Job Description McDonalds has run its business in the UK since 1974 and currently operates over 1500 restaurants across the UK and Ireland, serving almost four million customers each day. McDonalds is one of the UKs largest private sector employers, employing over 170,000 people. Department Overview You will work as part of the Deployment & Testing team which forms part of the wider Technology team for the UK&I and Global business. We are a high energy team, looking for an individual who can add their talent and personality to make us even better. Customers of this role will include: Our Franchisees Change Management Global VMO Cybersecurity and Data Global Technology colleagues in other McDonald's markets Global and Segment product functions. Our supplier partners Duties The Software Management Officer will oversee the entire lifecycle management of software within our corporate and restaurant environments. This includes developing and implementing patching strategies, ensuring a comprehensive understanding of the software lifecycle, and maintaining all software by applying necessary patches. The role involves documenting and communicating Franchisee investments related to software each year, well in advance of the following year's investment cycles. Additionally, the officer is responsible for the administration and management of system tools. Lifecycle Planning and Implementation: Accountable for establishing the strategy, plans, and implementation for lifecycle planning and software asset management across the UK&I restaurant and corporate estate. Annual Investment Programme for Franchisees: Provide Franchisees with an annual investment Programme encompassing all software components in restaurants, ensuring clear communication and planning for the following year's investment cycles. OS and Firmware Patch Deployment: Develop and maintain an ongoing plan for the deployment of operating system (OS) and firmware patches to ensure optimal performance and security of restaurants within the estate. Support Cyber Security Team: Support the Cyber Security team by maintaining and executing plans for the smooth deployment of security patches, contributing to the overall security posture of the organization. Configuration of Images for New Hardware: Accountable for the configuration of images for new hardware versions, ensuring seamless integration and functionality within the technology landscape. Patch and Upgrade Schedule: Maintain an ongoing schedule for all operating system, applications, security patching, and firmware upgrades across the McDonald's UK&I estate, ensuring alignment with business goals. Vendor Management Collaboration: Work collaboratively with senior management and vendor management functions to review technology resources (software), expenses, and software license agreements, ensuring efficient resource utilization. Software System Requirements: Establish and maintain procedures for determining software system requirements, contributing to the effective planning and acquisition of software assets. Procurement and Legal Support: Assist procurement, financial, and legal departments in analyzing budgets, proposals, and vendor contracts for the acquisition, monitoring, and compliance of software assets. Tracking System Maintenance: Oversee the development and maintenance of a tracking system for all software assets, ensuring an accurate inventory and accounting of all assets and their components. Linkage with Budgeting and Procurement: Establish a linkage with budgeting and procurement processes to track asset acquisition, utilization and retirement, providing insights into the financial aspects of software asset management. Global Alignment: Work closely with colleagues in GTIO and GTRM to understand and plan for emerging technologies and implement them within the organization to agreed milestones. Qualifications An individual who understands the importance of building relationships across the business, with excellent communication, curiosity and influencing skills will do well in this role. An attention to detail, an analytical approach and the ability to quickly identify the root cause of issues will be critical to success in the role. Strong planning and organisational skills. Ability to deal tactfully with vendors, suppliers, and contractors who provide a broad spectrum of products and services. Demonstrated competency of Information Technology contract administration, purchasing, or procurement. Expertise with Software Asset Management and licensing models. Familiarity with asset management software (CMDB) and/or inventory tracking systems. Understanding of software licensing models and frameworks. Excellent communication skills, both written and verbal. Ability to present complex or highly technical issues in simple and easy-to-understand formats. Desirable requirements: ServiceNow System Administrator Certified Experience/Knowledge of Snow License Manager CSAM or other software asset management related certification ITIL 3 or 4 Foundation Experience in the food and beverage industry or a similar fast-paced environment.
08/05/2026
Full time
Job Description McDonalds has run its business in the UK since 1974 and currently operates over 1500 restaurants across the UK and Ireland, serving almost four million customers each day. McDonalds is one of the UKs largest private sector employers, employing over 170,000 people. Department Overview You will work as part of the Deployment & Testing team which forms part of the wider Technology team for the UK&I and Global business. We are a high energy team, looking for an individual who can add their talent and personality to make us even better. Customers of this role will include: Our Franchisees Change Management Global VMO Cybersecurity and Data Global Technology colleagues in other McDonald's markets Global and Segment product functions. Our supplier partners Duties The Software Management Officer will oversee the entire lifecycle management of software within our corporate and restaurant environments. This includes developing and implementing patching strategies, ensuring a comprehensive understanding of the software lifecycle, and maintaining all software by applying necessary patches. The role involves documenting and communicating Franchisee investments related to software each year, well in advance of the following year's investment cycles. Additionally, the officer is responsible for the administration and management of system tools. Lifecycle Planning and Implementation: Accountable for establishing the strategy, plans, and implementation for lifecycle planning and software asset management across the UK&I restaurant and corporate estate. Annual Investment Programme for Franchisees: Provide Franchisees with an annual investment Programme encompassing all software components in restaurants, ensuring clear communication and planning for the following year's investment cycles. OS and Firmware Patch Deployment: Develop and maintain an ongoing plan for the deployment of operating system (OS) and firmware patches to ensure optimal performance and security of restaurants within the estate. Support Cyber Security Team: Support the Cyber Security team by maintaining and executing plans for the smooth deployment of security patches, contributing to the overall security posture of the organization. Configuration of Images for New Hardware: Accountable for the configuration of images for new hardware versions, ensuring seamless integration and functionality within the technology landscape. Patch and Upgrade Schedule: Maintain an ongoing schedule for all operating system, applications, security patching, and firmware upgrades across the McDonald's UK&I estate, ensuring alignment with business goals. Vendor Management Collaboration: Work collaboratively with senior management and vendor management functions to review technology resources (software), expenses, and software license agreements, ensuring efficient resource utilization. Software System Requirements: Establish and maintain procedures for determining software system requirements, contributing to the effective planning and acquisition of software assets. Procurement and Legal Support: Assist procurement, financial, and legal departments in analyzing budgets, proposals, and vendor contracts for the acquisition, monitoring, and compliance of software assets. Tracking System Maintenance: Oversee the development and maintenance of a tracking system for all software assets, ensuring an accurate inventory and accounting of all assets and their components. Linkage with Budgeting and Procurement: Establish a linkage with budgeting and procurement processes to track asset acquisition, utilization and retirement, providing insights into the financial aspects of software asset management. Global Alignment: Work closely with colleagues in GTIO and GTRM to understand and plan for emerging technologies and implement them within the organization to agreed milestones. Qualifications An individual who understands the importance of building relationships across the business, with excellent communication, curiosity and influencing skills will do well in this role. An attention to detail, an analytical approach and the ability to quickly identify the root cause of issues will be critical to success in the role. Strong planning and organisational skills. Ability to deal tactfully with vendors, suppliers, and contractors who provide a broad spectrum of products and services. Demonstrated competency of Information Technology contract administration, purchasing, or procurement. Expertise with Software Asset Management and licensing models. Familiarity with asset management software (CMDB) and/or inventory tracking systems. Understanding of software licensing models and frameworks. Excellent communication skills, both written and verbal. Ability to present complex or highly technical issues in simple and easy-to-understand formats. Desirable requirements: ServiceNow System Administrator Certified Experience/Knowledge of Snow License Manager CSAM or other software asset management related certification ITIL 3 or 4 Foundation Experience in the food and beverage industry or a similar fast-paced environment.
Cyber Security Project Manager (M&A) A Global Tech Company requires a Contract Cyber Project Manager who has specific M&A experience to join a fast paced Cyber Programme. Day Rate: £600-£675pd IR35 Status: Outside Travel: 1 day a week in Central London Duration: Initial 6 months This Cyber PM will have the following previous experience: Worked as a Cyber PM delivering M&A or Integration initiatives as part of a Cyber Programme Delivered a broad range of global Cyber Projects covering IAM, SOC, GRC & third party risk Worked within complex enterprise environments - Cloud centric/Saas beneficial Knowledge of Security Frameworks like ISO 27001, NIST etc. Ideally operated at Steerco level
07/05/2026
Full time
Cyber Security Project Manager (M&A) A Global Tech Company requires a Contract Cyber Project Manager who has specific M&A experience to join a fast paced Cyber Programme. Day Rate: £600-£675pd IR35 Status: Outside Travel: 1 day a week in Central London Duration: Initial 6 months This Cyber PM will have the following previous experience: Worked as a Cyber PM delivering M&A or Integration initiatives as part of a Cyber Programme Delivered a broad range of global Cyber Projects covering IAM, SOC, GRC & third party risk Worked within complex enterprise environments - Cloud centric/Saas beneficial Knowledge of Security Frameworks like ISO 27001, NIST etc. Ideally operated at Steerco level
La Fosse Associates is seeking a Contract Cyber Security Project Manager with M&A experience to manage global Cyber projects. This position requires prior experience in delivering M&A initiatives within a Cyber Programme, as well as knowledge of technology frameworks such as ISO 27001 and NIST. Ideal candidates will have operated at the Steerco level and be skilled in various Cyber domains. Located in Greater London, the role offers a competitive day rate of £600-£675 and requires one day of travel in Central London per week.
07/05/2026
Full time
La Fosse Associates is seeking a Contract Cyber Security Project Manager with M&A experience to manage global Cyber projects. This position requires prior experience in delivering M&A initiatives within a Cyber Programme, as well as knowledge of technology frameworks such as ISO 27001 and NIST. Ideal candidates will have operated at the Steerco level and be skilled in various Cyber domains. Located in Greater London, the role offers a competitive day rate of £600-£675 and requires one day of travel in Central London per week.
Infrastructure Security Engineer - Application/ Network experience- Spanish speaking We are currently recruiting for a Infrastructure Security Engineer on a 6 month initial contract. Hybrid basis (2-3 days), office location being London. They are looking for a candidate to take responsibility for leading, guiding, supporting and delivering secure architectural design for the group cyber security maturity programme. They are also looking for a candidate who is able to provide advice and recommendations for the programme. Key Skills Support the integration of new cyber security technologies that meets the next generation threats and can be adopted by the group globally You will be required to travel to the local sites, data centre or multiple offices location in order to complete your tasks for off the network countries. Support global cyber security team to ensure open Continuous Security Improvement Programme (CSIP's) are managed effectively up to closure Information Security Management System (Infrastructure Security Operations). Azure cloud infrastructure and configuration. System Centre Configuration Manager, Operations Manager and Virtual Machine Manager. Microsoft Exchange online Azure and on-premises Active Directory Cyber Incident Management and or Security Forensic experience. Windows Server and Linux Network (WAN, Wi-Fi) and Network Access Control (NAC) management Cloud email security gateway services Server hardware including and CIS controls. Security monitoring, orchestrator and SEIM tools Next-gen application firewalls, anti-malware, cloud proxies and CASB Fluent Spanish Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
02/10/2025
Full time
Infrastructure Security Engineer - Application/ Network experience- Spanish speaking We are currently recruiting for a Infrastructure Security Engineer on a 6 month initial contract. Hybrid basis (2-3 days), office location being London. They are looking for a candidate to take responsibility for leading, guiding, supporting and delivering secure architectural design for the group cyber security maturity programme. They are also looking for a candidate who is able to provide advice and recommendations for the programme. Key Skills Support the integration of new cyber security technologies that meets the next generation threats and can be adopted by the group globally You will be required to travel to the local sites, data centre or multiple offices location in order to complete your tasks for off the network countries. Support global cyber security team to ensure open Continuous Security Improvement Programme (CSIP's) are managed effectively up to closure Information Security Management System (Infrastructure Security Operations). Azure cloud infrastructure and configuration. System Centre Configuration Manager, Operations Manager and Virtual Machine Manager. Microsoft Exchange online Azure and on-premises Active Directory Cyber Incident Management and or Security Forensic experience. Windows Server and Linux Network (WAN, Wi-Fi) and Network Access Control (NAC) management Cloud email security gateway services Server hardware including and CIS controls. Security monitoring, orchestrator and SEIM tools Next-gen application firewalls, anti-malware, cloud proxies and CASB Fluent Spanish Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
Infrastructure Security Engineer - Application/ Network experience We are currently recruiting for a Infrastructure Security Engineer on a 6 month initial contract. Hybrid basis (2-3 days), office location being London. They are looking for a candidate to take responsibility for leading, guiding, supporting and delivering secure architectural design for the group cyber security maturity programme. They are also looking for a candidate who is able to provide advice and recommendations for the programme. Key Skills Support the integration of new cyber security technologies that meets the next generation threats and can be adopted by the group globally You will be required to travel to the local sites, data centre or multiple offices location in order to complete your tasks for off the network countries. Support global cyber security team to ensure open Continuous Security Improvement Programme (CSIP's) are managed effectively up to closure Information Security Management System (Infrastructure Security Operations). Azure cloud infrastructure and configuration. System Centre Configuration Manager, Operations Manager and Virtual Machine Manager. Microsoft Exchange online Azure and on-premises Active Directory Cyber Incident Management and or Security Forensic experience. Windows Server and Linux Network (WAN, Wi-Fi) and Network Access Control (NAC) management Cloud email security gateway services Server hardware including and CIS controls. Security monitoring, orchestrator and SEIM tools Next-gen application firewalls, anti-malware, cloud proxies and CASB Spanish Speaking- desireable Please apply! Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
02/10/2025
Full time
Infrastructure Security Engineer - Application/ Network experience We are currently recruiting for a Infrastructure Security Engineer on a 6 month initial contract. Hybrid basis (2-3 days), office location being London. They are looking for a candidate to take responsibility for leading, guiding, supporting and delivering secure architectural design for the group cyber security maturity programme. They are also looking for a candidate who is able to provide advice and recommendations for the programme. Key Skills Support the integration of new cyber security technologies that meets the next generation threats and can be adopted by the group globally You will be required to travel to the local sites, data centre or multiple offices location in order to complete your tasks for off the network countries. Support global cyber security team to ensure open Continuous Security Improvement Programme (CSIP's) are managed effectively up to closure Information Security Management System (Infrastructure Security Operations). Azure cloud infrastructure and configuration. System Centre Configuration Manager, Operations Manager and Virtual Machine Manager. Microsoft Exchange online Azure and on-premises Active Directory Cyber Incident Management and or Security Forensic experience. Windows Server and Linux Network (WAN, Wi-Fi) and Network Access Control (NAC) management Cloud email security gateway services Server hardware including and CIS controls. Security monitoring, orchestrator and SEIM tools Next-gen application firewalls, anti-malware, cloud proxies and CASB Spanish Speaking- desireable Please apply! Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
The role is primarily research and prototype construction based. Tasked with investigating cutting edge law enforcement capabilities and de-risking future law enforcement capability at both SC and DV level. We develop prototype enrichment and data science platforms so that experimental investigation teams can utilise new Law enforcement capability to test it's effectiveness at combatting serious and organised crime. We share ideas, try new things and produce meaningful and actionable intelligence as part of a diverse contractor development team. We sit directly with the investigators and law enforcement managers, as such any engineer would need to be confident in their ability to communicate directly with the client at both a senior and junior level. This role is 100% client site based. (Vauxhall London) Confident / Proficient in the following technologies / skills: Python Elastic Search Atlassian Suite (Jira, confluence ect) Docker TCP IP stack Communication (we regularly have to explain highly complex internet related technologies In a clear and understandable manor directly to senior and junior investigators) Understanding or Willingness to learn on the job quickly: Low level understanding Packet data (TCP IP stack) Direct Client interaction / expectation management Internet enabling technologies (Proxes, VPNs, VoIP, SSL, DNS, BGP, etc.) Linux Operating systems (configuring and debugging) BPM business process management documentation. This role is part of our National Security business, where we develop operational solutions and deliver mission-critical services to Law Enforcement Agencies and Government departments. Our dedicated engineers and business consultants form multi-disciplinary teams, working together to provide a variety of solutions that help to prevent, protect and pursue criminals involved in serious and organised crime, enhance operational capabilities and deliver digital transformation programmes. Our work is a mix of remote working with some travel to various LEA sites around the UK. We need proactive, solution finding individuals with a can do attitude to join our teams to help solve some of the most difficult challenges so even if this role isn't a perfect fit we'd still love to hear from you! Applicants to this role must be amenable to obtain UK Government security clearance Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance wellbeing. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. About BAE Systems Digital Intelligence We use our intelligence-led insights to help defend Governments, Nations and Societies from cyber-attacks and financial crime. Our customers depend on our evolving capabilities to help them safely grow their organisations. Our unprecedented access to threat intelligence, world-leading analysts and market-leading technology means we can help them to adapt, evolve and stay ahead of the criminals. Division overview: Government At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Our Government business unit houses four of our critical client groups: UK National Security, Global National Security, defence and central government. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating. As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours.
20/09/2022
Full time
The role is primarily research and prototype construction based. Tasked with investigating cutting edge law enforcement capabilities and de-risking future law enforcement capability at both SC and DV level. We develop prototype enrichment and data science platforms so that experimental investigation teams can utilise new Law enforcement capability to test it's effectiveness at combatting serious and organised crime. We share ideas, try new things and produce meaningful and actionable intelligence as part of a diverse contractor development team. We sit directly with the investigators and law enforcement managers, as such any engineer would need to be confident in their ability to communicate directly with the client at both a senior and junior level. This role is 100% client site based. (Vauxhall London) Confident / Proficient in the following technologies / skills: Python Elastic Search Atlassian Suite (Jira, confluence ect) Docker TCP IP stack Communication (we regularly have to explain highly complex internet related technologies In a clear and understandable manor directly to senior and junior investigators) Understanding or Willingness to learn on the job quickly: Low level understanding Packet data (TCP IP stack) Direct Client interaction / expectation management Internet enabling technologies (Proxes, VPNs, VoIP, SSL, DNS, BGP, etc.) Linux Operating systems (configuring and debugging) BPM business process management documentation. This role is part of our National Security business, where we develop operational solutions and deliver mission-critical services to Law Enforcement Agencies and Government departments. Our dedicated engineers and business consultants form multi-disciplinary teams, working together to provide a variety of solutions that help to prevent, protect and pursue criminals involved in serious and organised crime, enhance operational capabilities and deliver digital transformation programmes. Our work is a mix of remote working with some travel to various LEA sites around the UK. We need proactive, solution finding individuals with a can do attitude to join our teams to help solve some of the most difficult challenges so even if this role isn't a perfect fit we'd still love to hear from you! Applicants to this role must be amenable to obtain UK Government security clearance Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance wellbeing. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. About BAE Systems Digital Intelligence We use our intelligence-led insights to help defend Governments, Nations and Societies from cyber-attacks and financial crime. Our customers depend on our evolving capabilities to help them safely grow their organisations. Our unprecedented access to threat intelligence, world-leading analysts and market-leading technology means we can help them to adapt, evolve and stay ahead of the criminals. Division overview: Government At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Our Government business unit houses four of our critical client groups: UK National Security, Global National Security, defence and central government. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating. As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours.
At Jacobs, we'll inspire and empower you to deliver your best work so you can evolve, grow and succeed - today and into tomorrow. With more than 55,000 people in 40 countries, working at Jacobs offers an exciting range of opportunities to develop your career within a supportive and diverse team who always strive to do the right thing for our people, clients and communities. People are Jacobs' greatest asset, and we offer a competitive package to retain and attract the best talent. In addition to the benefits you'd expect, UK employees also receive free single medical cover and digital GP service, family friendly benefits such as enhanced parental leave pay, free membership of employee assistance and parental programmes, plus reimbursement towards relevant professional development and memberships. We also give back to our communities through our Collectively program which incorporates matched-funding, paid volunteering time and charitable donations. Job Purpose / Overview The SZC Chief Information Security Officer (CISO) is responsible for establishing the right security and governance practices and enabling a framework for risk-free and scalable business operations in the Nuclear New Build (NNB) SZC construction and nuclear security business landscape. This is a leadership position and is focused on understanding the security challenges in the current and future state of business operations, mapping learning from NNB Hinkley Point C (HPC) Project and the Technical Services Organisation (TSO) and preparing the SZC Project organisation with the right tools, skills, resources, relationships and capabilities against growing cyber and information security risks. Contextual Information Operating Environment SZC project will be the largest infrastructure project in Europe following HPC. It relies on both Information Technology (IT) and Operational Technology (OT) systems and the information processed by them for safety, security and business continuity. Loss or compromise of Sensitive Nuclear Information (SNI), information subject to Export Control, sensitive commercial information (SCI) or personal information through Computer Network Exploitation (CNE), or compromise of either IT or OT systems through Computer Network Attack present serious and enduring risks to the Project, Delivery partners and Supply Chain. Understanding and mitigating Cyber Security and Information Assurance (CS&IA) risks in the context of a constantly evolving threat landscape is thus fundamental to the success of Construction, design, manufacture and commissioning in addition to business operations, which collectively support the delivery of NNB (SZC) Project. SZC is an 'nth' of a kind replication of HPC Project and the role must support intelligent replication of the security case from HPC, achieved by utilising suitably qualified and experienced personnel (SQEP) resource within the TSO. Framework & Boundaries Maintains key relationships and works closely with the Technical Services Organisation to drive SZC Project Information Security Assurance and provide direction to cyber and information security Delivery Maintains key relationships with SZC IT delivery - IT & IM Digital Services and SZC Digital Systems and Solutions (Civils Works Programme) SZC nuclear baseline role holder Travel to TSO (Barnwood, Gloucester), SZC Project Site Offices (Suffolk) and SZC Project Offices (London) is expected as part of the role. Principal Accountabilities End to End Security Operations - Develop and design a comprehensive Cyber Security and Information Assurance Strategy and Information Security Management System (ISMS) Engage with overall organisational data strategy and advise on the best data management approach, aligning data privacy with business objectives ensuring information security safeguards are effective. Evaluate the Information Technology Threat landscape, devise policies and controls to reduce risk and lead auditing and compliance initiatives. Act as the Intelligent Customer (IC) for End 2 End cyber and information security requirements within all Project contracts Work with the SZC Security Manager to ensure SZC Project overall security arrangements meet the required legislation, standards etc. Manage interface with TSO to develop the Operational Technology (OT) Security Plan, establish policy and define IT requirements including Instrumentation and Control (I&C) as part of the wider CS&IA strategy Manage interface with TSO to procure services of Contract Security Officers to conduct supply chain assurance. Compliance - ensure that security arrangements meet legal obligations; including GDPR, Export Control and Nuclear Industries Security Regulations (NISR) 2003. Human Resources - ensure the appropriate verification checks, security education and training programs and policies for identity and access management are in place. Disaster Recovery and Business Continuity - Ensure compliance with ISO 27001 and develop a robust crisis communication channel, disaster recovery and risk management system in line with ONR (CNSS) Security Functional Security Principles (FSyP) 1, 2, 3, 5 and 7. Documentation - Contribute to a variety of security policy domains associated with compliance, Governance, risk management, incident management and HR management IT and Cyber Security Requirements - Evaluate business opportunities, regulatory requirements and business risks associated with SZC cloud network and all Information Security Projects, defining the optimal trade-off, reporting directly to the board and specifying cyber security, information security and data management requirements internally and through supply chain. Responsible for ensuring that Supply Chain Cyber Security puts in place appropriate Cyber Security and Information Security risk management and assurance that meet the required standards. Manage and hold the interfaces with ONR Civil Nuclear Safeguard and Security (CNSS) for Information Security. Establish priority for the Construction site based Cyber Security and Information Assurance Lead (CS&IA) in risk assessment and assurance of SZC/Delivery Partner and Contractor Information and Operational Technology systems (ICS/SCADA/IoT) on the NNB Gen Co (SZC) Construction site. Support both CS&IA and (CIO) IT & IM Digital Services Cyber Security Leads with specialist Forensic investigation as a result of incident response. Dimensions Reports to Director Safety, Security and Assurance (later this reporting line will switch to the SZC Head of Security) Dotted line reporting to TSO CISO Needs to form a strong relationship with TSO CISO lead spending time at Barnwood (Gloucester) and 90 Whitfield Street (London) to understand Project needs. Leads dotted line report; to the Cyber Security and Information Assurance Lead (Construction Site) and the IT & IM Digital Services Cyber Security Lead (SZC Common Data Environment) - works within .Knowledge, Skills, Qualifications & Experience Essential Knowledge of Civil Nuclear Cyber Security Strategy. Established cyber security credentials. Good working knowledge of applicable international standards and information security frameworks (ISO27001, ISO27017, GDPR, Cyber Essentials Plus). Aware of risk assessment methodologies including ISO27005 and NIST. Educated to degree level (or equivalent) or have a comparable level of practical experience Knowledge and experience of NIS Regulations and Cyber Assessment Framework (CAF). Knowledge of CPNI and NCSC material including assurance of supply chain activities. Knowledge of HMG Security Policy Framework. Confident in own abilities and be able to deliver in a dynamic environment. Proven people and team leadership skills Proven stakeholder management Excellent presentation and communication skills - both written and verbal. The post holder must currently hold or be able to achieve NSV SC. Desirable Experience working in the UK nuclear or regulated industry is highly desirable. Experience in a complex project environment including change control processes. A recognised security certification is desirable e.g. CISMP, Security , CEH. Experienced in specifying, designing and producing technical documentation to exacting standards. Excellent written English, including the preparation of suites of technical documents. Track record of providing innovative solutions within a technically complex environment - ideally within the nuclear sector Technical knowledge of physical, personnel and cyber security management systems and solutions. Experience of National Cyber Security Centre (NCSC) and Centre for the Protection of National Infrastructure (CPNI) methodologies, highly desirable. Experience working in a Project Organisation and/or with a Design Authority Our values stand on a foundation of safety, integrity, inclusion and diversity. We put people at the heart of our business and we truly believe that by supporting one another through our culture of caring, we all succeed. We value positive mental health and a sense of belonging for all employees. Find out more about life at Jacobs. We aim to embed inclusion and diversity in everything we do. We know that if we are inclusive, we're more connected, and if we are diverse, we're more creative. We accept people for who they are, regardless of age, disability, gender identity, gender expression, marital status, mental health, race, faith or belief, sexual orientation, socioeconomic background, and whether you're pregnant or on family leave. This is reflected in our wide range of Global Employee Networks centred on inclusion and diversity - ACE, Careers, Enlace..... click apply for full job details
01/02/2022
Full time
At Jacobs, we'll inspire and empower you to deliver your best work so you can evolve, grow and succeed - today and into tomorrow. With more than 55,000 people in 40 countries, working at Jacobs offers an exciting range of opportunities to develop your career within a supportive and diverse team who always strive to do the right thing for our people, clients and communities. People are Jacobs' greatest asset, and we offer a competitive package to retain and attract the best talent. In addition to the benefits you'd expect, UK employees also receive free single medical cover and digital GP service, family friendly benefits such as enhanced parental leave pay, free membership of employee assistance and parental programmes, plus reimbursement towards relevant professional development and memberships. We also give back to our communities through our Collectively program which incorporates matched-funding, paid volunteering time and charitable donations. Job Purpose / Overview The SZC Chief Information Security Officer (CISO) is responsible for establishing the right security and governance practices and enabling a framework for risk-free and scalable business operations in the Nuclear New Build (NNB) SZC construction and nuclear security business landscape. This is a leadership position and is focused on understanding the security challenges in the current and future state of business operations, mapping learning from NNB Hinkley Point C (HPC) Project and the Technical Services Organisation (TSO) and preparing the SZC Project organisation with the right tools, skills, resources, relationships and capabilities against growing cyber and information security risks. Contextual Information Operating Environment SZC project will be the largest infrastructure project in Europe following HPC. It relies on both Information Technology (IT) and Operational Technology (OT) systems and the information processed by them for safety, security and business continuity. Loss or compromise of Sensitive Nuclear Information (SNI), information subject to Export Control, sensitive commercial information (SCI) or personal information through Computer Network Exploitation (CNE), or compromise of either IT or OT systems through Computer Network Attack present serious and enduring risks to the Project, Delivery partners and Supply Chain. Understanding and mitigating Cyber Security and Information Assurance (CS&IA) risks in the context of a constantly evolving threat landscape is thus fundamental to the success of Construction, design, manufacture and commissioning in addition to business operations, which collectively support the delivery of NNB (SZC) Project. SZC is an 'nth' of a kind replication of HPC Project and the role must support intelligent replication of the security case from HPC, achieved by utilising suitably qualified and experienced personnel (SQEP) resource within the TSO. Framework & Boundaries Maintains key relationships and works closely with the Technical Services Organisation to drive SZC Project Information Security Assurance and provide direction to cyber and information security Delivery Maintains key relationships with SZC IT delivery - IT & IM Digital Services and SZC Digital Systems and Solutions (Civils Works Programme) SZC nuclear baseline role holder Travel to TSO (Barnwood, Gloucester), SZC Project Site Offices (Suffolk) and SZC Project Offices (London) is expected as part of the role. Principal Accountabilities End to End Security Operations - Develop and design a comprehensive Cyber Security and Information Assurance Strategy and Information Security Management System (ISMS) Engage with overall organisational data strategy and advise on the best data management approach, aligning data privacy with business objectives ensuring information security safeguards are effective. Evaluate the Information Technology Threat landscape, devise policies and controls to reduce risk and lead auditing and compliance initiatives. Act as the Intelligent Customer (IC) for End 2 End cyber and information security requirements within all Project contracts Work with the SZC Security Manager to ensure SZC Project overall security arrangements meet the required legislation, standards etc. Manage interface with TSO to develop the Operational Technology (OT) Security Plan, establish policy and define IT requirements including Instrumentation and Control (I&C) as part of the wider CS&IA strategy Manage interface with TSO to procure services of Contract Security Officers to conduct supply chain assurance. Compliance - ensure that security arrangements meet legal obligations; including GDPR, Export Control and Nuclear Industries Security Regulations (NISR) 2003. Human Resources - ensure the appropriate verification checks, security education and training programs and policies for identity and access management are in place. Disaster Recovery and Business Continuity - Ensure compliance with ISO 27001 and develop a robust crisis communication channel, disaster recovery and risk management system in line with ONR (CNSS) Security Functional Security Principles (FSyP) 1, 2, 3, 5 and 7. Documentation - Contribute to a variety of security policy domains associated with compliance, Governance, risk management, incident management and HR management IT and Cyber Security Requirements - Evaluate business opportunities, regulatory requirements and business risks associated with SZC cloud network and all Information Security Projects, defining the optimal trade-off, reporting directly to the board and specifying cyber security, information security and data management requirements internally and through supply chain. Responsible for ensuring that Supply Chain Cyber Security puts in place appropriate Cyber Security and Information Security risk management and assurance that meet the required standards. Manage and hold the interfaces with ONR Civil Nuclear Safeguard and Security (CNSS) for Information Security. Establish priority for the Construction site based Cyber Security and Information Assurance Lead (CS&IA) in risk assessment and assurance of SZC/Delivery Partner and Contractor Information and Operational Technology systems (ICS/SCADA/IoT) on the NNB Gen Co (SZC) Construction site. Support both CS&IA and (CIO) IT & IM Digital Services Cyber Security Leads with specialist Forensic investigation as a result of incident response. Dimensions Reports to Director Safety, Security and Assurance (later this reporting line will switch to the SZC Head of Security) Dotted line reporting to TSO CISO Needs to form a strong relationship with TSO CISO lead spending time at Barnwood (Gloucester) and 90 Whitfield Street (London) to understand Project needs. Leads dotted line report; to the Cyber Security and Information Assurance Lead (Construction Site) and the IT & IM Digital Services Cyber Security Lead (SZC Common Data Environment) - works within .Knowledge, Skills, Qualifications & Experience Essential Knowledge of Civil Nuclear Cyber Security Strategy. Established cyber security credentials. Good working knowledge of applicable international standards and information security frameworks (ISO27001, ISO27017, GDPR, Cyber Essentials Plus). Aware of risk assessment methodologies including ISO27005 and NIST. Educated to degree level (or equivalent) or have a comparable level of practical experience Knowledge and experience of NIS Regulations and Cyber Assessment Framework (CAF). Knowledge of CPNI and NCSC material including assurance of supply chain activities. Knowledge of HMG Security Policy Framework. Confident in own abilities and be able to deliver in a dynamic environment. Proven people and team leadership skills Proven stakeholder management Excellent presentation and communication skills - both written and verbal. The post holder must currently hold or be able to achieve NSV SC. Desirable Experience working in the UK nuclear or regulated industry is highly desirable. Experience in a complex project environment including change control processes. A recognised security certification is desirable e.g. CISMP, Security , CEH. Experienced in specifying, designing and producing technical documentation to exacting standards. Excellent written English, including the preparation of suites of technical documents. Track record of providing innovative solutions within a technically complex environment - ideally within the nuclear sector Technical knowledge of physical, personnel and cyber security management systems and solutions. Experience of National Cyber Security Centre (NCSC) and Centre for the Protection of National Infrastructure (CPNI) methodologies, highly desirable. Experience working in a Project Organisation and/or with a Design Authority Our values stand on a foundation of safety, integrity, inclusion and diversity. We put people at the heart of our business and we truly believe that by supporting one another through our culture of caring, we all succeed. We value positive mental health and a sense of belonging for all employees. Find out more about life at Jacobs. We aim to embed inclusion and diversity in everything we do. We know that if we are inclusive, we're more connected, and if we are diverse, we're more creative. We accept people for who they are, regardless of age, disability, gender identity, gender expression, marital status, mental health, race, faith or belief, sexual orientation, socioeconomic background, and whether you're pregnant or on family leave. This is reflected in our wide range of Global Employee Networks centred on inclusion and diversity - ACE, Careers, Enlace..... click apply for full job details
Cyber Security Project Manager Well known Insurance firm require a Project Manager with Cyber Security Experience to join for an initial 6-month contract. The successful candidate will need to be comfortable working in complex environments and is able to work 100% remotely. The successful Cyber PM will have the following experience: Delivered Multiple Security Projects for a Cyber Transformation Programme Security Project Manager with Co-ordinator experience for a global and complex environment Managed Technical Cyber Resilience projects e.g. DLP, IAM, SOC, SIEM etc Worked for the Insurance Sector or for Highly regulated industries previously Managing projects using Methodologies like Agile and Waterfall. Support the Heads of Security for multiple regions and leaders in Information Security Group with their initiatives/projects Must be delivery focused, able to work with autonomy and manage SME's & BA's *This role is Inside IR35* If interested, please do note hesitate to contact with your CV.
10/11/2021
Contractor
Cyber Security Project Manager Well known Insurance firm require a Project Manager with Cyber Security Experience to join for an initial 6-month contract. The successful candidate will need to be comfortable working in complex environments and is able to work 100% remotely. The successful Cyber PM will have the following experience: Delivered Multiple Security Projects for a Cyber Transformation Programme Security Project Manager with Co-ordinator experience for a global and complex environment Managed Technical Cyber Resilience projects e.g. DLP, IAM, SOC, SIEM etc Worked for the Insurance Sector or for Highly regulated industries previously Managing projects using Methodologies like Agile and Waterfall. Support the Heads of Security for multiple regions and leaders in Information Security Group with their initiatives/projects Must be delivery focused, able to work with autonomy and manage SME's & BA's *This role is Inside IR35* If interested, please do note hesitate to contact with your CV.
