessment, Gap Analysis & Strategy Conduct a structured, critical assessment of the current Microsoft security estate, covering Active Directory, Microsoft Entra ID, Intune, M365 (E3 and current Defender deployments), and Azure security configuration; benchmark the current state against Microsoft's secure score recommendations, vendor best practice, and the Group cyber technical standard, and produce a clear, evidence-based gap analysis. Develop a prioritised Microsoft security uplift strategy and delivery plan that sequences remediation and enhancement activity by risk reduction impact, operational feasibility, and alignment with the E5 migration roadmap; ensure the plan is realistic for federated environment and has clear milestones, owners, and success criteria. Maintain the Microsoft security uplift plan as a live document; track progress against milestones, report status to the Security Platform Engineering Manager, and adapt the plan to the Groups environment, the threat landscape, and the Microsoft product roadmap evolve. Microsoft Defender Platform Ownership & Engineering Own the technical configuration, ongoing engineering, and operational health of the full M365 Defender suite, including Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365, and Microsoft Sentinel integration; maintain configurations to the approved baseline and drive continuous improvement against vendor-recommended configuration. Work closely with the SOC to tune Defender configurations for effective detection and response; adjust detection rules, custom detection queries, and alert thresholds in response to SOC operational feedback, ensuring analysts receive high-fidelity, actionable alerts with minimal noise. Develop and maintain detailed configuration documentation, runbooks, and change records for all Defender workloads; ensure configuration state is consistently documented, version-controlled, and auditable. Entra ID Security & Identity Controls Own the security configuration of Microsoft Entra ID across the Group; take implied technical ownership of the security-relevant Entra capabilities including Conditional Access policy design and enforcement, Privileged Identity Management (PIM), access packages and entitlement management, Identity Protection, and the application of least privilege principles across the directory. Work with the Cyber Architecture Manager, the IT Frameworks Director, and Assurance leads to ensure that GCS policies - including BYOD, remote access, and privilege management policies - are correctly and completely manifested in Entra Conditional Access policies and Intune device compliance rules; maintain a clear mapping between policy intent and platform configuration. Support the Active Directory to Entra ID modernisation journey; identify legacy AD configurations and hybrid identity risks that need to be addressed as part of the E5 migration, and work with the Identity Transformation team to ensure Entra security configuration activity is co-ordinated with the broader identity programme. Own the Intune security configuration, maintain device compliance policies, configuration profiles, and security baselines; ensure Intune is configured to enforce the Group endpoint security standard and provides accurate device compliance data to Entra Conditional Access and the Defender estate. E5 Migration, ECIF Engagement & Microsoft Relationship Act as GCS's primary technical liaison to the Microsoft ECIF (Engineering Co-Investment Fund) team; plan, prioritise, and drive the E5 deployment programme in partnership with the ECIF team, ensuring that Microsoft engineering resources are directed at the highest-value activities and that the Organisation is getting the maximum benefit from the co-investment engagement. Manage the technical relationship with Microsoft across the security and identity platform; maintain active engagement with Microsoft technical account management, product specialists, and engineering teams; use the account relationship to gain early access to roadmap briefings, preview features, escalation paths, and best-practice guidance relevant to the organisations environment. Plan and manage the technical delivery of E5 capability rollout across the divisions; sequence deployment activity to maximise early security value, sequence it safely within the change management constraints, and ensure each phase is fully tested, documented, and supported before moving to the next. Maintain accurate records of Microsoft licence entitlements, feature adoption, and E5 deployment progress; ensure the Group is consuming the capabilities it is paying for, and provide the Security Platform Engineering Manager with clear, up-to-date visibility of licence utilisation and deployment status. Policy Manifestation, Standards Alignment & Assurance Translate Group cyber technical standards and security policies into enforceable Microsoft platform configurations; maintain a clear, auditable mapping between each policy requirement and its implementation in Defender, Entra, Intune, or other Microsoft controls, and ensure divergence is identified and remediated promptly. Work closely with the Director of Cyber Assurance and Assurance leads to support controls assessment of the Microsoft estate; provide technical evidence of configuration compliance . click apply for full job details
09/06/2026
Full time
Overview Title: Cyber Security Platform Engineer - Microsoft Reference No: 2161 Company: FTSE 100 Reports to: Security Platform Engineering Manager Location: London Working Pattern: 37.5 hours per week, Monday - Friday. Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Salary: £59,000 - £72,000 Benefits: Bupa, Matched pension contributions. The Role Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across) the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. This is a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi-year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on. The Security Platform Engineering function is central to that portfolio - responsible for ensuring that the security tools the organisation invests in are deeply understood, expertly configured, continuously improved, and consistently delivering their intended security and business value. Microsoft is the most strategically significant security platform, and the uplift and optimisation of the Microsoft security estate is one of the most consequential engineering challenges in the GCS transformation programme. Role Summary Reporting to the Security Platform Engineering Manager, the Cyber Security Platform Engineer - Microsoft is the Group dedicated technical authority for the Microsoft security platform. The role carries implied ownership of the full Microsoft security stack: the M365 Defender suite, the security-relevant capabilities of Microsoft Entra ID (conditional access, Privileged Identity Management, access packages, and least privilege), Intune, and the foundational configuration of the Microsoft 365 and Azure environments on which all of these depend. This is a role that extends beyond BAU platform management: a significant part of the initial mandate is to critically assess the current state of the Microsoft estate - spanning E3, Active Directory, Entra ID, Intune, and existing Defender deployments - identify the gaps against vendor-recommended best practice and the Group cyber standard, and build a prioritised strategy and plan to close them. This role is the primary technical owner of that relationship on the GCS side - working directly with the Microsoft team to prioritise, plan, and drive the E5 deployment across the estate, and ensuring that the professional services and engineering resources available are directed at the highest-value activities. The role must navigate the realities of the federated organisation with skill: delivery will depend on partnership with divisional IT teams, and getting there will require excellent stakeholder management, a clear change communication approach, and an absolute commitment to end-user experience. Zero tolerance for avoidable downtime is not a preference - it is a non-negotiable operating constraint. The role works in close partnership with the Cyber Architecture Manager, the Group CTO function, the IT Frameworks Director, Assurance leads, Divisional Security Leads, and the Identity Transformation team. It shares the defining mindset of the whole platform engineering function: genuine passion for the Microsoft platform, curiosity about its full capability, and the drive to get to a secure, consistent, vendor-recommended configuration as quickly and as safely as possible. Role Responsibilities / Accountabilities Microsoft Estate Assessment, Gap Analysis & Strategy Conduct a structured, critical assessment of the current Microsoft security estate, covering Active Directory, Microsoft Entra ID, Intune, M365 (E3 and current Defender deployments), and Azure security configuration; benchmark the current state against Microsoft's secure score recommendations, vendor best practice, and the Group cyber technical standard, and produce a clear, evidence-based gap analysis. Develop a prioritised Microsoft security uplift strategy and delivery plan that sequences remediation and enhancement activity by risk reduction impact, operational feasibility, and alignment with the E5 migration roadmap; ensure the plan is realistic for federated environment and has clear milestones, owners, and success criteria. Maintain the Microsoft security uplift plan as a live document; track progress against milestones, report status to the Security Platform Engineering Manager, and adapt the plan to the Groups environment, the threat landscape, and the Microsoft product roadmap evolve. Microsoft Defender Platform Ownership & Engineering Own the technical configuration, ongoing engineering, and operational health of the full M365 Defender suite, including Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365, and Microsoft Sentinel integration; maintain configurations to the approved baseline and drive continuous improvement against vendor-recommended configuration. Work closely with the SOC to tune Defender configurations for effective detection and response; adjust detection rules, custom detection queries, and alert thresholds in response to SOC operational feedback, ensuring analysts receive high-fidelity, actionable alerts with minimal noise. Develop and maintain detailed configuration documentation, runbooks, and change records for all Defender workloads; ensure configuration state is consistently documented, version-controlled, and auditable. Entra ID Security & Identity Controls Own the security configuration of Microsoft Entra ID across the Group; take implied technical ownership of the security-relevant Entra capabilities including Conditional Access policy design and enforcement, Privileged Identity Management (PIM), access packages and entitlement management, Identity Protection, and the application of least privilege principles across the directory. Work with the Cyber Architecture Manager, the IT Frameworks Director, and Assurance leads to ensure that GCS policies - including BYOD, remote access, and privilege management policies - are correctly and completely manifested in Entra Conditional Access policies and Intune device compliance rules; maintain a clear mapping between policy intent and platform configuration. Support the Active Directory to Entra ID modernisation journey; identify legacy AD configurations and hybrid identity risks that need to be addressed as part of the E5 migration, and work with the Identity Transformation team to ensure Entra security configuration activity is co-ordinated with the broader identity programme. Own the Intune security configuration, maintain device compliance policies, configuration profiles, and security baselines; ensure Intune is configured to enforce the Group endpoint security standard and provides accurate device compliance data to Entra Conditional Access and the Defender estate. E5 Migration, ECIF Engagement & Microsoft Relationship Act as GCS's primary technical liaison to the Microsoft ECIF (Engineering Co-Investment Fund) team; plan, prioritise, and drive the E5 deployment programme in partnership with the ECIF team, ensuring that Microsoft engineering resources are directed at the highest-value activities and that the Organisation is getting the maximum benefit from the co-investment engagement. Manage the technical relationship with Microsoft across the security and identity platform; maintain active engagement with Microsoft technical account management, product specialists, and engineering teams; use the account relationship to gain early access to roadmap briefings, preview features, escalation paths, and best-practice guidance relevant to the organisations environment. Plan and manage the technical delivery of E5 capability rollout across the divisions; sequence deployment activity to maximise early security value, sequence it safely within the change management constraints, and ensure each phase is fully tested, documented, and supported before moving to the next. Maintain accurate records of Microsoft licence entitlements, feature adoption, and E5 deployment progress; ensure the Group is consuming the capabilities it is paying for, and provide the Security Platform Engineering Manager with clear, up-to-date visibility of licence utilisation and deployment status. Policy Manifestation, Standards Alignment & Assurance Translate Group cyber technical standards and security policies into enforceable Microsoft platform configurations; maintain a clear, auditable mapping between each policy requirement and its implementation in Defender, Entra, Intune, or other Microsoft controls, and ensure divergence is identified and remediated promptly. Work closely with the Director of Cyber Assurance and Assurance leads to support controls assessment of the Microsoft estate; provide technical evidence of configuration compliance . click apply for full job details
Title: Cyber Architecture Manager Reference No: 2158 Company: FTSE 100 Reports to: Deputy Group CISO Location: London Working Pattern: 37.5 hours per week, Monday - Friday. Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Salary: £84,000 - £100,000 Benefits: Car allowance, Bupa, Matched pension contributions. The Role Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. The Group operates a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi-year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on. A central challenge in a federated Group is translation: the work of turning Group-level standards, strategy, and expertise into something that actually lands and works inside each division's unique context. That is precisely the purpose of the Cyber Advisory Services function. It bridges Group Cyber Security and the divisions - providing the technical advice, subject-matter expertise, specialist project support, and flexible consulting resource that enables divisions to understand, adopt, implement, leverage and operationalise the Group cyber standard. Role Summary Reporting to the Deputy Group CISO, the Cyber Architecture Manager is the most senior cyber security architect and the authoritative voice on all matters of security architecture across the Group. The role owns the Group's cyber enterprise architecture, setting the standards, patterns, and principles that govern how security is designed, built, and integrated across all 11 divisions - whether through centrally delivered services, divisional programmes, or third-party technology. The role leads the Group cyber technical standards programme, defining the security technology baseline that all divisions are expected to achieve and maintain and is intrinsically aligned with the group technology office. It shapes the technology roadmap for the centrally delivered cyber services portfolio - encompassing the strategic platforms and capabilities that GCS operates on behalf of the Group - and ensures that investment decisions are grounded in sound architectural thinking and aligned to the long-term security strategy. Beyond Group-level ownership, the Cyber Architecture Manager provides architectural direction, advice, and technical guidance to divisional security and IT teams acting as a trusted adviser and challenge function to ensure that division-led initiatives are architecturally sound and consistent with Group standards. The role leads a blended team of permanent cyber architects and resources drawn from within Cyber Security and from the GCS flexible resourcing desk, deploying expertise where it is most needed across the transformation programme and business-as-usual demand. Role Responsibilities / Accountabilities Cyber Enterprise Architecture Own and maintain the Group cyber enterprise architecture, defining the security architecture principles, patterns, and reference models that provide the authoritative framework for how security is designed and implemented. Translate the Group cyber security strategy into a coherent, actionable architecture that spans all domains - network security, identity and access management, endpoint, cloud, OT, data protection, AI, and application security - ensuring consistency across a complex, federated estate. Act as the Group's senior design authority for cyber security, providing architectural oversight and sign-off on significant technology investments, transformations, and programmes that have material security implications. Group Cyber Technical Standards Lead the development, publication, and lifecycle management of the Group cyber technical standards library, covering all major security domains; ensure standards are technically rigorous, aligned to industry and regulatory best practise practically implementable, and kept current with the evolving threat and technology landscape. Work in close partnership with the Head of Cyber Assurance to ensure technical standards are enforceable, measurable, and directly underpinned by the policy framework; support their use as the basis for control assessment and compliance measurement. Define and maintain the technical baseline for the Group ISMS, ensuring security engineering requirements are fully integrated into the ISO/IEC 27001:2022 as well as compatible with other key frameworks such as NIS2, IEC6243, EU AI Act and NIST. Strategic Technology Roadmap for Centrally Delivered Cyber Services Own and maintain the technology roadmap for the centrally delivered cyber services portfolio - encompassing the strategic platforms and capabilities that GCS operates on behalf of the Group, including (but not limited to) identity and access management, SIEM/SOAR, endpoint protection, cloud security, network security, and OT security. Provide architectural input to the GCS investment planning cycle, ensuring technology decisions are grounded in sound architectural thinking, aligned to the long-term security strategy, and capable of delivering the required security outcomes at Group scale. Lead technology evaluation and selection for strategic cyber platforms, conducting market assessment, proof-of-concept oversight, and architectural due diligence to ensure the organisation selects the right tools for the right problems at the right time. Drive platform consolidation and rationalisation across the Group, reducing complexity and vendor sprawl while improving security capability maturity and value for money. Divisional Architectural Direction & Advisory Set the architectural direction for divisional cyber and IT security teams; provide a clear framework of Group-level patterns, approved reference architectures, and design principles that divisional teams are expected to adopt and adapt within. Act as the senior architectural resource and escalation point for divisional BISOs and IT security teams, providing expert guidance and challenge on division-led security technology initiatives, acquisitions, and significant infrastructure changes. Ensure that divisional security architectures are consistent with Group standards and enterprise architecture principles; identify and remediate architectural debt and divergence across the estate in a risk-proportionate and pragmatic manner. Provide architectural input to acquisition due diligence, integration planning, and divestiture activities, ensuring cyber security risks and architectural implications are identified and addressed at the earliest opportunity. Cyber Technology Advice, Guidance & Direction Ensure Full alignment with the Group Technology office (CTO); Wider technology frameworks and other architectural functions across the group. Serve as the foremost cyber technology authority, providing authoritative advice and direction to the Deputy CISO, Group CISO, senior business stakeholders, and divisional leadership on the security implications of technology choices, emerging threats, and market developments. Maintain awareness of the evolving cyber technology landscape - including developments in AI-driven security, zero trust, cloud-native security, OT/IT convergence, and identity-centric architectures - and translate that intelligence into timely, actionable recommendations. Manage relationships with strategic technology vendors and partners; provide architectural oversight of vendor engagements and ensure that commercial commitments are consistent with the Group's architectural direction and long-term interests. Team Leadership & Resourcing Lead, develop, and inspire a blended team of permanent cyber architects and resources drawn from the GCS flexible resourcing desk; foster a high-performance, collaborative culture with clear standards of delivery and professional development. Manage the deployment of architecture resource across the transformation programme and BAU demand pipeline, working with the Deputy CISO and programme leadership to prioritise activity, balance workload, and deploy expertise where it delivers most value. Manage the flexible resourcing desk relationship for the architecture function, including defining resource requirements, briefing and onboarding contractors and specialist resources, and maintaining quality and consistency of output across permanent and flexible team members. Build and maintain a strong architectural community of practice across GCS and divisional teams, promoting knowledge-sharing, peer review, and continuous improvement in the quality of security design. Transformation Programme & Strategic Projects Provide senior architectural leadership to the GCS transformation programme, ensuring that new capabilities are designed to a consistent high standard, integrated effectively into the existing estate . click apply for full job details
09/06/2026
Full time
Title: Cyber Architecture Manager Reference No: 2158 Company: FTSE 100 Reports to: Deputy Group CISO Location: London Working Pattern: 37.5 hours per week, Monday - Friday. Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Salary: £84,000 - £100,000 Benefits: Car allowance, Bupa, Matched pension contributions. The Role Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. The Group operates a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi-year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on. A central challenge in a federated Group is translation: the work of turning Group-level standards, strategy, and expertise into something that actually lands and works inside each division's unique context. That is precisely the purpose of the Cyber Advisory Services function. It bridges Group Cyber Security and the divisions - providing the technical advice, subject-matter expertise, specialist project support, and flexible consulting resource that enables divisions to understand, adopt, implement, leverage and operationalise the Group cyber standard. Role Summary Reporting to the Deputy Group CISO, the Cyber Architecture Manager is the most senior cyber security architect and the authoritative voice on all matters of security architecture across the Group. The role owns the Group's cyber enterprise architecture, setting the standards, patterns, and principles that govern how security is designed, built, and integrated across all 11 divisions - whether through centrally delivered services, divisional programmes, or third-party technology. The role leads the Group cyber technical standards programme, defining the security technology baseline that all divisions are expected to achieve and maintain and is intrinsically aligned with the group technology office. It shapes the technology roadmap for the centrally delivered cyber services portfolio - encompassing the strategic platforms and capabilities that GCS operates on behalf of the Group - and ensures that investment decisions are grounded in sound architectural thinking and aligned to the long-term security strategy. Beyond Group-level ownership, the Cyber Architecture Manager provides architectural direction, advice, and technical guidance to divisional security and IT teams acting as a trusted adviser and challenge function to ensure that division-led initiatives are architecturally sound and consistent with Group standards. The role leads a blended team of permanent cyber architects and resources drawn from within Cyber Security and from the GCS flexible resourcing desk, deploying expertise where it is most needed across the transformation programme and business-as-usual demand. Role Responsibilities / Accountabilities Cyber Enterprise Architecture Own and maintain the Group cyber enterprise architecture, defining the security architecture principles, patterns, and reference models that provide the authoritative framework for how security is designed and implemented. Translate the Group cyber security strategy into a coherent, actionable architecture that spans all domains - network security, identity and access management, endpoint, cloud, OT, data protection, AI, and application security - ensuring consistency across a complex, federated estate. Act as the Group's senior design authority for cyber security, providing architectural oversight and sign-off on significant technology investments, transformations, and programmes that have material security implications. Group Cyber Technical Standards Lead the development, publication, and lifecycle management of the Group cyber technical standards library, covering all major security domains; ensure standards are technically rigorous, aligned to industry and regulatory best practise practically implementable, and kept current with the evolving threat and technology landscape. Work in close partnership with the Head of Cyber Assurance to ensure technical standards are enforceable, measurable, and directly underpinned by the policy framework; support their use as the basis for control assessment and compliance measurement. Define and maintain the technical baseline for the Group ISMS, ensuring security engineering requirements are fully integrated into the ISO/IEC 27001:2022 as well as compatible with other key frameworks such as NIS2, IEC6243, EU AI Act and NIST. Strategic Technology Roadmap for Centrally Delivered Cyber Services Own and maintain the technology roadmap for the centrally delivered cyber services portfolio - encompassing the strategic platforms and capabilities that GCS operates on behalf of the Group, including (but not limited to) identity and access management, SIEM/SOAR, endpoint protection, cloud security, network security, and OT security. Provide architectural input to the GCS investment planning cycle, ensuring technology decisions are grounded in sound architectural thinking, aligned to the long-term security strategy, and capable of delivering the required security outcomes at Group scale. Lead technology evaluation and selection for strategic cyber platforms, conducting market assessment, proof-of-concept oversight, and architectural due diligence to ensure the organisation selects the right tools for the right problems at the right time. Drive platform consolidation and rationalisation across the Group, reducing complexity and vendor sprawl while improving security capability maturity and value for money. Divisional Architectural Direction & Advisory Set the architectural direction for divisional cyber and IT security teams; provide a clear framework of Group-level patterns, approved reference architectures, and design principles that divisional teams are expected to adopt and adapt within. Act as the senior architectural resource and escalation point for divisional BISOs and IT security teams, providing expert guidance and challenge on division-led security technology initiatives, acquisitions, and significant infrastructure changes. Ensure that divisional security architectures are consistent with Group standards and enterprise architecture principles; identify and remediate architectural debt and divergence across the estate in a risk-proportionate and pragmatic manner. Provide architectural input to acquisition due diligence, integration planning, and divestiture activities, ensuring cyber security risks and architectural implications are identified and addressed at the earliest opportunity. Cyber Technology Advice, Guidance & Direction Ensure Full alignment with the Group Technology office (CTO); Wider technology frameworks and other architectural functions across the group. Serve as the foremost cyber technology authority, providing authoritative advice and direction to the Deputy CISO, Group CISO, senior business stakeholders, and divisional leadership on the security implications of technology choices, emerging threats, and market developments. Maintain awareness of the evolving cyber technology landscape - including developments in AI-driven security, zero trust, cloud-native security, OT/IT convergence, and identity-centric architectures - and translate that intelligence into timely, actionable recommendations. Manage relationships with strategic technology vendors and partners; provide architectural oversight of vendor engagements and ensure that commercial commitments are consistent with the Group's architectural direction and long-term interests. Team Leadership & Resourcing Lead, develop, and inspire a blended team of permanent cyber architects and resources drawn from the GCS flexible resourcing desk; foster a high-performance, collaborative culture with clear standards of delivery and professional development. Manage the deployment of architecture resource across the transformation programme and BAU demand pipeline, working with the Deputy CISO and programme leadership to prioritise activity, balance workload, and deploy expertise where it delivers most value. Manage the flexible resourcing desk relationship for the architecture function, including defining resource requirements, briefing and onboarding contractors and specialist resources, and maintaining quality and consistency of output across permanent and flexible team members. Build and maintain a strong architectural community of practice across GCS and divisional teams, promoting knowledge-sharing, peer review, and continuous improvement in the quality of security design. Transformation Programme & Strategic Projects Provide senior architectural leadership to the GCS transformation programme, ensuring that new capabilities are designed to a consistent high standard, integrated effectively into the existing estate . click apply for full job details
Information Security Solutions is seeking a Cyber Advisory Services Manager to lead consulting and advisory initiatives. This role requires a strong background in cyber security, with responsibilities including providing tailored support to divisions, managing policy assessments, and facilitating compliance with Group standards. The ideal candidate should possess at least 10 years of experience in cyber security, demonstrating expertise in advisory services and stakeholder engagement in complex environments. This position offers a hybrid work model and competitive salary ranging from £84,000 to £100,000, along with additional benefits.
09/06/2026
Full time
Information Security Solutions is seeking a Cyber Advisory Services Manager to lead consulting and advisory initiatives. This role requires a strong background in cyber security, with responsibilities including providing tailored support to divisions, managing policy assessments, and facilitating compliance with Group standards. The ideal candidate should possess at least 10 years of experience in cyber security, demonstrating expertise in advisory services and stakeholder engagement in complex environments. This position offers a hybrid work model and competitive salary ranging from £84,000 to £100,000, along with additional benefits.
Senior Cyber Security Analyst (OWASP / SAST /DAST - Banking Client Application Security Secure Design Threat Modelling DevSecOps) Locations: London, Paris, Brussels, Amsterdam Rate: Flexible Duration: 12 months We are looking for a Cyber Security Analyst specialising in Application Security and Secure Architecture to join a high-performing security team responsible for protecting large-scale enterprise platforms. This role focuses on embedding security into application design and development, performing security risk assessments, and ensuring that modern applications and platforms are built following secure-by-design principles. You will work closely with software engineers, architects, DevOps teams and security engineers to ensure security is integrated throughout the technology lifecycle. Key Responsibilities Application Security & Secure SDLC - Perform application security assessments across modern enterprise platforms, review application architecture and ensure alignment with secure-by-design principles, embed security into the software development lifecycle (SDLC), support development teams in implementing secure coding practices aligned with OWASP guidelines. Security Testing & DevSecOps - Define and review security testing activities including SAST, DAST and software composition analysis (SCA), work with engineering teams to integrate security scanning into CI/CD pipelines, analyse vulnerability scan results and support remediation of application security issues. Threat Modelling & Security Risk Assessments - Conduct threat modelling exercises using frameworks such as STRIDE or MITRE ATT&CK, identify potential security threats, vulnerabilities and attack scenarios within applications and supporting infrastructure, perform structured security risk assessments and provide remediation recommendations. Security Architecture & Secure Design - Review application and platform architectures to ensure appropriate security controls are implemented, translate high-level security policies into technical security requirements for development teams, work with architects to ensure applications are built following secure architecture patterns. Security Advisory - Provide security expertise to engineering teams, project managers and technology leaders, support security decision-making during application design and implementation, contribute to security best practices, standards and guidelines. Key Technical Skills Strong experience in application security and secure software development including Secure Software Development Lifecycle (SSDLC) OWASP Top 10 and secure coding practices Application security testing (SAST / DAST / SCA) Threat modelling methodologies (STRIDE, MITRE ATT&CK) Vulnerability management and remediation Secure architecture and design reviews DevSecOps and CI/CD security integration API security and modern application architectures Experience with Tools SAST / DAST platforms Code scanning tools CI/CD pipelines (GitHub, GitLab, Jenkins etc.) Container security platforms Cloud security tooling Technology Environment Cloud platforms (AWS, Azure or GCP) Containerised platforms (Docker / Kubernetes) Microservices architectures REST APIs and modern application frameworks Identity and access management solutions Ideal Candidate Background 7-12+ years experience in cyber security, strong focus on application security, experience working closely with software engineering teams, experience performing security architecture reviews, experience in DevSecOps environments, strong communication skills and ability to explain security risks clearly. Certifications (Optional) Relevant certifications may include: CISSP, OSCP, CSSLP, GIAC, Security+ or similar. What Makes This Role Interesting You will work in a highly technical security environment, collaborating directly with engineers and architects to secure modern platforms at scale. This role offers the opportunity to influence secure architecture, application security practices and DevSecOps adoption across complex enterprise systems.
09/06/2026
Full time
Senior Cyber Security Analyst (OWASP / SAST /DAST - Banking Client Application Security Secure Design Threat Modelling DevSecOps) Locations: London, Paris, Brussels, Amsterdam Rate: Flexible Duration: 12 months We are looking for a Cyber Security Analyst specialising in Application Security and Secure Architecture to join a high-performing security team responsible for protecting large-scale enterprise platforms. This role focuses on embedding security into application design and development, performing security risk assessments, and ensuring that modern applications and platforms are built following secure-by-design principles. You will work closely with software engineers, architects, DevOps teams and security engineers to ensure security is integrated throughout the technology lifecycle. Key Responsibilities Application Security & Secure SDLC - Perform application security assessments across modern enterprise platforms, review application architecture and ensure alignment with secure-by-design principles, embed security into the software development lifecycle (SDLC), support development teams in implementing secure coding practices aligned with OWASP guidelines. Security Testing & DevSecOps - Define and review security testing activities including SAST, DAST and software composition analysis (SCA), work with engineering teams to integrate security scanning into CI/CD pipelines, analyse vulnerability scan results and support remediation of application security issues. Threat Modelling & Security Risk Assessments - Conduct threat modelling exercises using frameworks such as STRIDE or MITRE ATT&CK, identify potential security threats, vulnerabilities and attack scenarios within applications and supporting infrastructure, perform structured security risk assessments and provide remediation recommendations. Security Architecture & Secure Design - Review application and platform architectures to ensure appropriate security controls are implemented, translate high-level security policies into technical security requirements for development teams, work with architects to ensure applications are built following secure architecture patterns. Security Advisory - Provide security expertise to engineering teams, project managers and technology leaders, support security decision-making during application design and implementation, contribute to security best practices, standards and guidelines. Key Technical Skills Strong experience in application security and secure software development including Secure Software Development Lifecycle (SSDLC) OWASP Top 10 and secure coding practices Application security testing (SAST / DAST / SCA) Threat modelling methodologies (STRIDE, MITRE ATT&CK) Vulnerability management and remediation Secure architecture and design reviews DevSecOps and CI/CD security integration API security and modern application architectures Experience with Tools SAST / DAST platforms Code scanning tools CI/CD pipelines (GitHub, GitLab, Jenkins etc.) Container security platforms Cloud security tooling Technology Environment Cloud platforms (AWS, Azure or GCP) Containerised platforms (Docker / Kubernetes) Microservices architectures REST APIs and modern application frameworks Identity and access management solutions Ideal Candidate Background 7-12+ years experience in cyber security, strong focus on application security, experience working closely with software engineering teams, experience performing security architecture reviews, experience in DevSecOps environments, strong communication skills and ability to explain security risks clearly. Certifications (Optional) Relevant certifications may include: CISSP, OSCP, CSSLP, GIAC, Security+ or similar. What Makes This Role Interesting You will work in a highly technical security environment, collaborating directly with engineers and architects to secure modern platforms at scale. This role offers the opportunity to influence secure architecture, application security practices and DevSecOps adoption across complex enterprise systems.
Digital Forensics Manager or Senior Manager Location: London (Hybri/London) Position Type: Full-time, Permanent Experience Level: 612+ years of proven industry experience About the Firm We are a leading global legal technology and advisory firm specialising in expert eDiscovery, regulatory compliance, and investigative services. Our international Digital Forensics team operates as a highly collaborative, cross-border unit. We combine deep technical expertise with shared global standards to deliver consistent, high-impact results for complex corporate investigations and international litigation. The Role We are seeking an experienced Digital Forensics Manager or Senior Manager to join our growing London team. This is a hands-on technical leadership role designed for an established professional currently operating at a managerial level. You will stay close to the technical detail while leading the execution of complex forensic investigations, data collections, and defensible preservation strategies across global regulatory and corporate matters. Key Responsibilities Client Advisory & Project Leadership Strategic Consulting: Lead scoping and strategy discussions with corporate clients, regulators, and external counsel. End-to-End Management: Independently manage multiple concurrent forensic matters from initial data mapping to final delivery. Risk Mitigation: Identify technical and delivery risks early, coordinating with regional Team Leads to ensure swift resolution. Global Collaboration: Work seamlessly with international counterparts to maintain cross-border methodology and quality standards. Hands-On Technical Execution Cloud Forensics: Conduct scoping and defensible collections across Microsoft 365, Google Workspace, and Azure. Mobile Device Forensics: Perform advanced mobile acquisitions using industry-standard tools like Cellebrite Premium and Magnet GreyKey. Computer Forensics: Execute logical and physical data acquisitions from macOS and Windows environments. Deep File System Analysis: Apply deep knowledge of NTFS, APFS, HFS+, and FAT/exFAT systems to data interpretation. Technical Troubleshooting: Resolve complex issues regarding encryption, extraction failures, and data integrity. On-Site Operations & Travel Global Deployments: Lead domestic and international on-site data collections, often involving senior executives and sensitive environments. High-Pressure Execution: Adapt quickly to unfamiliar corporate environments and cultures while maintaining strict discretion. Team Leadership & Quality Control Mentorship: Act as a technical escalation point and mentor for Senior Analysts to drive their professional growth. Quality Assurance: Conduct rigorous technical quality reviews to ensure strict, legally defensible forensic best practices. What This Role Offers Impactful Scale: Lead high-profile, cross-border forensic engagements for Fortune 500 clients and top-tier law firms. Innovation: Shape regional workflows, test emerging tools, and validate forensic approaches for new data sources. Merit-Based Growth: Advance your career through transparent, performance-driven progression free from artificial corporate hierarchies. Professional Support: Financial and operational backing to maintain and advance your industry certifications (EnCE, CFCE, etc.). Requirements Experience: 6 to 12+ years of dedicated experience in digital forensics, expert witness, or corporate investigation services. Technical Mastery: Proven ability to independently execute and troubleshoot complex collections across cloud, mobile, and computer sources. Consultative Mindset: Confidence to advise C-suite executives and external counsel, translating technical jargon into clear business advice. Education: Bachelors degree in Forensic Computing, Computer Science, or equivalent practical industry experience. Certifications: Active industry-recognized credentials (e.g., EnCE, CFCE, CCE) are highly desirable. Flexibility: Right to work in the UK, ability to commute to the London office 12 days a week, and willingness to travel internationally at short notice. About Brimstone Consulting: We specialise in finding highly qualified staff in the following areas: Forensic Accounting & Fraud - (AML/CTF, Investigation, CFEs etc.); Legal and LegalTech (E-Discovery, Digital Forensics, EDRM); Big Data and Data Analytics - (MI/BI/CI); InfoSec and Cyber Crime; Audit; Accountancy and Finance; FinTech (Payments etc.); Risk - (Credit, Regulatory, Liquidity, Market, Analysts - SAS, SPSS etc.); Compliance/Corporate Governance; IT - (full SDLC- BAs PMs , Architects, Developers etc.) Brimstone Consulting acts as an employment agency (permanent) and as an employment business (temporary) - a free and confidential service to candidates. Brimstone Consulting is an equal opportunities employer. Due to time constraints we can only reply to applicants that match our clients specifications. We may store applications in our cloud storage facilities that may include dropbox. end JBRP1_UKTJ
08/06/2026
Full time
Digital Forensics Manager or Senior Manager Location: London (Hybri/London) Position Type: Full-time, Permanent Experience Level: 612+ years of proven industry experience About the Firm We are a leading global legal technology and advisory firm specialising in expert eDiscovery, regulatory compliance, and investigative services. Our international Digital Forensics team operates as a highly collaborative, cross-border unit. We combine deep technical expertise with shared global standards to deliver consistent, high-impact results for complex corporate investigations and international litigation. The Role We are seeking an experienced Digital Forensics Manager or Senior Manager to join our growing London team. This is a hands-on technical leadership role designed for an established professional currently operating at a managerial level. You will stay close to the technical detail while leading the execution of complex forensic investigations, data collections, and defensible preservation strategies across global regulatory and corporate matters. Key Responsibilities Client Advisory & Project Leadership Strategic Consulting: Lead scoping and strategy discussions with corporate clients, regulators, and external counsel. End-to-End Management: Independently manage multiple concurrent forensic matters from initial data mapping to final delivery. Risk Mitigation: Identify technical and delivery risks early, coordinating with regional Team Leads to ensure swift resolution. Global Collaboration: Work seamlessly with international counterparts to maintain cross-border methodology and quality standards. Hands-On Technical Execution Cloud Forensics: Conduct scoping and defensible collections across Microsoft 365, Google Workspace, and Azure. Mobile Device Forensics: Perform advanced mobile acquisitions using industry-standard tools like Cellebrite Premium and Magnet GreyKey. Computer Forensics: Execute logical and physical data acquisitions from macOS and Windows environments. Deep File System Analysis: Apply deep knowledge of NTFS, APFS, HFS+, and FAT/exFAT systems to data interpretation. Technical Troubleshooting: Resolve complex issues regarding encryption, extraction failures, and data integrity. On-Site Operations & Travel Global Deployments: Lead domestic and international on-site data collections, often involving senior executives and sensitive environments. High-Pressure Execution: Adapt quickly to unfamiliar corporate environments and cultures while maintaining strict discretion. Team Leadership & Quality Control Mentorship: Act as a technical escalation point and mentor for Senior Analysts to drive their professional growth. Quality Assurance: Conduct rigorous technical quality reviews to ensure strict, legally defensible forensic best practices. What This Role Offers Impactful Scale: Lead high-profile, cross-border forensic engagements for Fortune 500 clients and top-tier law firms. Innovation: Shape regional workflows, test emerging tools, and validate forensic approaches for new data sources. Merit-Based Growth: Advance your career through transparent, performance-driven progression free from artificial corporate hierarchies. Professional Support: Financial and operational backing to maintain and advance your industry certifications (EnCE, CFCE, etc.). Requirements Experience: 6 to 12+ years of dedicated experience in digital forensics, expert witness, or corporate investigation services. Technical Mastery: Proven ability to independently execute and troubleshoot complex collections across cloud, mobile, and computer sources. Consultative Mindset: Confidence to advise C-suite executives and external counsel, translating technical jargon into clear business advice. Education: Bachelors degree in Forensic Computing, Computer Science, or equivalent practical industry experience. Certifications: Active industry-recognized credentials (e.g., EnCE, CFCE, CCE) are highly desirable. Flexibility: Right to work in the UK, ability to commute to the London office 12 days a week, and willingness to travel internationally at short notice. About Brimstone Consulting: We specialise in finding highly qualified staff in the following areas: Forensic Accounting & Fraud - (AML/CTF, Investigation, CFEs etc.); Legal and LegalTech (E-Discovery, Digital Forensics, EDRM); Big Data and Data Analytics - (MI/BI/CI); InfoSec and Cyber Crime; Audit; Accountancy and Finance; FinTech (Payments etc.); Risk - (Credit, Regulatory, Liquidity, Market, Analysts - SAS, SPSS etc.); Compliance/Corporate Governance; IT - (full SDLC- BAs PMs , Architects, Developers etc.) Brimstone Consulting acts as an employment agency (permanent) and as an employment business (temporary) - a free and confidential service to candidates. Brimstone Consulting is an equal opportunities employer. Due to time constraints we can only reply to applicants that match our clients specifications. We may store applications in our cloud storage facilities that may include dropbox. end JBRP1_UKTJ
Senior IT Auditor (Internal) Department: Outsourced Business Services Employment Type: Full Time Location: Birmingham Office Description We have a great opportunity for an IT Senior Auditor (Internal) to join our team in the Birmingham office. This role involves covering a wide range of operational and information technology audits, including the planning and oversight of complex audits and project management tasks such as managing, reviewing and analysing the work of the team. You'll work predominantly with not-for-profit public sector businesses and organisations to evaluate how well ICT risks are being managed, how the business is running, and whether current internal processes are sufficient or could be improved. Key Responsibilities Support the end-to-end delivery of Internal IT Audit services in support of our Risk, Assurance and Advisory service line. Apply experience gained in public and other sectors. Supervise junior members of the team on a daily basis in the delivery of IT audits. Provide expertise in topical technology based risks such as cyber, data privacy, IT transformation, IT projects, cloud computing and their audits. Carry out IT audits such as Change Management, Information Security, Disaster Recovery and Backups, IT Service Management, and Application Controls. Possess understanding and/or experience of applications such as SAP, Oracle and other ERP systems. Support the management team in business development, operational and people related activities and initiatives. Skills, Knowledge & Expertise Minimum 3 years of experience in a similar role in practice or industry, and prepared to study for the CISA qualification from ISACA. Strong communication skills, positive can do attitude, and proficiency in Microsoft Office. Experience in internal audit within public or not for profit sectors is a bonus. Candidates should be able to work independently and collaboratively, build trust with colleagues and clients, and deliver high quality service. At least 12 months of internal audit experience will be required to take responsibility for assignments, produce clear reports and contribute to process improvement. More experienced candidates may support managers and develop junior team members. Job Benefits Career Development - learning opportunities and career coaching to achieve personal goals. Competitive Benefits - private medical cover, pension matching and enhanced parental leave. Flexibility - agile working embedded in the culture. Perks - volunteering days, wellbeing initiatives and more.
08/06/2026
Full time
Senior IT Auditor (Internal) Department: Outsourced Business Services Employment Type: Full Time Location: Birmingham Office Description We have a great opportunity for an IT Senior Auditor (Internal) to join our team in the Birmingham office. This role involves covering a wide range of operational and information technology audits, including the planning and oversight of complex audits and project management tasks such as managing, reviewing and analysing the work of the team. You'll work predominantly with not-for-profit public sector businesses and organisations to evaluate how well ICT risks are being managed, how the business is running, and whether current internal processes are sufficient or could be improved. Key Responsibilities Support the end-to-end delivery of Internal IT Audit services in support of our Risk, Assurance and Advisory service line. Apply experience gained in public and other sectors. Supervise junior members of the team on a daily basis in the delivery of IT audits. Provide expertise in topical technology based risks such as cyber, data privacy, IT transformation, IT projects, cloud computing and their audits. Carry out IT audits such as Change Management, Information Security, Disaster Recovery and Backups, IT Service Management, and Application Controls. Possess understanding and/or experience of applications such as SAP, Oracle and other ERP systems. Support the management team in business development, operational and people related activities and initiatives. Skills, Knowledge & Expertise Minimum 3 years of experience in a similar role in practice or industry, and prepared to study for the CISA qualification from ISACA. Strong communication skills, positive can do attitude, and proficiency in Microsoft Office. Experience in internal audit within public or not for profit sectors is a bonus. Candidates should be able to work independently and collaboratively, build trust with colleagues and clients, and deliver high quality service. At least 12 months of internal audit experience will be required to take responsibility for assignments, produce clear reports and contribute to process improvement. More experienced candidates may support managers and develop junior team members. Job Benefits Career Development - learning opportunities and career coaching to achieve personal goals. Competitive Benefits - private medical cover, pension matching and enhanced parental leave. Flexibility - agile working embedded in the culture. Perks - volunteering days, wellbeing initiatives and more.
About CFGI CFGI is a global consulting firm that helps organisations navigate complex business challenges with confidence. With a strong presence in the UK, we partner with companies across industries to deliver best-in class advisory services in accounting, risk, cyber security, technology, and business transformation. We pride ourselves on combining technical expertise with a practical, hands on approach, helping our clients strengthen resilience, meet regulatory requirements, and stay ahead in an increasingly digital and risk driven landscape. Technical and Domain Experience Conduct cybersecurity maturity and risk assessment and for clients Practical experience implementing security controls, in areas such as MDR, IAM, Network Security, Cloud Deployments Advise clients on cybersecurity strategy, metrics and reporting for various levels of stakeholders, including Audit Committees and Board of Directors Build risk management practices for clients, including policies, procedures, Risk Register, etc. Previous experience as a systems administrator, systems engineer, or security analyst Understanding of operating system hardening principles, network design principles, and systems security Guide clients in establishing cybersecurity policies, standards, and procedures Manage cybersecurity training & awareness services for clients from design to implementation Understanding of security analysis, security events, and penetration testing Soft Skills Strong interpersonal and communication skills; experience with cross cultural communications Calmness and clarity of thought under pressure and ability to maintain positive attitude Agile and flexible, capable of dealing with ambiguity, and confronting challenges and opportunities with speed, endurance, and decisiveness Confidence to manage upwards, provide forward thinking ideas and actively participate in improving CFGI's cyber offering Technical Qualifications and Certifications Industry certifications are preferred, but not required: CISSP, CISM, etc. Technology specific qualifications in technology or security solutions Years Experience Whilst we will judge the quality of candidates not their time served in the industry, a good gauge for this role would be around 5 years' experience in technology and security related fields Your experience does not have to be purely cyber security consulting. We believe individuals with practical skillsets from in house roles, broader technology management or GRC, for example, would be well placed in our team We know great candidates bring a mix of skills and experiences, you don't need to have done everything listed in this job description to apply
08/06/2026
Full time
About CFGI CFGI is a global consulting firm that helps organisations navigate complex business challenges with confidence. With a strong presence in the UK, we partner with companies across industries to deliver best-in class advisory services in accounting, risk, cyber security, technology, and business transformation. We pride ourselves on combining technical expertise with a practical, hands on approach, helping our clients strengthen resilience, meet regulatory requirements, and stay ahead in an increasingly digital and risk driven landscape. Technical and Domain Experience Conduct cybersecurity maturity and risk assessment and for clients Practical experience implementing security controls, in areas such as MDR, IAM, Network Security, Cloud Deployments Advise clients on cybersecurity strategy, metrics and reporting for various levels of stakeholders, including Audit Committees and Board of Directors Build risk management practices for clients, including policies, procedures, Risk Register, etc. Previous experience as a systems administrator, systems engineer, or security analyst Understanding of operating system hardening principles, network design principles, and systems security Guide clients in establishing cybersecurity policies, standards, and procedures Manage cybersecurity training & awareness services for clients from design to implementation Understanding of security analysis, security events, and penetration testing Soft Skills Strong interpersonal and communication skills; experience with cross cultural communications Calmness and clarity of thought under pressure and ability to maintain positive attitude Agile and flexible, capable of dealing with ambiguity, and confronting challenges and opportunities with speed, endurance, and decisiveness Confidence to manage upwards, provide forward thinking ideas and actively participate in improving CFGI's cyber offering Technical Qualifications and Certifications Industry certifications are preferred, but not required: CISSP, CISM, etc. Technology specific qualifications in technology or security solutions Years Experience Whilst we will judge the quality of candidates not their time served in the industry, a good gauge for this role would be around 5 years' experience in technology and security related fields Your experience does not have to be purely cyber security consulting. We believe individuals with practical skillsets from in house roles, broader technology management or GRC, for example, would be well placed in our team We know great candidates bring a mix of skills and experiences, you don't need to have done everything listed in this job description to apply
Cyber & IT Presales Consultant Remote (UK Midlands or South based) Up to £51,500 base / OTE £75,000 Shape the future of cyber security sales at one of the UK's fastest-growing tech businesses. Focus Group is a £300m-revenue, 1,300-strong technology services company - and we're on a serious growth trajectory. Backed by Hg Capital and valued at over $1bn, we serve 30,000 SME customers across the UK and are investing heavily in expanding our cyber security capability. This is a genuine opportunity to make your mark. The role We're looking for a Cyber Presales Consultant to join our growing Presales function. This is a predominantly cyber-focused role - if you live and breathe cyber security and love the buzz of translating complex technical solutions into compelling business cases, you'll thrive here. You'll be the technical authority in the sales process for cyber engagements - working alongside our Business Development Managers and Account Managers to scope, design and present cyber security solutions to prospects and existing customers. From discovery workshops and proposal development through to customer facing presentations, you'll own the technical narrative and help close deals. This isn't a back office role. You'll be customer facing, commercially minded, and central to Focus Group's presales centre of excellence in the MSP/MSSP market. What you'll be doing Running presales discovery calls and workshops to uncover security gaps, threat exposure, and compliance obligations. Designing technically accurate, commercially sound cyber proposals. Positioning the right solutions - whether that's MDR/EDR, SOC, vulnerability scanning, penetration testing, email security, identity protection, or compliance frameworks like Cyber Essentials, ISO 27001 or PCI DSS. Presenting confidently to both technical and non technical stakeholders. Supporting the wider sales team and mentoring less experienced presales colleagues as we scale. What we're looking for You'll have demonstrable experience in a cyber security presales, consultancy or technical advisory role - ideally within an MSP or MSSP. You'll be equally comfortable in a boardroom and on a technical deep diving call, with the communication skills to match. Familiarity with the Microsoft 365 and Defender suite, security awareness training, and key compliance frameworks is essential. Certifications such as CISSP, CISM, CompTIA Security+ or CySA+ are a bonus, as is knowledge of the MITRE ATT&CK framework. You'll be based in the UK Midlands or South, and comfortable with regular travel to customers and our offices - this role rewards those who build strong relationships in person. What's in it for you Up to £51,500 base salary with an OTE of £75,000. A remote first role with real flexibility. The chance to join a business that's genuinely scaling - with the investment, ambition and support to match. And a Presales team that's being built to be best in class. If you're ready to step into a role where your expertise shapes real outcomes for customers and fuels business growth, we'd love to hear from you.
08/06/2026
Full time
Cyber & IT Presales Consultant Remote (UK Midlands or South based) Up to £51,500 base / OTE £75,000 Shape the future of cyber security sales at one of the UK's fastest-growing tech businesses. Focus Group is a £300m-revenue, 1,300-strong technology services company - and we're on a serious growth trajectory. Backed by Hg Capital and valued at over $1bn, we serve 30,000 SME customers across the UK and are investing heavily in expanding our cyber security capability. This is a genuine opportunity to make your mark. The role We're looking for a Cyber Presales Consultant to join our growing Presales function. This is a predominantly cyber-focused role - if you live and breathe cyber security and love the buzz of translating complex technical solutions into compelling business cases, you'll thrive here. You'll be the technical authority in the sales process for cyber engagements - working alongside our Business Development Managers and Account Managers to scope, design and present cyber security solutions to prospects and existing customers. From discovery workshops and proposal development through to customer facing presentations, you'll own the technical narrative and help close deals. This isn't a back office role. You'll be customer facing, commercially minded, and central to Focus Group's presales centre of excellence in the MSP/MSSP market. What you'll be doing Running presales discovery calls and workshops to uncover security gaps, threat exposure, and compliance obligations. Designing technically accurate, commercially sound cyber proposals. Positioning the right solutions - whether that's MDR/EDR, SOC, vulnerability scanning, penetration testing, email security, identity protection, or compliance frameworks like Cyber Essentials, ISO 27001 or PCI DSS. Presenting confidently to both technical and non technical stakeholders. Supporting the wider sales team and mentoring less experienced presales colleagues as we scale. What we're looking for You'll have demonstrable experience in a cyber security presales, consultancy or technical advisory role - ideally within an MSP or MSSP. You'll be equally comfortable in a boardroom and on a technical deep diving call, with the communication skills to match. Familiarity with the Microsoft 365 and Defender suite, security awareness training, and key compliance frameworks is essential. Certifications such as CISSP, CISM, CompTIA Security+ or CySA+ are a bonus, as is knowledge of the MITRE ATT&CK framework. You'll be based in the UK Midlands or South, and comfortable with regular travel to customers and our offices - this role rewards those who build strong relationships in person. What's in it for you Up to £51,500 base salary with an OTE of £75,000. A remote first role with real flexibility. The chance to join a business that's genuinely scaling - with the investment, ambition and support to match. And a Presales team that's being built to be best in class. If you're ready to step into a role where your expertise shapes real outcomes for customers and fuels business growth, we'd love to hear from you.
Ernst & Young Advisory Services Sdn Bhd
City, Belfast
Manager, Tech, Strategy and Execution, EY Parthenon, Belfast Location: Belfast Other locations: Primary Location Only Date: 9 May 2026 Requisition ID: At EY, we're all in to shape your future with confidence. We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Manager - Tech - Strategy and Execution - EY Parthenon Our Software Strategy Group (Technology deals) team sits within theStrategy and Execution (S&E) team, which is EY's market leading team providing Technology, Operations and Financial advice to corporate and private equity firms who intend to acquire, divest or restructure businesses. The S&E team comprises advisors with specialist commercial, operations, software, technology, cyber, finance and deal / transaction experience from industry, advisory and audit backgrounds. The Technology team has supports Private Equity and corporate clients in their Transaction (M&A) challenges related to Enterprise technology, Cybersecurity and (software) Product Technology: Enterprise technology assesses major technology risks and opportunities related to a transaction across key areas of technology operating models, holistically including technology organisations, enterprise and business systems, infrastructure (server, storage, network, cloud), data, tech spend, strategy and governance Cybersecurity focuses onunderstanding the business operating model, then applying our experience, benchmarks and tools to determine where Cyber is critical to the business, operations, assets and applicable regulations. Product and technology provide investment and acquisition guidance to clients across commercial, product, and technical topics needed to assess and advise software companies or firms utilising proprietary technology The teamhas completed hundreds of successful projects and provides a unique capability to help companies make critical choices and complete successful transactions. As part of EY, you'll have the chance to build a career as unique as you are, with global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The opportunity We are seeking to further expand our team with experienced technology professionals who can understand how technology is deployed and utilised within a target business in addition to applying a critical lens to address key client questions related to technology in a Transaction such as "Is the tech platform fit to scale, or will it impact the value creation plan from day one of ownership?" "What's the true cost and timeline to fix, modernise, or replace the critical technology holding the business back? "How much technical debt are we really buying - and does it threaten the investment thesis?" "Where can technology drive immediate EBITDA uplift through automation, efficiency, or smarter digital capability? "Where are the key risks associated with separating or replacing the technology landscape associated with the Target business?" As a Manager in our team, you will advise clients across all sectors, supporting key decision makers, leading engagement teams including pre-deal diligence, carve-outs & integrations and portfolio reviews. As a senior leader in our business training junior members of the team and leading internal initiatives is a key expectation. Key responsibilities include: Deliver end to end technology due diligence across the full technology estate of a target business - spanning proprietary software, digital products, data, infrastructure, cybersecurity, architecture, and delivery capability - highlighting risks, value drivers, investment requirements, and operational implications. Evaluate carve out complexity and scenario options, assessing dependencies, quantifying standalone and separation costs, and identifying transitional service needs across technology and business functions. Advise clients on separation and integration strategies from sign to close, shaping day 1 readiness, defining interim and target state operating models, identifying execution risks and mitigations, and guiding TSA related decisions to optimise scope, duration, cost, and dependency exit timelines. Develop 100 day integration and transformation plans, outlining synergy opportunities, platform consolidation pathways, and clear routes to value creation. Conduct rapid value creation diagnostics, identifying operational constraints, performance gaps, and cost optimisation levers, and designing actionable plans to capture benefits at speed. Work in multidisciplinary teams and work closely with other EY service lines, partnering with financial, operational, and commercial due diligence teams to deliver cohesive, end to end insights that integrate technical, commercial, and financial perspectives for clients. Lead workstreams, develop junior colleagues, shape internal initiatives, and contribute to the growth of our collaborative, entrepreneurial practice, fostering knowledge sharing and driving ongoing capability development. You will be part of a fast-growing team comprised of a broad cross section of technology professionals where an entrepreneurial culture and team spirit are highly valued. Your key responsibilities As a Manager within our Strategy and Execution team, you would work with our engagement teams in a transaction environment operating under tight M&A timeframes and demands. You will interface with corporate technology teams, CIOs, CTOs, CISOs and Private Equity investment teams to support successful execution of their M&A engagements. Skills and attributes for success You should be familiar with working in a large-scale consulting environment or industry role. You would use your technology and business knowledge to solve client issues and be able to translate technology risk into business or transaction language which non-technical stakeholders can understand. Success in this role requires strong technology insight, analytical discipline, and confident leadership. You should be comfortable working in complexity, engaging senior stakeholders, and using structured, hypothesis led thinking to reach clear, defensible conclusions. Key skills include: Technology implementation, operation or consulting skills i.e. Understanding technology operating models, transformation, value creation and the ability to translate technology for business and investment professionals; Demonstrated aptitude for quantitative and qualitative analysis i.e. Technology financial analysis and effective written and verbal communication skills - a focus on key messages for the relevant stakeholders; Strong teaming , particularly teams with diverse skills and backgrounds, coupled with the ability to lead and develop juniors. Teaming and development are core to EY and the SSG team; and Excellent pro-activity and problem-solving skills Desire to challenge yourself, focus on continued development Adept at building strong working relationships with senior clients, including influence, advice and support to key decision makers Act as a role model and support development of junior team members both on engagements and within internal initiatives To qualify for the role, you ideally are experienced in Professional services / consulting, ideally within M&A Transactions but candidates without M&A experience will be considered Broad knowledge and experience of a typical technology function, including IT, R&D and cyber Working with Private Equity and senior IT stakeholders Experience on complex engagements, including delivery, commercials, resourcing and risk Providing advice to senior clients across multiple industry sectors, supporting key decision makers in developing and executing transactions Delivering high-quality reports and presentations What we are looking for We are growing our team in a sustainable way. That means finding and developing people who can combine technology skills, with an understanding of business impacts and financial analysis. In addition it means carefully maintaining a great team culture and working environment by finding people who are keen to learn pro-actively and from those around them. We want people who are keen to develop their skills further and focus not only on questions relating to "how does the technology work?" but also "why is that technology in use?" You'll be a trusted advisor to our clients and use your deep knowledge of multiple IT technologies to work closely to their needs. Your proven project management and stakeholder management experience will be key to the role. If you're ready to take on a wide range of responsibilities and are committed to seeking out new ways to make a difference, this role is for you. About EY Parthenon EY-Parthenon teams work with clients to navigate complexity by helping them to reimagine their eco-systems, reshape their portfolios and reinvent themselves for a better future. With global connectivity and scale . click apply for full job details
08/06/2026
Full time
Manager, Tech, Strategy and Execution, EY Parthenon, Belfast Location: Belfast Other locations: Primary Location Only Date: 9 May 2026 Requisition ID: At EY, we're all in to shape your future with confidence. We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Manager - Tech - Strategy and Execution - EY Parthenon Our Software Strategy Group (Technology deals) team sits within theStrategy and Execution (S&E) team, which is EY's market leading team providing Technology, Operations and Financial advice to corporate and private equity firms who intend to acquire, divest or restructure businesses. The S&E team comprises advisors with specialist commercial, operations, software, technology, cyber, finance and deal / transaction experience from industry, advisory and audit backgrounds. The Technology team has supports Private Equity and corporate clients in their Transaction (M&A) challenges related to Enterprise technology, Cybersecurity and (software) Product Technology: Enterprise technology assesses major technology risks and opportunities related to a transaction across key areas of technology operating models, holistically including technology organisations, enterprise and business systems, infrastructure (server, storage, network, cloud), data, tech spend, strategy and governance Cybersecurity focuses onunderstanding the business operating model, then applying our experience, benchmarks and tools to determine where Cyber is critical to the business, operations, assets and applicable regulations. Product and technology provide investment and acquisition guidance to clients across commercial, product, and technical topics needed to assess and advise software companies or firms utilising proprietary technology The teamhas completed hundreds of successful projects and provides a unique capability to help companies make critical choices and complete successful transactions. As part of EY, you'll have the chance to build a career as unique as you are, with global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The opportunity We are seeking to further expand our team with experienced technology professionals who can understand how technology is deployed and utilised within a target business in addition to applying a critical lens to address key client questions related to technology in a Transaction such as "Is the tech platform fit to scale, or will it impact the value creation plan from day one of ownership?" "What's the true cost and timeline to fix, modernise, or replace the critical technology holding the business back? "How much technical debt are we really buying - and does it threaten the investment thesis?" "Where can technology drive immediate EBITDA uplift through automation, efficiency, or smarter digital capability? "Where are the key risks associated with separating or replacing the technology landscape associated with the Target business?" As a Manager in our team, you will advise clients across all sectors, supporting key decision makers, leading engagement teams including pre-deal diligence, carve-outs & integrations and portfolio reviews. As a senior leader in our business training junior members of the team and leading internal initiatives is a key expectation. Key responsibilities include: Deliver end to end technology due diligence across the full technology estate of a target business - spanning proprietary software, digital products, data, infrastructure, cybersecurity, architecture, and delivery capability - highlighting risks, value drivers, investment requirements, and operational implications. Evaluate carve out complexity and scenario options, assessing dependencies, quantifying standalone and separation costs, and identifying transitional service needs across technology and business functions. Advise clients on separation and integration strategies from sign to close, shaping day 1 readiness, defining interim and target state operating models, identifying execution risks and mitigations, and guiding TSA related decisions to optimise scope, duration, cost, and dependency exit timelines. Develop 100 day integration and transformation plans, outlining synergy opportunities, platform consolidation pathways, and clear routes to value creation. Conduct rapid value creation diagnostics, identifying operational constraints, performance gaps, and cost optimisation levers, and designing actionable plans to capture benefits at speed. Work in multidisciplinary teams and work closely with other EY service lines, partnering with financial, operational, and commercial due diligence teams to deliver cohesive, end to end insights that integrate technical, commercial, and financial perspectives for clients. Lead workstreams, develop junior colleagues, shape internal initiatives, and contribute to the growth of our collaborative, entrepreneurial practice, fostering knowledge sharing and driving ongoing capability development. You will be part of a fast-growing team comprised of a broad cross section of technology professionals where an entrepreneurial culture and team spirit are highly valued. Your key responsibilities As a Manager within our Strategy and Execution team, you would work with our engagement teams in a transaction environment operating under tight M&A timeframes and demands. You will interface with corporate technology teams, CIOs, CTOs, CISOs and Private Equity investment teams to support successful execution of their M&A engagements. Skills and attributes for success You should be familiar with working in a large-scale consulting environment or industry role. You would use your technology and business knowledge to solve client issues and be able to translate technology risk into business or transaction language which non-technical stakeholders can understand. Success in this role requires strong technology insight, analytical discipline, and confident leadership. You should be comfortable working in complexity, engaging senior stakeholders, and using structured, hypothesis led thinking to reach clear, defensible conclusions. Key skills include: Technology implementation, operation or consulting skills i.e. Understanding technology operating models, transformation, value creation and the ability to translate technology for business and investment professionals; Demonstrated aptitude for quantitative and qualitative analysis i.e. Technology financial analysis and effective written and verbal communication skills - a focus on key messages for the relevant stakeholders; Strong teaming , particularly teams with diverse skills and backgrounds, coupled with the ability to lead and develop juniors. Teaming and development are core to EY and the SSG team; and Excellent pro-activity and problem-solving skills Desire to challenge yourself, focus on continued development Adept at building strong working relationships with senior clients, including influence, advice and support to key decision makers Act as a role model and support development of junior team members both on engagements and within internal initiatives To qualify for the role, you ideally are experienced in Professional services / consulting, ideally within M&A Transactions but candidates without M&A experience will be considered Broad knowledge and experience of a typical technology function, including IT, R&D and cyber Working with Private Equity and senior IT stakeholders Experience on complex engagements, including delivery, commercials, resourcing and risk Providing advice to senior clients across multiple industry sectors, supporting key decision makers in developing and executing transactions Delivering high-quality reports and presentations What we are looking for We are growing our team in a sustainable way. That means finding and developing people who can combine technology skills, with an understanding of business impacts and financial analysis. In addition it means carefully maintaining a great team culture and working environment by finding people who are keen to learn pro-actively and from those around them. We want people who are keen to develop their skills further and focus not only on questions relating to "how does the technology work?" but also "why is that technology in use?" You'll be a trusted advisor to our clients and use your deep knowledge of multiple IT technologies to work closely to their needs. Your proven project management and stakeholder management experience will be key to the role. If you're ready to take on a wide range of responsibilities and are committed to seeking out new ways to make a difference, this role is for you. About EY Parthenon EY-Parthenon teams work with clients to navigate complexity by helping them to reimagine their eco-systems, reshape their portfolios and reinvent themselves for a better future. With global connectivity and scale . click apply for full job details
