239 jobs found

Cyber Security Specialist (Internal Threat) & Cyber Defense Project Detailed description of work task to be carried out A) Documented assessment to be conducted on usage of existing Cyber Security tools utilization related to internal threat prevention, protection and detection capabilities. B) Recommended adjustments prioritised and implemented. The work to be performed onsite at Bank office location. Must-have knowledge and experience The person must have documented experience working in large scale Cyber Security Insider Threat Program in a Subject Matter Expert role, hands-on experience working with various Cyber Security tools having senior technical & risk skills. The consultant must have documented working experience in EU in the financial sector. The role is subjected to Security Vetting Operations including enhanced background checks + security vetting interview. Nice-to-have knowledge and experience Cyber Security certifications / Proven track record in education in the Cyber Security field

Job Description We are seeking a Cyber Security Analyst - Cloud Security Specialist to help protect Heathrow's cloud infrastructure, applications, and services. They will work as part of the Cyber Security Solutions Team ensuring security is integrated into the design, deployment, and operations of cloud-based systems. This role will involve identifying and mitigating cloud-related security risks, ensuring compliance with industry standards, and driving continuous improvement in cloud security practices. They will help ensure that the organisation's cloud environments are designed, managed, and configured according to the highest Cyber Security principles and that Cloud environments are configured to comply with industry good practice, standards and regulatory requirements. The individual will work closely with cloud specialists across the organisation to provide technical expertise, validate cloud security configurations, and support the overall Cyber Security posture. Your role will involve Cloud Security Strategy and Design: Help develop and implement cloud security frameworks, ensuring that security best practices are integrated into all aspects of cloud infrastructure and services. Cloud Security Operations: Ensure appropriate monitoring, detection, and response to security threats and vulnerabilities within cloud environments is embedded from the outset. Conduct risk assessments and security audits to identify areas of improvement and ensure compliance with regulatory requirements. Incident Response & Forensics: Support incident response efforts in cloud environments, including identifying and investigating security incidents and breaches. Provide technical input and support to root cause analysis and recommend corrective actions. Automation & Optimisation: Automate security controls, monitoring, and response processes to improve operational efficiency and reduce risk in cloud environments. Collaboration & Communication: Work closely with development teams, DevOps, and other stakeholders to implement security controls in cloud infrastructure. Provide clear and concise communication to both technical and non-technical stakeholders regarding security risks, incidents, and resolutions. Compliance & Governance: Ensure adherence to regulatory requirements and industry standards within cloud environments. Assist with audits and ensure security governance is in place. Continuous Improvement: Stay up-to-date with emerging cloud security trends and vulnerabilities. Continuously evaluate and enhance security practices to keep up with evolving cloud technologies and threats. These skills are essential Strong experience of hands-on technical experience in Cloud security engineering, with a proven track record of securing cloud environments. Solid experience with cloud architecture, security protocols, and secure cloud configurations. Proven track record of providing Cyber Security guidance on cloud application design, implementation, and ongoing management. Experience in ensuring compliance with industry standards and regulations related to cloud security (e.g., NIST, ISO 27001, PCI-DSS, GDPR). Experience working with cross-functional teams and collaborating with development engineers, Cyber Security specialists, and other internal stakeholders to ensure cloud security. Deep knowledge of cloud platforms and services (Azure, Google Cloud). Experience of security Cloud platforms including Salesforce. Expertise in cloud security tools and technologies (e.g., Shield, Azure Security, SCCP, Wiz, Guard). Strong understanding of web application and cloud firewalls, encryption, identity and API security. Experience with automation tools (e.g., Terraform, Ansible, CloudFormation) for securing cloud infrastructure. Ideally, you'll have Experience with network security in cloud environments (e.g., AWS, Azure) and hybrid network configurations. Experience with DevSecOps practices, secure coding, and cloud-native application security. Familiarity with containerisation technologies (e.g., Docker, Kubernetes) and their security implications.

Why work for us? A career at Janus Henderson is more than a job, it's about investing in a brighter future together. Our Mission Janus Henderson's mission is to help clients define and achieve superior financial outcomes through differentiated insights, disciplined investments, and world class service. We do this by protecting and growing our core business, amplifying our strengths and diversifying where we have the right. Our Values Clients Come First - Always Execution Supersedes Intention Together We Win Diversity Improves Results Truth Builds Trust If our mission, values, and purpose align with your own, we would love to hear from you! Your opportunity Policy Development and Management Develop and maintain comprehensive cybersecurity policies and procedures. Ensure these policies align with industry standards and regulatory requirements. Assist in the integration of security practices and controls across various technical and non technical departments, enhancing workflow and operational processes. Risk Management Conduct regular risk assessments to help identify vulnerabilities and threats. Collaborate and oversee the implementation of risk mitigation strategies. Monitor emerging threats and evolving technologies to continuously refine risk assessment protocols. Design and evaluate control metrics for assessing the effectiveness of cybersecurity measures. Collaborate with Enterprise Risk Management to embed cyber risk into broader risk registers and board level reporting. Compliance Management Monitor and ensure compliance with internal policies, industry standards, and regulatory requirements. Engage with required stakeholders in Technology, Legal, Compliance and Internal Audit as required. Compile and deliver detailed compliance reports to senior management. Monitor upcoming regulations and prepare compliance roadmaps. Training and Awareness Support and enhance engaging cybersecurity awareness training programs. Foster a company wide culture of cybersecurity awareness. Keep current with the latest cybersecurity trends and best practices to inform training content and security measures. Train and guide wider tech team members on best practices in cybersecurity risk management. Incident Management Actively participate in the response to security incidents. Support post incident evaluations and reporting. Collaborate with relevant stakeholders to devise and enforce corrective measures aimed at bolstering defences against future incidents. Stakeholder Engagement Maintain clear and effective communication with stakeholders at all levels. Provide expert guidance on cybersecurity best practices. Work collaboratively with Technology and other departments to achieve comprehensive security objectives. Must have skills Bachelor's Degree in Information Technology, Cybersecurity, or a related field; equivalent work experience also considered. 3 to 5 years of professional experience in information security. Certification such as Certified Information Systems Security Professional (CISSP) strongly preferred. Deep understanding of cybersecurity principles, frameworks (such as NIST, ISO/IEC 27001), and compliance standards. Experience with financial service regulations and regulations such as FCA, SEC, MAS, DORA. Proficient knowledge of network security principles and controls such as firewalls, IPS/IPD, TCP/IP, DHCP, and DNS. Extensive experience in securing operating systems such as Windows, UNIX/Linux and Mac systems, including security access rights, implementing configuration best practices. Knowledge of cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, community) and experience in implementing and managing cloud security best practices. In depth knowledge of IAM principles and technologies to manage digital identities and control user access, and experience with Single Sign On (SSO), Multi Factor Authentication (MFA), and role based access control (RBAC) systems to enhance security and operational efficiency. Understanding of Secure DevOps/CI/CD pipeline governance. No supervisory responsibilities. You will be expected to understand the regulatory obligations of the firm, and abide by the regulated entity requirements and JHI policies applicable for your role. At Janus Henderson Investors we're committed to an inclusive and supportive environment. We believe diversity improves results and we welcome applications from candidates from all backgrounds. Don't worry if you don't think you tick every box, we still want to hear from you! We understand everyone has different commitments and while we can't accommodate every flexible working request we're happy to be asked about work flexibility and our hybrid working environment. If you need any reasonable accommodations during our recruitment process, please get in touch and let us know at . LN2 HYBRID Janus Henderson (including its subsidiaries) will not maintain existing or sponsor new industry registrations or licenses where not supported by an employee's job functions (as determined by Janus Henderson at its sole discretion). All applicants must be willing to comply with the provisions of Janus Henderson Investment Advisory Code of Ethics related to personal securities activities and other disclosure and certification requirements, including past political contributions and political activities. Applicants' past political contributions or activity may impact applicants' eligibility for this position. Janus Henderson is an equal opportunity /Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. All applications are subject to background checks.

Do you excel at turning complex security findings into scalable fixes that measurably reduce risk? Are you ready to orchestrate multi-team remediation that protects critical platforms and accelerates the delivery of life-changing medicines to patients? In this role, you will be the connective tissue between penetration testing outputs, domain experts, and governance decision makers. You will dissect vulnerabilities to uncover true root causes, translate them into practical remediation plans, and drive them to closure. Your work will directly strengthen the resilience of the technology our scientists and colleagues rely on every day, enabling the business to move faster without compromising safety. You will thrive at the intersection of analysis, execution, and communication-working across networks, cloud, applications, infrastructure, and SaaS to land security by default outcomes. This is a hands on, outcomes focused role where progress is visible in dashboards, reduced risk curves, and fewer repeat findings. Accountabilities Findings Analysis and Root Cause: Review penetration test and assessment findings, break down vulnerabilities to underlying control and process gaps, and identify the most effective remediation steps for each issue Cross Domain SME Collaboration: Partner with experts across network, development, infrastructure, applications, cloud, SaaS, and security to co design and implement remediation solutions that land and scale. Remediation Solutioning and Deployment: Translate analysis into practical changes across configurations, code, and controls; align with organizational security requirements and best practices; drive remediation to closure. Governance Alignment and Exceptions: Map remediation plans to enterprise frameworks and guardrails; prepare decision records and exception rationales; support review boards to achieve secure by default outcomes Risk Based Decisions and Communication: Recommend pragmatic remediations that balance security, usability, performance, and effort; quantify risk reduction and residual risk; tailor strategies and status updates for technical and non technical audiences, including senior leaders. Reporting and Transparency: Produce dashboards and executive summaries showing progress, blockers, and shifts in risk posture; drive cross functional visibility and timely decision making. Scale and Continuous Improvement: Convert recurring patterns into standards, playbooks, and runbooks to accelerate future remediation and reduce repeat findings. Essential Skills/Experience Security gap analysis and remediation solutioning: Demonstrated technical depth to interpret complex findings, identify root causes across controls and processes, and translate them into well designed remediation solution i.e. defining priority actions, guardrails, and success criteria, while prioritizing mitigations using qualitative and quantitative risk analysis. Identity, network, endpoint, and infrastructure remediation: Strong command of cross domain controls and common misconfigurations across IAM (authN/authZ, federation, conditional access, PAM/workload identities), network/segmentation and secure remote access, endpoint/server hardening and vulnerability management, and core cloud/on prem infrastructure-able to diagnose issues, define corrective actions, and drive closure at scale. Cross domain control familiarity: Working knowledge of common issues and fixes across cloud platforms, Kubernetes/containers, SaaS, endpoints, servers, networks, and OT/IoT to partner effectively with SMEs. Relevant certifications in one of the following: CISSP, CISM, CCSP, SABSA, TOGAF, AZ 500, AWS Security Specialty. Highly Desirable Skills/Experience Remediation playbook development: Experience converting findings into stepwise remediation plans, standards updates, and operational runbooks executable at scale. Tooling for remediation: Familiarity with CNAPP/container security, EDR/XDR, SIEM/SOAR, API gateways/WAF, cloud posture management, configuration baselining (e.g., CIS benchmarks), and enterprise SaaS administration to operationalize corrective actions. API and application issue mitigation: Understanding of OAuth2/OIDC, mTLS, token lifecycles, rate limiting, schema validation, WAF/gateway policies, and abuse detection to specify corrective steps. Program execution: Demonstrated orchestration of multi team remediation efforts, managing backlogs, SLAs, and dependencies to deliver outcomes amid competing priorities. Executive and technical communication: Ability to present options, constraints, and risks to senior leaders and SMEs; facilitate decisions and tailor messaging for executive, product, and engineering audiences. Insight to GRC and regulatory frameworks: ISO 27001/27002, NIST CSF , SOC 2, HIPAA, GDPR; control mapping, shared responsibility in cloud, and compliance/risk reporting. AI security and governance familiarity (LLMs/generative AI): data/model provenance, prompt injection defenses, output validation, privacy/PII safeguards, usage guardrails. Identity, Zero Trust, and PAM: Enterprise strategies for identity/federation, conditional access, continuous verification, privileged access, session/credential management, workload identities, and segmentation. Experience mapping attack chains (e.g., MITRE ATT&CK) and selecting controls that degrade adversary paths; ability to quantify risk reduction. Knowledge of legacy to modern migrations (hybrid identity, network segmentation, VDI/Citrix hardening) and deprecation strategies for insecure configurations. Exposure to DevSecOps and automation: Policy as code, IaC/container scanning, golden pipelines, preventative guardrails, drift detection, and detections as code. When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life changing medicines. In person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world. Why AstraZeneca? Here, technologists work shoulder to shoulder with scientists, data experts, and product leaders to unlock the potential of modern platforms, AI, and analytics in service of patients. You will have real ownership to experiment with cutting edge tools, simplify complex environments at scale, and turn bold ideas into tangible outcomes that protect our enterprise and speed discovery. We invest in your growth with coaching, learning, and diverse projects, valuing kindness alongside ambition so you can stretch yourself while making a visible impact across the business. If you are ready to transform analysis into action and reduce risk at scale, submit your application today to help safeguard our platforms and accelerate the delivery of life changing medicines. Date Posted 19-May-2026 Closing Date 01-Jun-2026 Our mission is to build an inclusive and equitable environment. We want people to feel they belong at AstraZeneca and Alexion, starting with our recruitment process. We welcome and consider applications from all qualified candidates, regardless of characteristics. We offer reasonable adjustments/accommodations to help all candidates to perform at their best. If you have a need for any adjustments/accommodations, please complete the section in the application form.

Job Description We are seeking a Cyber Security Analyst - Cloud Security Specialist to help protect Heathrow's cloud infrastructure, applications, and services. They will work as part of the Cyber Security Solutions Team ensuring security is integrated into the design, deployment, and operations of cloud-based systems. This role will involve identifying and mitigating cloud-related security risks, ensuring compliance with industry standards, and driving continuous improvement in cloud security practices. They will help ensure that the organisation's cloud environments are designed, managed, and configured according to the highest Cyber Security principles and that Cloud environments are configured to comply with industry good practice, standards and regulatory requirements. The individual will work closely with cloud specialists across the organisation to provide technical expertise, validate cloud security configurations, and support the overall Cyber Security posture. Your role will involve Cloud Security Strategy and Design: Help develop and implement cloud security frameworks, ensuring that security best practices are integrated into all aspects of cloud infrastructure and services. Cloud Security Operations: Ensure appropriate monitoring, detection, and response to security threats and vulnerabilities within cloud environments is embedded from the outset. Conduct risk assessments and security audits to identify areas of improvement and ensure compliance with regulatory requirements. Incident Response & Forensics: Support incident response efforts in cloud environments, including identifying and investigating security incidents and breaches. Provide technical input and support to root cause analysis and recommend corrective actions. Automation & Optimisation: Automate security controls, monitoring, and response processes to improve operational efficiency and reduce risk in cloud environments. Collaboration & Communication: Work closely with development teams, DevOps, and other stakeholders to implement security controls in cloud infrastructure. Provide clear and concise communication to both technical and non-technical stakeholders regarding security risks, incidents, and resolutions. Compliance & Governance: Ensure adherence to regulatory requirements and industry standards within cloud environments. Assist with audits and ensure security governance is in place. Continuous Improvement: Stay up-to-date with emerging cloud security trends and vulnerabilities. Continuously evaluate and enhance security practices to keep up with evolving cloud technologies and threats. These skills are essential Strong experience of hands-on technical experience in Cloud security engineering, with a proven track record of securing cloud environments. Solid experience with cloud architecture, security protocols, and secure cloud configurations. Proven track record of providing Cyber Security guidance on cloud application design, implementation, and ongoing management. Experience in ensuring compliance with industry standards and regulations related to cloud security (e.g., NIST, ISO 27001, PCI-DSS, GDPR). Experience working with cross-functional teams and collaborating with development engineers, Cyber Security specialists, and other internal stakeholders to ensure cloud security. Deep knowledge of cloud platforms and services (Azure, Google Cloud). Experience of security Cloud platforms including Salesforce. Expertise in cloud security tools and technologies (e.g., Shield, Azure Security, SCCP, Wiz, Guard). Strong understanding of web application and cloud firewalls, encryption, identity and API security. Experience with automation tools (e.g., Terraform, Ansible, CloudFormation) for securing cloud infrastructure. Ideally, you'll have Experience with network security in cloud environments (e.g., AWS, Azure) and hybrid network configurations. Experience with DevSecOps practices, secure coding, and cloud-native application security. Familiarity with containerisation technologies (e.g., Docker, Kubernetes) and their security implications.

QA Engineering Professional Due to the sensitive nature of this role, you will be required to undergo DV (Developed Vetting) level Security Clearance (). An allowance of £5k per annum may be payable monthly while you hold this DV and continue to work in a role that requires that level of security clearance. The terms of this allowance will be made available if you are successful in being recruited into this role. Security isn't always the first thing that comes to mind when you think of BT, but when it comes to keeping everyone safely connected, We Are The Protectors. We deal with thousands of cyber-attacks every day, so that millions of people can safely go about their daily lives and run their businesses. We deliver vital work at scale, with real breadth and impact. We connect for good. You'll be joining a specialist security team that is a trusted partner to governments worldwide, protecting critical national infrastructure and committed to the safety and security of our nation and global communities. Our mission focused work is innovative, inspiring and technologically challenging in a way that makes every day different and stimulating. We provide the opportunity to work on rare projects, with exciting tools and brilliant people. Everyone has access to unparalleled professional and personal development opportunities and your contribution is always valued. Why this job matters BT Group is one of the most critical of all UK Critical National Infrastructure. Our job is simple - protect critical national infrastructure, contributing to teams who are committed to the safety and security of our nation and global communities. This job role is based in London. Onsite (5 days office based). Monday-Friday 37.5 hours. DV Security Clearance is required. Must have lived in UK for 10+ years to obtain clearance. What you'll be doing Undertakes first level diagnostics, diagnosing defects against components using techniques and tools defined in the test strategy, identifies defects against the correct component in multi-component journeys, writes test specifications and test designs (scripts) and runs the test scripts to time cost and quality. Supports the full lifecycle integration testing to support project deliverables. Executes automation, functional, regression and load testing scenarios, applying solutions that validate the functionality of applications. Supports the maintenance of test suites and ensures high-velocity, high-quality production pushes using manual tests. Assesses and suggests ways to mitigate risks that have an impact on the quality of products and services. Essential Skills Software Testing Programming /Scripting Manual /Automated Testing Test Case Design /Writing Functional /Non-Functional Testing What we'd like to see on your CV Test Management tooling experience such as JIRA, Confluence, XRAY Ansible coding experience Experience with automated test tools OSI model awareness Experience of working on complex large scale programmes ISTQB certification Benefits Competitive salary 10% on target bonus (Depending on country based) BT Pension scheme, minimum 5% Employee contribution, BT contribution 10% On-call allowance (Depending on role requirements) 25 days annual leave (not including bank holidays), increasing with service Huge range of flexible benefits including cycle to work, healthcare, season ticket loan World-class training and development opportunities From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It's for all parents, no matter how your family is made up. Enhanced women's health support: including help with menopause symptoms, cancer screenings, period care and more. 24/7 private virtual GP appointments for UK colleagues 2 weeks paid carer's leave World-class training and development opportunities Option to join BT Shares Saving schemes. Discounted broadband, mobile and TV packages Access to 100's of retail discounts including the BT shop Security is one of the fastest growing parts of our global organisation. We are protecting our networks from more than 6,500 cyber attacks each day, investing over £40m in research each year - and in employing nearly 3,000 people, we're also the largest private cyber employer in the UK. With incredible opportunities to learn, develop and grow your skills, we'll invest in you, nurture your potential and shape your future - whatever your background or experience. In today's world, safe and secure digital connections have never been more vital. You'll be joining a global company operating at the forefront of the information age: BT employs 90,000 people in 180 countries. With huge scale, we're capable of achieving great things, striving to be personal, simple, and brilliant for our customers whilst creating an inclusive working environment where people from all backgrounds can succeed. Play your part. Make a difference. We are the Protectors.

Company: Ultra Intelligence & CommunicationsCyber (UK) BusinessPowering DecisionJoin the team redefining defense technology. From engineering systems that save lives to leading programs that change the battlefield-find your place in the future of defense.Cyber BusinessOur Cyber business unit is at the forefront of pioneering advanced cryptographic and key management solutions, facilitating the confidential exchange of vital information for customers operating at both tactical and strategic echelons. Join our team and participate in the innovation that ensures the highest security and trust worldwide.Job DescriptionThe Ultra Engineering function manages a portfolio of specialist capabilities, generating highly differentiated solutions and products by applying electronic, mechanical, and software technologies in demanding and critical environments to meet customer needs.The Software Engineering function in Ultra supports the software development lifecycle consisting of requirements analysis, design, implementation, test and verification in order to deliver software components into projects and products and supports the deployment and maintenance of software components.A professional at this grade applies technical / professional knowledge, making independent judgements based on practice and significant previous experience to support decision making. Often seen as a referral point or more senior team member to escalate more complex problems. Roles will act independently with minimal guidance, and may act as project managers/formal mentors for junior staff.ScopeProvide technical leadership and define, architect, design, develop, document and test embedded and/or application software as part of a software engineering team of 5-20 engineers, within the Cyber UK Business Unit, delivering multiple concurrent research, development and production programmes ranging from tens of £k to several £m. Line management of up to 5 software engineers.Responsible for / Key responsibilitiesArchitect, specify requirements, design, implement and test embedded and/or application software in accordance with the project software development process to ensure high quality and timely software deliverables.Apply object-oriented design techniques to enable code re-use and integration with testing frameworksReview and understand system design artefacts to enable the derivation of software requirements and architecture that meet the high-level system requirements.Design, document, review and maintain the software design using modelling tools such as RSA and EA, ensuring model can be used for accurate code generation as required.Develop and maintain knowledge of best practice development processes, language standards and tools, e.g. TDD/BDD, Continuous Integration, DevSecOps, static and run-time analysis tools, C++ standards and secure software development.Estimate time and effort required for software activities and deliver to these time and effort estimates to ensure cost and schedule adherence.Contribute to the Software Community of Practice by proposing improvements in tools, processes and techniques that support quality and innovation and make the software development more efficient and effective.Actively contribute to and/or lead defined aspects of the project to achieve optimal balance between requirements, schedule and cost.Generate and review technical proposals, and provide accurate estimates for the associated effort, costs and risks, for bids and proposals, leading to contract awards.Mentors and coaches less experienced engineers; shares knowledge willingly and constructively.Reviews and signs off significant technical documents; frequently chairs technical reviews for significant deliverables.May have between 0 and 4 direct reports.Explains technically complex concepts clearly to less technical/involved parties.Manage security of information as defined in the Security manual to ensure compliance with Government regulations.SFIA Programming / software development: Level 2-4SFIA Programming / software development: Level 5Takes technical responsibility across all stages and iterations of software development.Plans and drives software construction activities. Adopts and adapts appropriate software development methods, tools and techniques.Measures and monitors applications of project/team standards for software construction, including software security.Contributes to the development of organisational policies, standards, and guidelines for software development.Role requirementsWilling and able to obtain, and maintain, SC security clearance.Willing and able to obtain, and maintain, DV security clearance (following attainment of SC clearance).Qualifications / skills requiredEssential:Degree in an engineering, mathematical or science-based subject or equivalent experience.Significant experience of at least one of the following;Embedded product development (including bare-metal and RTOSes such as ThreadX, QNX or Linux)Embedded Linux application, kernel and/or driver development.C and C++Significant experience of best practice software development processes/lifecyclesExperience of Object-Oriented Design and Design Patterns such as SOLIDExperience of software testing and design for testDesirable:Master's degree in an engineering, mathematical or science-based subject or equivalent experience.RustJavascript, node.js, react.jsCommunications protocols - e.g. TCP/IPExperience of using version control, continuous integration and automated test tools and frameworksExposure to defensive coding techniques and standards such as MISRAAdvanced knowledge of software engineering practices, methodologies, processes, techniques and technology trendsExperience of DOORS, RSA, Enterprise Architect, UML and SysML to the nature of the programs we deliver for our customers, candidates may need to obtain the relevant security clearance or handle export-controlled material as defined by the role's requirements. Applicants must be able to obtain and maintain the appropriate level of security clearance for the role. Due to the nature of our work, you must be a British Citizen who has been resident in the UK for the past 5 years in order to apply for SC clearance and 10 years for DV. For more information, please visit the UKSV website.Our BenefitsEvery employee is critical to our success, and as such, we offer a range of flexible employee benefits, including:Participation in an Annual Bonus SchemePrivate Medical Cover25 days' holiday (plus Bank Holidays) with the option to buy an extra 5 daysPension Contribution4 x Life Assurance CoverFlexible working hours with opportunity for a 1pm finish on a FridayFlexible benefits including cycle to work scheme, will writing and moreSecurity Clearance Allowance - where relevant and subject to you holding the required security clearanceDiversity, Equity & Inclusion StatementAt Ultra I&C, we are an equal opportunity employer and value diversity and inclusivity. Underpinned by our values, behaviours, and policies, we want you to feel empowered to be the best version of yourself. We also believe that people from different backgrounds and cultures will increase our diversity of thinking, ensuring we successfully deliver to our customers. We, therefore, do not discriminate based on race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We also support requests for flexible working arrangements wherever possible. If you have any issues with your application, please email us at

Group Head of IT Department: IT Employment Type: Full Time Location: London Reporting To: Angus Beaumont Description Harmony is on a mission to be the best life safety partner to work with and for. Rated an 'Outstanding Employer' by Best Companies in 2025, we are only getting bigger and stronger - and we're looking for A-players to help us get there. We are passionate about making a difference and obsessed with quality. Our goal is to build a world where every resident can sleep safely at night, knowing their home is 100% safe. This is a security-first leadership role. You will own cyber security and data protection across the Harmony group (Harmony Fire, Solidcor, Auro Technology) end-to-end - strategy, delivery and BAU - acting as the most senior security voice in the business below the Group IT Director. Cyber Essentials Plus, IASME Cyber Assurance and ISO 27001 sit with you. UK GDPR compliance sits with you as the group's Data Protection Lead (a non-statutory role distinct from a formal DPO appointment). The group's security posture, risk register, incident response and audit defensibility all sit with you. If something has a security or data protection dimension, it lands on your desk first. Security cannot exist in isolation, so you will also run the day-to-day IT function - line-managing the IT Technician, overseeing the helpdesk, vendor stack and infrastructure resilience for around 250 users across three trading entities. Operations exist to deliver a secure platform, not the other way around. IT Project Managers will deliver new systems into the group; you will accept those handovers and operationalise them into BAU only once they meet your security bar. Reporting to the Group IT Director, you will be the security leader the group trusts to keep its people productive, its data protected and its certifications intact through 30% year-on-year growth. This is more than an IT role. It is about bringing the right energy, accountability and resilience to our mission of saving lives through fire and height safety. Key Responsibilities Own the group's cyber security strategy, posture and risk register - the most senior security accountability in the business below the Group IT Director. Lead all formal security certifications end-to-end: Cyber Essentials Plus annual recertification, IASME Cyber Assurance alignment and ISO 27001 ISMS - scoping, risk treatment, Statement of Applicability, internal audits, management review and external audit defence. Apply additional frameworks where they strengthen the group's posture - NIST CSF, CIS Controls, NCSC Cyber Assessment Framework - and embed them into operational practice. Act as the group's Data Protection Lead (not a statutory DPO under UK GDPR Article 37) - own UK GDPR and DPA 2018 compliance, ROPA, DPIAs, retention schedules, DSARs, breach notification, processor agreements and supplier due diligence. Run security operations day-to-day - endpoint protection (Bitdefender GravityZone), conditional access, MFA, identity governance, vulnerability management, and security awareness and phishing simulation programmes via KnowBe4. Lead incident response - triage, containment, recovery, post-incident review and reporting, with playbooks kept current and tested. Oversee security across Auro Technology's software stack - IoT device firmware, cloud platforms, mobile and web applications - partnering with the Auro engineering team on secure SDLC, code review, dependency management, secrets handling and product security posture. Act as the security gatekeeper for IT project handovers - accept newly delivered systems from IT Project Managers into BAU only once documentation, monitoring, support runbooks and security controls meet the group's bar. Run vendor and licensing relationships across the IT and security stack - renewals, commercial negotiation and security due diligence on every new supplier before they are onboarded. Run the day-to-day IT function in service of the security mission - line-manage the IT Technician, oversee the Atera helpdesk, own SLAs and personally take the hardest tickets when they have a security dimension. Maintain infrastructure resilience - backups, disaster recovery, business continuity, identity, network and connectivity - owned, documented and tested. Run secure onboarding and offboarding at scale, keeping identity hygiene and asset control airtight as the group grows. Skills, Knowledge and Expertise An A-player mindset - high standards, extreme ownership and the drive to do things properly, the first time. A security professional first and foremost - your career identity is cyber security and information assurance, not IT generalism that happens to include security. Proven track record leading Cyber Essentials Plus and ISO 27001 (or actively driving towards certification) in a real organisation - not a tabletop exercise. Strong working knowledge of UK GDPR and the Data Protection Act 2018, with hands on experience of DSARs, DPIAs, breach response and supplier DPAs. Deep, hands on Microsoft 365 and Entra ID security experience - conditional access, Intune, identity governance, the Defender stack and security baselines. Demonstrable security operations experience - EDR/XDR, vulnerability management, incident response and security awareness programmes. Pragmatic, hands on operator - comfortable running a helpdesk and line managing an IT Technician alongside the security and compliance remit. Confident commercial mindset - budget ownership, vendor negotiation and the ability to challenge supplier security claims with evidence. Excellent written and verbal communication, able to translate technical risk plainly for non technical leadership and field staff. Right to work in the UK and able to travel between London, Yeovil, Chesterfield, Edinburgh and other group sites as required. Recognised certification - CISSP, CISM, ISO 27001 Lead Implementer or Lead Auditor, Microsoft SC 100 / SC 200 / SC 300. IASME Cyber Assurance experience. Formal Data Protection Officer training or qualification (e.g. PC.dp, BCS Practitioner Certificate in Data Protection). Experience in fire safety, construction, manufacturing or field engineering environments. Familiarity with our wider stack - Salesforce, SimPRO, Unleashed, Supabase, Cloudflare, Microsoft Fabric. Hands on experience with KnowBe4 (or equivalent security awareness and phishing simulation platforms). NIST CSF, CIS Controls or NCSC CAF practical experience. Benefits This is a chance to own cyber security and data protection end-to-end for a three entity group at one of the UK's fastest growing safety specialists - with the autonomy to set the security bar, hold certifications and shape the group's posture as we grow 30% year-on-year. At Harmony, we ask a lot - and we give a lot back. The hours are real, the standards are high and the work is demanding, but for those who show up, deliver and go the extra mile, the rewards follow. A-players here enjoy a competitive salary, a performance bonus tied to successful, on time delivery against roadmap milestones and delivery KPIs, a Personal Development Plan with ongoing training and leadership mentoring, unlimited holiday, private medical insurance, enhanced maternity and paternity, lunch, snacks and refreshments on us every day (fresh fruit and Takeaway Fridays included), a team social budget, cycle to work, an auto enrolment pension, two major company events a year and our Reward and Recognition scheme - including European mini breaks for those who go above and beyond. It is a collaborative, high energy environment focused on doing things the right way - technically, ethically and practically - and none of it is a perk for showing up; it's what we share with the people pulling the business forward. Harmony is an equal opportunity employer. We consider all applicants for employment regardless of age, disability, sexual orientation, gender identity, family or parental status, race, colour, nationality, ethnic or national origin, religion or belief. We want everyone who works with us to feel valued and to make a difference.

Head of Cyber Security, Google Cloud Public Sector London, UK Job Overview As a part of Google Cloud Public Sector UK, you will empower the UK public sector to build a digital first future. You will bridge the gap between innovation and public service, bringing Google Cloud's technology to the mission critical problems of the UK government. Security is paramount for the problems we work on and the customers we work with. In this executive security leadership role, you will drive the delivery of key security programmes for customers, ensuring our cloud services mitigate threats and enable the customers to take full advantage of the opportunities Google Cloud's technologies offer to transform services and mission critical workloads. You will influence top security leaders and their technical representatives through thought leadership, whiteboard sessions, whitepapers, speaking at events, and solving technical problems. You will engage with internal engineering teams to drive product enhancements that meet our customer security needs and partner with the UK based operations teams who build and scale sovereign cloud. You will have extensive experience working in UK public sector security in a complex organisation that has implemented highly secure infrastructure and application platforms through cloud related innovation in highly regulated, high threat environments. You will hold a detailed understanding of one or more of the following aspects of cloud security: security architecture, security operations, security engineering, governance, risk and compliance. Requirements Must be a British citizen to meet compliance and security clearance requirements. Bachelor's degree or equivalent practical experience. 10 years of experience in a technical cyber security role. 5 years of experience in a technical leadership role and in a customer facing role. 5 years of experience in UK public sector, particularly in applying UK government security standards, risk management processes or working in a regulated security environment. Must possess an active Security Check (SC) UK security clearance, and the ability to obtain Developed Vetting (DV) UK security clearance. Preferred qualifications Master's degree in cyber security, computer science, risk management, auditing, or a related field. Experience in undertaking security architecture reviews, identifying and remediating security vulnerabilities in products or systems. Experience in delivering security change programmes or embedding new security practices and technologies in engineering teams. Experience with a wide range of information security standards and certifications, understanding their application as well as their relative strengths and weaknesses (ISO 27000 family, NIST CSF, SOC reports, PCI DSS, etc.). Responsibilities Lead security programmes and workstreams spanning risk, compliance and security delivery as part of wider delivery programmes. Drive initiatives to solve complex problems, both from within Google and through external partners. Set strategy for cyber security, working to incorporate the strategies for specialist areas such as Security Operations (SecOps) and Compliance. Manage the technical and operational constraints and requirements of public sector or other high security customers and advocate for them on product and engineering roadmaps to achieve the outcomes our customers need regarding security. Cultivate executive stakeholder relationships for security across key customers, shaping their security approach, providing advice, and authoring content to respond to their needs, while supporting customer advocacy initiatives from the wider Google organisation in a UK public sector context. Google is proud to be an equal opportunity and affirmative action employer. We are committed to building a workforce that is representative of the users we serve, creating a culture of belonging, and providing an equal employment opportunity regardless of race, creed, color, religion, gender, sexual orientation, gender identity or expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition (including breastfeeding), expecting or parents to be, criminal histories consistent with legal requirements, or any other basis protected by law. See also Google's EEO Policy, Know your rights: workplace discrimination is illegal, Belonging at Google, and How we hire.

Job Description Purpose of the role To keep our customers, clients, and colleagues safe by identifying cyber vulnerabilities across the Bank, using a risk based approach to prioritise them, and to drive effective remediation activity. Accountabilities Allocation of the correct risk rating and remediation prioritisation to a vulnerability based on industry standards for assessment, available threat intelligence concerning exploitation, the reachability of the host (or asset) and the value of the service(s) running on the impacted host. Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting. Element owner of the Vulnerability Management Standard including Issues Management and Regulatory alignment. Communication of vulnerabilities to relevant parties including senior stakeholders, vendors, external security partners and affect business units using reports and dashboards and provide recommendations for improvement in vulnerability management practices. Collaboration with Threat intelligence and Cyber Operations teams to assess and contextualise exposure to latest threat trends and exploits and set appropriate remediation timescales. Definition of requirements and acceptance criteria for the implementation and maintenance of automation tools to streamline vulnerability management processes within operating systems and applications. Reporting of remediation status of Security Assurance Specialist team findings against Key Risk Indicators. Vice President Expectations To contribute or set strategy, drive requirements and make recommendations for change. Plan resources, budgets, and policies; manage and maintain policies/ processes; deliver continuous improvements and elevate breaches of policies/procedures. If managing a team, they define jobs and responsibilities, planning for the department's future needs and operations, counselling employees on performance and contributing to employee pay decisions/changes. They may also lead a number of specialists to influence the operations of a department, in alignment with strategic as well as tactical priorities, while balancing short and long term goals and ensuring that budgets and schedules meet corporate requirements. If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L - Listen and be authentic, E - Energise and inspire, A - Align across the enterprise, D - Develop others. OR for an individual contributor, they will be a subject matter expert within own discipline and will guide technical direction. They will lead collaborative, multi-year assignments and guide team members through structured assignments, identify the need for the inclusion of other areas of specialisation to complete assignments. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions. Advise key stakeholders, including functional leadership teams and senior management on functional and cross functional areas of impact and alignment. Manage and mitigate risks through assessment, in support of the control and governance agenda. Demonstrate leadership and accountability for managing risk and strengthening controls in relation to the work your team does. Demonstrate comprehensive understanding of the organisation functions to contribute to achieving the goals of the business. Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategies. Create solutions based on sophisticated analytical thought comparing and selecting complex alternatives. In depth analysis with interpretative thinking will be required to define problems and develop innovative solutions. Adopt and include the outcomes of extensive research in problem solving processes. Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes. All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship - our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset - to Empower, Challenge and Drive - the operating manual for how we behave. Join our Proactive Defence team as an Enterprise Security Posture Management SME, leading capabilities across Attack Surface Management (ASM), Attack Path Management (APM), and Breach & Attack Simulation (BAS) within the CISO organization. You will drive a proactive, threat informed approach to exposure management, helping the bank identify, prioritise, and reduce exploitable security risk through greater visibility, attack path analysis, and continuous control validation. This role is critical to shifting from reactive vulnerability management to proactive exposure reduction by providing continuous visibility of the attack surface, mapping how attackers can move through the environment, and validating security controls through adversary simulation. In doing so, you will help the organization identify, prioritise, and reduce exploitable security risk in a way that is threat informed, measurable, and directly tied to business impact. To be successful in this role, you should have experience with: Attack surface discovery and asset attribution Ability to continuously identify internet-facing assets, shadow IT, domains, subdomains, certificates, cloud services, APIs, SaaS exposures, third party hosted assets, and assets with unclear ownership Risk based exposure prioritisation Ability to prioritise the most material exposures by combining exploitability, business criticality, asset ownership, threat intelligence, vulnerability data, and likelihood of attack Threat-informed attack surface analysis Ability to enrich attack surface findings with attacker techniques, active exploitation trends, KEV data, offensive security teams findings, and sector specific threat intelligence Highly valued skills for this role include: Hands on experience with EASM/ASM platforms Experience using tools such as external attack surface management, CAASM, vulnerability management, cloud posture, and exposure management platforms Cloud, identity, SaaS, CI/CD and API exposure knowledge Understanding of common attack surface risks across AWS, Azure, GCP, Entra ID, Active Directory, Kubernetes, APIs, internet gateways, and exposed management interfaces Understanding of Breach and Attack Simulation techniques Ability to use BAS outputs to validate whether identified exposures are exploitable, test control effectiveness, simulate attacker behaviours, and support evidence-based prioritisation You may be assessed on the critical skills required for success in this role, including risk and controls, change and transformation, business acumen, strategic thinking, digital and technology, and job specific technical skills. Location : Knutsford.

Job Description Purpose of the role To keep our customers, clients, and colleagues safe by identifying cyber vulnerabilities across the Bank, using a risk based approach to prioritise them, and to drive effective remediation activity. Accountabilities Allocation of the correct risk rating and remediation prioritisation to a vulnerability based on industry standards for assessment, available threat intelligence concerning exploitation, the reachability of the host (or asset) and the value of the service(s) running on the impacted host. Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting. Element owner of the Vulnerability Management Standard including Issues Management and Regulatory alignment. Communication of vulnerabilities to relevant parties including senior stakeholders, vendors, external security partners and affect business units using reports and dashboards and provide recommendations for improvement in vulnerability management practices. Collaboration with Threat intelligence and Cyber Operations teams to assess and contextualise exposure to latest threat trends and exploits and set appropriate remediation timescales. Definition of requirements and acceptance criteria for the implementation and maintenance of automation tools to streamline vulnerability management processes within operating systems and applications. Reporting of remediation status of Security Assurance Specialist team findings against Key Risk Indicators. Vice President Expectations To contribute or set strategy, drive requirements and make recommendations for change. Plan resources, budgets, and policies; manage and maintain policies/ processes; deliver continuous improvements and elevate breaches of policies/procedures. If managing a team, they define jobs and responsibilities, planning for the department's future needs and operations, counselling employees on performance and contributing to employee pay decisions/changes. They may also lead a number of specialists to influence the operations of a department, in alignment with strategic as well as tactical priorities, while balancing short and long term goals and ensuring that budgets and schedules meet corporate requirements. If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L - Listen and be authentic, E - Energise and inspire, A - Align across the enterprise, D - Develop others. OR for an individual contributor, they will be a subject matter expert within own discipline and will guide technical direction. They will lead collaborative, multi-year assignments and guide team members through structured assignments, identify the need for the inclusion of other areas of specialisation to complete assignments. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions. Advise key stakeholders, including functional leadership teams and senior management on functional and cross functional areas of impact and alignment. Manage and mitigate risks through assessment, in support of the control and governance agenda. Demonstrate leadership and accountability for managing risk and strengthening controls in relation to the work your team does. Demonstrate comprehensive understanding of the organisation functions to contribute to achieving the goals of the business. Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategies. Create solutions based on sophisticated analytical thought comparing and selecting complex alternatives. In depth analysis with interpretative thinking will be required to define problems and develop innovative solutions. Adopt and include the outcomes of extensive research in problem solving processes. Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes. All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship - our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset - to Empower, Challenge and Drive - the operating manual for how we behave. Join our Proactive Defence team as an Enterprise Security Posture Management SME, leading capabilities across Attack Surface Management (ASM), Attack Path Management (APM), and Breach & Attack Simulation (BAS) within the CISO organization. You will drive a proactive, threat informed approach to exposure management, helping the bank identify, prioritise, and reduce exploitable security risk through greater visibility, attack path analysis, and continuous control validation. This role is critical to shifting from reactive vulnerability management to proactive exposure reduction by providing continuous visibility of the attack surface, mapping how attackers can move through the environment, and validating security controls through adversary simulation. In doing so, you will help the organization identify, prioritise, and reduce exploitable security risk in a way that is threat informed, measurable, and directly tied to business impact. To be successful in this role, you should have experience with: Attack surface discovery and asset attribution Ability to continuously identify internet-facing assets, shadow IT, domains, subdomains, certificates, cloud services, APIs, SaaS exposures, third party hosted assets, and assets with unclear ownership Risk based exposure prioritisation Ability to prioritise the most material exposures by combining exploitability, business criticality, asset ownership, threat intelligence, vulnerability data, and likelihood of attack Threat-informed attack surface analysis Ability to enrich attack surface findings with attacker techniques, active exploitation trends, KEV data, offensive security teams findings, and sector specific threat intelligence Highly valued skills for this role include: Hands on experience with EASM/ASM platforms Experience using tools such as external attack surface management, CAASM, vulnerability management, cloud posture, and exposure management platforms Cloud, identity, SaaS, CI/CD and API exposure knowledge Understanding of common attack surface risks across AWS, Azure, GCP, Entra ID, Active Directory, Kubernetes, APIs, internet gateways, and exposed management interfaces Understanding of Breach and Attack Simulation techniques Ability to use BAS outputs to validate whether identified exposures are exploitable, test control effectiveness, simulate attacker behaviours, and support evidence-based prioritisation You may be assessed on the critical skills required for success in this role, including risk and controls, change and transformation, business acumen, strategic thinking, digital and technology, and job specific technical skills. Location : Knutsford.

Identity & Access Management Manager This is a unique opportunity to lead and evolve a critical cyber security capability at the heart of Yorkshire Building Society. You'll have the autonomy to shape strategy, build a high-performing team, and embed identity as a core security control while developing your own leadership impact across Technology Services and beyond. This role will operate on a hybrid basis with travel to our Leeds & Bradford Head Offices. About the role As the Identity & Access Management Manager, you will lead the strategic direction and evolution of IAM as a core pillar of the organisation's security posture. Establish and drive the enterprise IAM strategy, ensuring it keeps pace with evolving cyber threats and regulatory expectations Own and embed identity governance and access lifecycle controls across all systems, aligning to risk appetite and secure digital operations Lead the development and maturity of IAM services, tooling, and a specialist team to deliver scalable, high-assurance identity capabilities Provide strategic oversight of privileged access management, including third party providers delivering critical IAM services Act as a senior authority across change and architecture, ensuring identity and access requirements are embedded into all programmes and platforms About you You will bring strong leadership experience and deep expertise in Identity and Access Management, with the ability to operate at both strategic and technical levels. Proven experience shaping IAM strategy, governance frameworks, and influencing senior stakeholders in complex organisations Strong technical expertise across identity architecture, lifecycle processes, and privileged access management (including platforms such as AD and Entra) Ability to lead, develop, and mature high-performing teams within a fast paced cyber security or technology environment Strong understanding of industry standards and frameworks (e.g. ISO 27001, NIST, Zero Trust) and their application to IAM strategy Excellent stakeholder management skills, with the ability to influence across technology, risk, and business functions Benefits Holiday. You'll get 25 days plus Bank Holidays, as well as the option to buy up to a further 5 days. Bonus. At YBS we work collaboratively and share in our success together, so when we reach our goals we're all rewarded with an on target bonus of 7% of eligible pay (with the opportunity to earn up to a maximum 15%). Pension. We know how important it is to save towards the future, that's why we'll contribute up to 11% into your YBS pension. Healthcare. Health and wellbeing are an important part of life at YBS, when you join us you'll have access to a range of health benefits to suit your life including private medical insurance, dental and healthcare plans. My Benefits. When you join YBS you'll have access to our self service benefits portal, where you can access a range of retail, hospitality and health discounts. Please note: This advert will close 12th June.

Manager, Cybersecurity, Privacy, TC, UKI Location: London Other locations: Primary Location Only Date: 4 Mar 2026 Requisition ID: At EY, we're all in to shape your future with confidence. We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help build a better working world. About EY: At EY, we are committed to building a better working world. Our Cybersecurity Consulting Practice is rapidly expanding, and we are investing in our capabilities to meet the increasing demand for cybersecurity solutions. Join us and be part of a global team of over 13,000 professionals dedicated to delivering cutting edge security transformation programs and services. The Opportunity: EY is seeking experienced team members who can provide privacy and data protection services to our clients. This role will see you take a key position in delivering EY's services, leading and managing engagements and client delivery. You will also be expected to take a supporting role in building out EY's privacy and data protection services, defining and supporting go to market activities and advising clients on current market trends. The role will see you providing specialist advice as part of large multi discipline EY engagement teams with a focus on privacy, but with the capability to deliver the likes of data protection, data governance and management and cyber security programmes. This role is primarily privacy focused, however, in addition to the above you will have an opportunity to work across all aspects of cyber consulting, including data governance, strategy, and other areas. Key Responsibilities Lead engagements and build productive relationships with client stakeholders through project delivery. Work across a portfolio of engagements with our clients, responsible for the day to day delivery of engagement activity contributing to the achievement of quality, time and budget targets. Develop the practice by contributing to articles and thought pieces as well as taking part in public speaking engagements at industry events and conferences. Work with prospective clients on the planning and delivery phase of engagements. Create high quality reports as part of a team, for review by engagement and project leaders. Identify sales opportunities and work with senior practice leaders and market leaders in the creation of proposals and marketing material. Develop junior team members by sharing knowledge, mentoring and coaching them and leading by example. Skills and Attributes for Success Professional demeanor with the ability to establish credibility and demonstrate expertise quickly. Excellent communication skills, both oral and written, tailored to diverse audiences. Strong team player who values collaboration and encourages open communication among team members. Proven ability to deliver high quality outputs against project objectives and tight deadlines. Experience in people management, coaching and developing colleagues. To Qualify for the Role, You Must Have Professional experience within a consulting or professional services organisation delivering privacy and data protection engagements, including the ability to understand, assess, design and deliver reviews and assessments, programme enhancements and services to meet UK and global privacy needs alongside data protection programmes such as data governance management, Data Loss Prevention programmes and technology roll outs. Experience of designing remediation programme roadmaps and change including the ability to scope and plan multi year enhancement programmes. Ability and proven delivery experience across areas including risk identification and management, regulatory reporting, maturity assessments and compliance assessments, risk reporting, operating model and strategy. Broader cybersecurity experience beyond privacy and data protection, such as security transformation, solution architecture, cyber resilience, etc. Experience working with others in the development and delivery of complex client solutions and/or proposition development. Ideally, You'll Also Have Privacy related qualifications such as CIPP/E, CIPM, CIPT, ISEB in Data Protection. Experience with privacy tooling such as OneTrust, BigID, Purview and Trust Arc. Experience in managing technologies including DLP, Data Discovery, Classification. Security qualifications such as CISSP, CISM, CISMP, ISO27001 lead implementer or auditor. Sector experience in Government & Public Sector, Energy & Utilities, Retail and Consumer Products, Life Sciences, Telecoms, Media and Technology, or Transport. Please note: The successful candidate must undergo and pass checks in line with SC (Security Check) clearance standards after joining EY. These checks may include, but are not limited to, verification of identity, right to work in the UK, employment history, proof of address and unspent criminal convictions. Candidates must be a UK national or have been a resident in the UK for a minimum of five years and ensure that they have not spent more than six months outside the UK. Join Us: At EY, you'll have the chance to build a meaningful and fulfilling career, supported by an inclusive culture and cutting edge technology. Together, we can create a better working world for all. What we look for: We're interested in people with integrity who can collaborate with others from a diverse range of backgrounds and a growth mindset. What we offer: We offer a competitive remuneration package where you'll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, covering holidays, health and well being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer continuous learning, success as defined by you, transformative leadership and a diverse and inclusive culture. If you can demonstrate that you meet the criteria above, please contact us as soon as possible. Apply Now TCCyberUKI2026 Cyber2026 EY Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

Work with usOur team are passionate in the pursuit of excellence and in pushing the boundaries of cancer therapy and Autoimmune disease to deliver life-changing treatments to patients.Whilst working at Autolus you will enjoy a flexible, diverse and dynamic working environment which actively promotes creativity, leadership and teamwork - together we are ONE Autolus.Job Description:Job Title: Senior Applications Manager (Corporate & Commercial Applications)Reports to Senior Director, Application ManagementDepartment: ITHours: Monday - Friday (core office hours)Location: Mediaworks (London) Hybrid working with occasional travel to StevenageAbout AutolusAutolus is a biopharmaceutical company, advancing innovative therapies at both clinical and commercial stages of development, focused on next-generation, programmed T cell therapies for the treatment of cancer. Using a broad suite of proprietary and modular T cell programming technologies, the company is engineering precisely targeted, controlled, and highly active T cell therapies designed to better recognize cancer cells, break down their defence mechanisms, and eliminate these cells. Autolus has a pipeline of product candidates in development for the treatment of haematological malignancies, solid tumours, and autoimmune diseases.Why AutolusOur team is passionate in the pursuit of excellence and in pushing the boundaries of cancer therapy and autoimmune diseases to deliver life-changing treatments to patients. Whilst working at Autolus you will enjoy a flexible, diverse, and dynamic working environment which actively promotes creativity, leadership and teamwork. In addition to this Autolus is proud to offer a competitive salary, performance related bonus as well as a comprehensive benefits package.Our PromiseAutolus is developing complex, breakthrough therapies for a globally diverse market and equally recognises that diversity amongst our people is critical to our mission. As we draw on our differences, what we've experienced, and how we work, we celebrate diversity and are committed to creating an inclusive environment for all employees.Role SummaryThe Senior Applications Manager is responsible for owning and overseeing a portfolio of enterprise applications, including systems such as CRM, ERP, HRIS, and their associated integrations, which support key corporate and commercial business functions.This role is accountable for ensuring that these applications consistently deliver reliable, high-quality, secure, and cost-effective outcomes for the organisation. While not directly responsible for day-to-day support operations, the role provides strategic direction to service delivery teams and holds them accountable for performance, service quality, and adherence to agreed SLAs and operational standards.A key aspect of the position is maintaining oversight of application health, performance, resilience, and stability across the portfolio, ensuring systems remain fit for purpose, compliant, and aligned with evolving business needs. The role is also responsible for establishing, maturing, and embedding effective governance frameworks and operational rhythms that support the ongoing health, stability, and continuous improvement of applications within a BAU environment. This includes implementing structured review cadences, service governance forums, risk and issue management processes, change oversight, vendor performance management, and KPI reporting mechanisms to drive operational excellence and accountability across the application landscape.The Senior Applications Manager will chair or contribute to governance forums and ensure appropriate controls, policies, and standards are implemented across the application portfolio. This includes ensuring that application changes are assessed, prioritised, approved, and delivered in line with business priorities, regulatory expectations, cybersecurity requirements, and IT governance standards.The role works closely with business stakeholders to understand strategic priorities, shape demand, and ensure application roadmaps, investment decisions, and enhancement activities are aligned with organisational objectives. In addition, the role acts as a key escalation and decision-making point for application-related risks, issues, technical debt, and continuous improvement opportunities across the portfolio.Key ResponsibilitiesSupport Oversight (via Service Delivery)Partner with Service Delivery Managers (SDMs) and support teams to ensure strong application support performanceDefine expectations for support quality, SLAs, and user experienceReview incident trends and ensure systemic issues are identified and resolvedHold vendors and support teams accountable for outcomes, not just activityBusiness Partnering and Demand PrioritizationWork closely with Business Stakeholders (BSOs) to understand day-to-day operational needs.Translate needs into a prioritized backlog based on business impact and urgencyMake clear trade-offs across competing demands and limited capacityEnsure delivery is high quality and cost-conscious, not just fastFinancial Ownership & OptimizationOwn budget for applications, including licenses, vendors, and run costsIdentify and drive opportunities for cost optimization and efficiencyEnsure the application landscape scales in a financially sustainable way as the business growsManage renewals, contracts, and commercial negotiationsVendor & Contract ManagementManage third-party vendors and partners delivering support and enhancementsNegotiate and manage contracts, scope, and commercial termsEnsure vendors are delivering value for money and meeting expectationsDrive accountability and performance improvements where neededData-Driven Decision MakingUse data (ticket trends, usage metrics, cost data, performance metrics) to guide decisionsContinuously reassess priorities and approaches based on new informationBe willing to challenge assumptions and adjust direction when neededIntegration & System Landscape OversightMaintain visibility across integrations between systems (e.g., CRM ERPHRIS)Ensure changes are considered in the context of the broader application ecosystemWork with technical teams to manage dependencies and avoid downstream issuesDemonstrated skills and competenciesE - EssentialP - PreferredExperience7-12+ years working with enterprise applications (CRM, ERP, HRIS, or similar) (E)Experience owning or managing application portfolios, not just individual systems (E)Strong experience managing third-party vendors and commercial relationships (E)Experience working in environments with separate support/service delivery functions (E)Experience in regulated industries (e.g., pharma, biotech, healthcare) (P)Familiarity with compliance requirements (e.g., GxP, SOX) (P)Experience with systems such as Salesforce, Dynamics 365, Workday, or similar (P)QualificationsBachelor's degree in Information Technology, Computer Science, Business Information Systems, or a related discipline (P)Equivalent professional experience may be accepted in place of a degreeSkills/Specialist knowledgeStrong ability to prioritize and make trade-offs across competing business needs (E)Comfortable operating with budget ownership and cost accountability (E)Data-driven mindset with the ability to turn insights into action (E)Excellent stakeholder management and influencing skills (E)Ability to operate across both business and technical contexts (E)Autolus Core CompetenciesFocus on Results: Works to meet business goals set by management and leadersBuilds Trust and Relationships: Ensures trust with internal and external partners by delivering on commitmentsResilience: Has the capacity to recover quickly from difficulties; toughnessCommunicates and Collaborates: Builds partnerships and works collaboratively with others to meet objectivesAutolus is committed to the protection of the personal information that we collect & process and we are fully compliant with General Data Protection Regulations (GDPR).Autolus is committed to providing an inclusive and fair workplace for all. We are an equal opportunity employer and do not discriminate on the basis of race, colour, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other legally protected characteristic. We also provide reasonable accommodations throughout the recruitment process.Autolus' success is driven by equality and inclusion; we believe all voices are of equal value and must be heard. Whilst operating with focus and integrity, we are committed to improving diversity and inclusion within our business and our industry.

Select how often (in days) to receive an alert: Cyber Security Engineer Date: 22 May 2026 Company: Alstom Appointment Basis: Permanent Apply by: 5th June 2026 Salary + Benefits: 45K-55K DOE At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, 86,000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars. Your future role Take on a new challenge and apply your cybersecurity expertise in the new field of Digital Mobility. You'll report to the Cybersecurity & Digital Integration Director UKI and work within a close-knit and agile team that is part of the rail industry's largest and most successful cybersecurity organisation. Care to make a difference? You'll be responsible for the delivery of cybersecurity objectives and deliverables to achieve security outcomes for customers that benefit the safety and resilience of the railway. Day-to-day, you'll work closely with Project Cybersecurity Managers and teams across the business, including product cybersecurity specialists, quality, safety and engineering teams. You'll initially work on the GA Aventra Fleet Maintenance project and will support other projects as the need arises. We'll look to you for system and sub-system cybersecurity design, and assurance activities. Specifically: Analysis of project security needs against applicable standards and regulations to identify target security levels and risk treatment strategies. Definition of cybersecurity architectures and design principles. Performing vulnerability scans, assuring cybersecurity controls, and planning and managing pentest activity Producing cybersecurity deliverables needed for project Gate Reviews. 3rd party management; Providing support for cybersecurity activities during technical design meetings. All about you We understand that industrial cybersecurity is an emerging discipline, and we value passion and attitude over experience. We don't expect you to have every single skill. Instead, we've listed some that we think will help you to succeed and grow in this role: Expertise (or a degree) in a relevant cybersecurity or technical discipline. Experience or good understanding of industrial network security and/or embedded systems. Knowledge of IACS security standards and a working knowledge of information security standards such as ISO2700x, NIST etc. Familiarity with security risk management and IACS reference security architectures; A relevant cybersecurity certification. On a more personal level, you will also need to be: Adaptable and open to change: IACS cybersecurity processes and standards are new and may be subject to change; others are in development. You will need to remain current and embrace the changes that the topic is bringing. Self-motivated with a desire to learn. Able to work independently; A strong team player, with effective interpersonal skills. Things you'll enjoy Join us on a life-long transformative journey - the rail family is here to stay, so you can grow and develop new skills and experiences throughout your career. You'll also: Enjoy stability, challenges and a long-term career free from boring daily routines. Work with new security standards for rail signalling, such as IEC 62443, TS 50701 and IEC PT 63452. Utilise our Agile style of working to collaborate with transverse teams and helpful colleagues on innovative projects. Steer your career in whatever direction you choose across functions and countries. Benefit from our investment in your development, through award-winning learning and our Cybersecurity Academy. Progress towards other senior cybersecurity roles: e.g., Project Cybersecurity Manager, Delivery Head, Regional Cybersecurity Manager or Director; Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive benefits (pension, life ins., medical) You don't need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, you'll be proud. If you're up for the challenge, we'd love to hear from you! Important to note Alstom is an equal opportunity employer committed to creating an inclusive working environment where all our employees are encouraged to reach their full potential, and individual differences are valued and respected. All qualified applicants are considered for employment without regard to race, colour, religion, gender, sexual orientation, gender identity, age, national origin, disability status, or any other characteristic protected by local law. As a 'Disability Confident' employer, we will interview all disabled job applicants who match the essential criteria of the job description or specification. We will consider flexible working requests for all roles unless operational requirements prevent otherwise.

Location:Hybrid - Liverpool, Merseyside (2 days a week on-site) Job Type:Full-time, Permanent (37.5 hours) Salary:Competitive + benefits + package Security Clearance Requirements Please note that holding a current Security Clearance is not essential at the time of application, but eligibility is required. This role requires the successful candidate to be eligible for Security Check (SC) clearance. To meet this requirement, applicants must: Have right to work in the UK Have lived in the UK continuously for the past 5 years Not have spent more than 6 months outside the UK in total during that period Be willing to undergo security vetting as part of the onboarding process About Us Come and be a part of The Investigo Group (TIG), a dynamic coalition of cutting edge tech firms specialising in Platform, Software, Data, AI and other bleeding edge technology solutions. Our innovative prowess spans the globe while proudly hailing from the United Kingdom. The group is multi functional with a large portfolio of B2B products and services. Our ecosystem is made up of: Voixtel, secure communications and voice platforms for regulated and critical environments. IIS, Providing secure internet access in both the public and private sectors. Its mission? To deliver world class secure internet capabilities enhancing productivity across diverse skillsets and organisations. Vestigo Consulting is our training and consultancy company, tailored around specialist sector specific knowledge, and provides regular courses and CPD for our community. The consultancy side concentrates on expert support of our customers as well as specifically assigned individual deployments. Collaboraite is a bleeding edge company that provides our Data and AI capability. A collaborative partner for designing user centred secure data solutions to overcome operational hurdles, delivered through design thinking and agile coaching. The group provides bespoke, secure, user centric products fuelled by deep technical knowledge advanced data and analytical skills. We proudly stand as a global leader in this space, partnering with esteemed entities that require these advanced forward thinking capabilities. These partnerships have been forged from our understanding of customer challenges, as well as our expertise in developing world leading enterprise product sets. Join us at TIG, where innovation knows no bounds, and together, we'll shape the future of technology solutions for a safer, more efficient world. Diversity, Equity, and Inclusion (DEI) are at the heart of The Investigo Group (TIG). We're dedicated to creating a workplace where people from all backgrounds are not only welcome but empowered to excel. We actively seek diverse talent, promote fairness, and foster an inclusive environment where every voice matters, driving innovation and progress in our dynamic tech community. About You You're an experienced Wintel Infrastructure Engineer with a strong background in enterprise Windows environments, identity, authentication, and cloud hosted infrastructure. You're comfortable operating across both strategic infrastructure initiatives and hands on operational support, balancing stability, security, and continuous improvement in fast paced environments. You enjoy solving complex technical challenges, improving resilience and automation, and working collaboratively across engineering, security, architecture, and support teams. You understand the importance of governance, operational standards, and secure by design principles, particularly within customer facing and regulated environments. You're proactive, calm under pressure, and capable of influencing technical direction while mentoring and supporting others within the team. About the Role We're looking for a Lead Wintel Engineer - Cloud to help stabilise, modernise, and evolve our customer facing Wintel and identity platforms. This role focuses heavily on Active Directory, authentication, privileged access management, cloud hosted infrastructure, and operational resilience across the Windows estate. You'll act as a subject matter expert for Wintel and identity services, supporting strategic migration initiatives, improving operational governance, and driving service optimisation through automation and modern infrastructure practices. The role will work closely with architecture, cloud engineering, cyber security, service management, and delivery teams to ensure platforms remain secure, scalable, and aligned to business and customer needs. About the Team You'll be joining our Platform team, responsible for delivering secure, reliable, and high performing infrastructure services across a range of customer facing products and platforms. The Wintel Cloud team provides support across 2nd through to 4th line services, operating in a fast paced environment where collaboration, technical excellence, and customer experience are central to how we work. This is a great opportunity to play a key role in both operational stability and long term infrastructure transformation initiatives as the organisation continues to evolve its cloud and platform capabilities. Key Responsibilities Design, implement, and optimise customer facing Wintel services including Active Directory, authentication, and privileged access management. Act as a subject matter expert (SME) across Wintel and cloud hosted directory services, providing technical leadership and guidance. Lead technical delivery activities relating to Wintel infrastructure, upgrades, migrations, and platform improvements. Track, plan, and coordinate infrastructure upgrades and migration activities while managing operational and delivery risk. Develop and maintain governance standards and operational frameworks for secure Wintel services. Oversee patching, proactive monitoring, health checks, and operational maintenance across Windows infrastructure. Support strategic migration initiatives and cloud transformation projects alongside architecture and cloud engineering teams. Ensure antivirus and EDR tooling is healthy, deployed, and compliant across the Windows estate. Support business continuity and disaster recovery activities, including Veeam administration and recovery planning. Maintain accurate technical documentation to support operational continuity, governance, and audit readiness. Support ISO and compliance related activities through secure operational practices and technical governance. Drive continuous improvement through automation, optimisation, and service review activities. Collaborate with service management and support teams to improve operational efficiency and customer experience. Promote technical excellence, innovation, collaboration, and continuous learning across the wider team. Success in This Role Looks Like Secure, stable, and resilient Wintel and identity services. Successful delivery of infrastructure upgrades, migrations, and transformation initiatives. Strong operational governance and reduced platform risk. Improved automation, monitoring, and operational efficiency. High service availability and improved customer experience. Well documented, supportable, and scalable infrastructure platforms. What We're Looking For We're looking for a Lead Wintel Engineer with strong experience across enterprise Windows infrastructure, identity, authentication, and cloud hosted environments. This role is well suited to someone who enjoys balancing operational excellence with strategic improvement work and is comfortable leading technical initiatives across secure and regulated environments. Essential Experience & Skills Strong experience supporting enterprise Wintel infrastructure environments. Deep understanding of Active Directory, ADFS, DNS, Group Policy, and PKI. Experience with Microsoft 365, Azure, and Windows Server technologies. Strong understanding of Identity and Access Management and Privileged Access Management. Experience managing upgrades, migrations, and operational improvement initiatives. Strong PowerShell scripting and automation experience. Experience with endpoint monitoring, deployment, and operational tooling. Strong troubleshooting, problem solving, and analytical skills. Experience working within secure, regulated, or enterprise scale environments. Strong stakeholder management and communication skills. Microsoft certifications. ITILv4 Foundation or equivalent process/governance certification. CCSK or other security related certifications. Experience with virtualisation technologies such as ESX or KVM. Linux administration or engineering experience. Experience within government, law enforcement, SaaS, or other highly regulated sectors. Additional scripting or automation experience. Soft Skills & Behaviours Strong communicator and collaborative team player. Calm, conscientious, and adaptable under pressure. Process oriented with strong attention to detail. Self motivated with a strong sense of ownership and accountability. Able to influence and guide others effectively. Passionate about technology, innovation, and continuous improvement. Pragmatic and solutions focused approach to problem solving. Private Medical . click apply for full job details