Information Security Specialist Permanent - Up to 75k + strong benefits Location: Hybrid - Leatherhead Your new company: A leading construction and development company in Surrey is currently looking for an Information Security Specialist to come in and support the existing IT Security Manager to improve and maintain their governance, risk and compliance (GRC) capability and help us continually improve our ISO 27001 Information Security Management System (ISMS). The role is full-time, with a hybrid working pattern usually around 2/3 days a week in the office in Leatherhead. Role responsibilities: You will be supporting the IT Security Manager across a broad variety of work. You'll apply hands-on expertise across both public and private sector programmes-particularly UK government and construction. Own and improve our ISMS: Develop, implement and maintain our ISO 27001 aligned ISMS, report on control effectiveness and drive continuous improvement. Run regular security risk assessments and gap analyses to identify vulnerabilities in policies, procedures and configurations, and track remediation. Create and maintain security policies, procedures and controls tailored to construction and government-related projects. Act as the primary liaison to project teams, Build Asset Security Managers and Information Controllers-especially on UK government contracts. Lead audits and reviews to confirm conformance with Wates Professional Standards. Deliver guidance and training on security best practice and supply chain compliance across teams and functions. Conduct supplier due diligence and security assessments, ensuring appropriate third-party controls. Provide monthly Key Risk Indicator (KRI) reporting to the IT Security Manager. You will need: Technical skills and strong communication skills Experience with UK government security requirements and procurement processes. Understanding of construction industry security risks and regulation. Willingness to get stuck in and converse with other business departments. ISO 27001 Lead Implementer or Lead Auditor (mandatory). CISM/CISM would be beneficial but not mandatory. Strong GRC background with proven delivery of ISO 27001 compliant ISMS. Broad knowledge of security frameworks and best practice. Good analytical skills Highly organised and able to implement and manage robust governance processes. To undergo a BPSS, and potentially SC security check. What you'll get in return: This role is available for hybrid working with a typical requirement to work 2 or 3 days per week in the Leatherhead office. Salary up to the 75k mark. 26 days holiday plus bank holidays 8% pension employers' contribution Training budgets PMI Strong maternity and paternity benefits. And more! Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
26/02/2026
Full time
Information Security Specialist Permanent - Up to 75k + strong benefits Location: Hybrid - Leatherhead Your new company: A leading construction and development company in Surrey is currently looking for an Information Security Specialist to come in and support the existing IT Security Manager to improve and maintain their governance, risk and compliance (GRC) capability and help us continually improve our ISO 27001 Information Security Management System (ISMS). The role is full-time, with a hybrid working pattern usually around 2/3 days a week in the office in Leatherhead. Role responsibilities: You will be supporting the IT Security Manager across a broad variety of work. You'll apply hands-on expertise across both public and private sector programmes-particularly UK government and construction. Own and improve our ISMS: Develop, implement and maintain our ISO 27001 aligned ISMS, report on control effectiveness and drive continuous improvement. Run regular security risk assessments and gap analyses to identify vulnerabilities in policies, procedures and configurations, and track remediation. Create and maintain security policies, procedures and controls tailored to construction and government-related projects. Act as the primary liaison to project teams, Build Asset Security Managers and Information Controllers-especially on UK government contracts. Lead audits and reviews to confirm conformance with Wates Professional Standards. Deliver guidance and training on security best practice and supply chain compliance across teams and functions. Conduct supplier due diligence and security assessments, ensuring appropriate third-party controls. Provide monthly Key Risk Indicator (KRI) reporting to the IT Security Manager. You will need: Technical skills and strong communication skills Experience with UK government security requirements and procurement processes. Understanding of construction industry security risks and regulation. Willingness to get stuck in and converse with other business departments. ISO 27001 Lead Implementer or Lead Auditor (mandatory). CISM/CISM would be beneficial but not mandatory. Strong GRC background with proven delivery of ISO 27001 compliant ISMS. Broad knowledge of security frameworks and best practice. Good analytical skills Highly organised and able to implement and manage robust governance processes. To undergo a BPSS, and potentially SC security check. What you'll get in return: This role is available for hybrid working with a typical requirement to work 2 or 3 days per week in the Leatherhead office. Salary up to the 75k mark. 26 days holiday plus bank holidays 8% pension employers' contribution Training budgets PMI Strong maternity and paternity benefits. And more! Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
OT SOC Engineer Basingstoke 28k - 35k + Benefite Hybrid working x2 days in office / x3 days work from home I am recruiting in Basingstoke for an OT SOC Engineer to join the OT SOC team and will report directly into the OT Cybersecurity Services Lead. As an OT SOC Engineer the role will be focused on the day-to-day monitoring of the OT service platform(s) and any other required security applications. You will be the first line of support for clients who have existing support services. The standard working hours for this role are Monday to Friday, 9:00 AM to 5:30 PM. In addition, you will participate in an on-call rotation on a 1-in-4 basis. On-call duties fall outside your regular working hours and run from Monday at 9:00 AM through to the following Monday at 8:59 AM and uou will be paid extra for the on call duites of the OT SOC Engineer. OT SOC Engineer Responsibilities: Continuous / Proactive monitoring of OT security tools (e.g., Nozomi, Fortinet, TXOne) for alerts and anomalies. Acknowledge, analyse and validate alerts triggered from the OT security tools to reduce false positives and escalate genuine incidents. Proactively collaborate with internal engineers and customers to assess operational and BAU alerts, establishing baselines to minimise unnecessary noise within OT service security tools. Triage, investigate, and respond to security incidents, performing root cause analysis and taking steps to mitigate the threat. Take immediate action on potential and identified cyber security incidents in accordance with agreed SLA's and KPI's. Proactively research emerging threats and vulnerabilities to find and address potential weaknesses before they are exploited. Identify potential weaknesses in systems and networks and suggest or help implement preventative measures like firewalls or improved access controls. Escalate incidents to Level 2 OT SOC or OT Cybersecurity Engineers as per service documentation (i.e. Playbooks or Alert/Incident Management processes). Adhere to all internal service-related processes such as Alert & Incident Management processes. Assist with the creation of processes as and when required and to have these align with existing processes. Document incident reports including actions taken in SOC Ticketing systems. Analyse data from logs, network traffic, and forensics to create detailed reports on findings and lessons learned. To be utilised in daily / weekly SOC reports for OT Environments. Management and ownership or service-related documentation such as knowledge bases and playbooks. Provide training to additional or new members of the Business Unit as and when required. Assist with liaising with manufactures or tool set providers regarding product or toolset specific issues. Prepare, maintain, and adhere to procedures for logging, reporting, and statistically monitoring data as directed. Ensuring time is accurately logged against client work, for billing purposes. Identify new technology opportunities to enhance the product and service portfolio. Respond to emergency outages in accordance with business continuity and disaster recovery plans. Adopt a proactive approach towards all client activities. Collaborate with all the Technical Service departments when required to ensure business objectives are met. Support delivery of projects with chosen technologies as and when required. Own personal training plan that is put in place with line manager. Highlight areas for improvement to supervisor where applicable. Ensuring adherence to Management System Manual for Quality (ISO 9001), InfoSec (ISO 27001) and ESG (ISO 14001). Follow established OT security procedures aligned with IEC 62443, NIST CSF, and company policies. Translate complex technical threats into clear business risks for management and collaborate with GRC (Governance, Risk, and Compliance) teams. Work with other SOC analysts, technical teams, and stakeholders to coordinate responses and share information. Provide input on and help optimise security tools, such as EDR/XDR and SIEM platforms. Expectation to assist with other tasks requested by line manager. OT SOC Engineer Desired Skills/Qualifications/Experience The following list highlights the desired skills, qualifications and experience required for the role; however, it is not exhaustive: Degree in Cybersecurity or similar. Experience with Cyber Security Monitoring tools. Experience working in an IT Support or Security/SOC team. Experience working in an OT environment. Understanding or knowledge of devices specific to an OT environment. Understanding of OT specific legislations or regulations such as IEC62443. Basic understanding of: ICS/SCADA systems and OT network architecture. Common OT protocols (Modbus, DNP3, OPC). Experience/Understanding of SIEM/SOAR solutions and OT-specific monitoring platforms (e.g. Nozomi Vantage). Knowledge of network environments (routing/switching/VLANS/Security/Wireless/etc.). Knowledge of Firewalls (IDS/IPS/DPI/WAF/Web Filter/App Control). Knowledge of security concepts (CIA/MITRE ATT&CK Framework/Vulnerabilities). Knowledge of cybersecurity fundamentals (CIA triad, threat vectors). Knowledge of ITIL disciplines such as Incident, Problem and Change Management. CompTIA Security+ / CySA+ or similar. Vendor Certifications - Cisco, Nozomi, Fortinet. Knowledge of scripting - Python, Powershell, Perl desirable. Drive to work off own initiative. Ability to work in a fast paced, changing environment. Understanding of ticket management systems and SLAs. Strong analytical and problem-solving skills. Ability to follow structured service-related documents such as Alert & Incident response playbooks. OT SOC Engineer Personal attributes: The following list highlights the personal attributes required for the role; however, it is not exhaustive: Must be self-motivated with a positive can-do attitude. Must be able to work un-supervised, on own initiative as well as within a team. Must be a logical thinker. Must remain calm under pressure. Be confident in both spoken and written communications. An excellent problem solver with strong analytical skills. Must stay up to date with the latest security trends, threats, and technologies and to report and communicate these to the technical teams. Can meet deadlines and maintain high standards even when under pressure. Must have understanding and appreciation to rigid process adherence. Must be willing to take on the unknown with the desire to learn. Must hold full driving licence valid in UK. Ability to work as part of a team but virtually at times due to remote and solo working. Must attend the office workplace as and when requested. OT SOC Engineer Benefits: Pension, Medical Insurance, Financial Planning Support, Death in Service, Medicash Healthcare Cash Plan, Permanent Total Disability Insurance, Enhanced Maternity/Paternity/Adoption Pay, Company Sick Pay, Hybrid Working, Investment in personal and professional training, Professional Memberships, Health checks, Wellbeing training and support, Employee Assistance Program, Flu jabs, Eyecare and of course paid holiday. Services advertised by Gold Group are those of an Agency and/or an Employment Business. We will contact you within the next 14 days if you are selected for interview. For a copy of our privacy policy please visit our website.
16/02/2026
Full time
OT SOC Engineer Basingstoke 28k - 35k + Benefite Hybrid working x2 days in office / x3 days work from home I am recruiting in Basingstoke for an OT SOC Engineer to join the OT SOC team and will report directly into the OT Cybersecurity Services Lead. As an OT SOC Engineer the role will be focused on the day-to-day monitoring of the OT service platform(s) and any other required security applications. You will be the first line of support for clients who have existing support services. The standard working hours for this role are Monday to Friday, 9:00 AM to 5:30 PM. In addition, you will participate in an on-call rotation on a 1-in-4 basis. On-call duties fall outside your regular working hours and run from Monday at 9:00 AM through to the following Monday at 8:59 AM and uou will be paid extra for the on call duites of the OT SOC Engineer. OT SOC Engineer Responsibilities: Continuous / Proactive monitoring of OT security tools (e.g., Nozomi, Fortinet, TXOne) for alerts and anomalies. Acknowledge, analyse and validate alerts triggered from the OT security tools to reduce false positives and escalate genuine incidents. Proactively collaborate with internal engineers and customers to assess operational and BAU alerts, establishing baselines to minimise unnecessary noise within OT service security tools. Triage, investigate, and respond to security incidents, performing root cause analysis and taking steps to mitigate the threat. Take immediate action on potential and identified cyber security incidents in accordance with agreed SLA's and KPI's. Proactively research emerging threats and vulnerabilities to find and address potential weaknesses before they are exploited. Identify potential weaknesses in systems and networks and suggest or help implement preventative measures like firewalls or improved access controls. Escalate incidents to Level 2 OT SOC or OT Cybersecurity Engineers as per service documentation (i.e. Playbooks or Alert/Incident Management processes). Adhere to all internal service-related processes such as Alert & Incident Management processes. Assist with the creation of processes as and when required and to have these align with existing processes. Document incident reports including actions taken in SOC Ticketing systems. Analyse data from logs, network traffic, and forensics to create detailed reports on findings and lessons learned. To be utilised in daily / weekly SOC reports for OT Environments. Management and ownership or service-related documentation such as knowledge bases and playbooks. Provide training to additional or new members of the Business Unit as and when required. Assist with liaising with manufactures or tool set providers regarding product or toolset specific issues. Prepare, maintain, and adhere to procedures for logging, reporting, and statistically monitoring data as directed. Ensuring time is accurately logged against client work, for billing purposes. Identify new technology opportunities to enhance the product and service portfolio. Respond to emergency outages in accordance with business continuity and disaster recovery plans. Adopt a proactive approach towards all client activities. Collaborate with all the Technical Service departments when required to ensure business objectives are met. Support delivery of projects with chosen technologies as and when required. Own personal training plan that is put in place with line manager. Highlight areas for improvement to supervisor where applicable. Ensuring adherence to Management System Manual for Quality (ISO 9001), InfoSec (ISO 27001) and ESG (ISO 14001). Follow established OT security procedures aligned with IEC 62443, NIST CSF, and company policies. Translate complex technical threats into clear business risks for management and collaborate with GRC (Governance, Risk, and Compliance) teams. Work with other SOC analysts, technical teams, and stakeholders to coordinate responses and share information. Provide input on and help optimise security tools, such as EDR/XDR and SIEM platforms. Expectation to assist with other tasks requested by line manager. OT SOC Engineer Desired Skills/Qualifications/Experience The following list highlights the desired skills, qualifications and experience required for the role; however, it is not exhaustive: Degree in Cybersecurity or similar. Experience with Cyber Security Monitoring tools. Experience working in an IT Support or Security/SOC team. Experience working in an OT environment. Understanding or knowledge of devices specific to an OT environment. Understanding of OT specific legislations or regulations such as IEC62443. Basic understanding of: ICS/SCADA systems and OT network architecture. Common OT protocols (Modbus, DNP3, OPC). Experience/Understanding of SIEM/SOAR solutions and OT-specific monitoring platforms (e.g. Nozomi Vantage). Knowledge of network environments (routing/switching/VLANS/Security/Wireless/etc.). Knowledge of Firewalls (IDS/IPS/DPI/WAF/Web Filter/App Control). Knowledge of security concepts (CIA/MITRE ATT&CK Framework/Vulnerabilities). Knowledge of cybersecurity fundamentals (CIA triad, threat vectors). Knowledge of ITIL disciplines such as Incident, Problem and Change Management. CompTIA Security+ / CySA+ or similar. Vendor Certifications - Cisco, Nozomi, Fortinet. Knowledge of scripting - Python, Powershell, Perl desirable. Drive to work off own initiative. Ability to work in a fast paced, changing environment. Understanding of ticket management systems and SLAs. Strong analytical and problem-solving skills. Ability to follow structured service-related documents such as Alert & Incident response playbooks. OT SOC Engineer Personal attributes: The following list highlights the personal attributes required for the role; however, it is not exhaustive: Must be self-motivated with a positive can-do attitude. Must be able to work un-supervised, on own initiative as well as within a team. Must be a logical thinker. Must remain calm under pressure. Be confident in both spoken and written communications. An excellent problem solver with strong analytical skills. Must stay up to date with the latest security trends, threats, and technologies and to report and communicate these to the technical teams. Can meet deadlines and maintain high standards even when under pressure. Must have understanding and appreciation to rigid process adherence. Must be willing to take on the unknown with the desire to learn. Must hold full driving licence valid in UK. Ability to work as part of a team but virtually at times due to remote and solo working. Must attend the office workplace as and when requested. OT SOC Engineer Benefits: Pension, Medical Insurance, Financial Planning Support, Death in Service, Medicash Healthcare Cash Plan, Permanent Total Disability Insurance, Enhanced Maternity/Paternity/Adoption Pay, Company Sick Pay, Hybrid Working, Investment in personal and professional training, Professional Memberships, Health checks, Wellbeing training and support, Employee Assistance Program, Flu jabs, Eyecare and of course paid holiday. Services advertised by Gold Group are those of an Agency and/or an Employment Business. We will contact you within the next 14 days if you are selected for interview. For a copy of our privacy policy please visit our website.
Your new company Working for a globally rewnoned financial organisation based near St Paul's in London. Your new role Seeking an experienced Enterprise Solution Architect to join a newly established team within the Governance, Risk, and Compliance (GRC) function of a leading financial organisation. This newly created department is focused on building out the organisation's GRC capabilities, identifying gaps, and designing a robust architectural roadmap to support long-term strategic goals.In this role, you will play a key part in shaping the future of GRC architecture, leveraging your deep expertise in regulatory compliance and risk from an architectural perspective. You will be responsible for developing frameworks that span multiple regulations, ensuring the organisation remains agile and compliant in a rapidly evolving regulatory landscape.The ideal candidate will bring a strong track record of delivering projects within financial services, with hands-on experience in enterprise, solution, and technical architecture. You will have previously operated as an Enterprise Architect across the AWS cloud platform and possess a high-level understanding of data platforms and their integration into enterprise systems. A solid grasp of regulatory controls, policies, and procedures is essential, as you will be supporting the organisation's architectural roadmap with frameworks that ensure compliance and mitigate risk. This is a unique opportunity to be part of a forward-thinking team, driving innovation and resilience in a critical area of the business. What you'll need to succeed Experience with Governance, Risk and Compliance tools and Technologies such as Metricstream. Strong understanding of Operational Risk practices in multi-national setups providing B2B services (Financial services or other regulated environments would be a plus) Exposure to regulatory compliance such as DORA, SOX, HIPAA, CSRD etc. Knowledge of architectural frameworks (e.g. TOGAF) and data/systems integration exposure Strong communicator and good stakeholder management (team and upwards) Experience in Architecture, design and delivery for Cloud (AWS, Azure) and on-prem platforms including integrations to key services What you'll get in return Flexible working options available. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
01/10/2025
Full time
Your new company Working for a globally rewnoned financial organisation based near St Paul's in London. Your new role Seeking an experienced Enterprise Solution Architect to join a newly established team within the Governance, Risk, and Compliance (GRC) function of a leading financial organisation. This newly created department is focused on building out the organisation's GRC capabilities, identifying gaps, and designing a robust architectural roadmap to support long-term strategic goals.In this role, you will play a key part in shaping the future of GRC architecture, leveraging your deep expertise in regulatory compliance and risk from an architectural perspective. You will be responsible for developing frameworks that span multiple regulations, ensuring the organisation remains agile and compliant in a rapidly evolving regulatory landscape.The ideal candidate will bring a strong track record of delivering projects within financial services, with hands-on experience in enterprise, solution, and technical architecture. You will have previously operated as an Enterprise Architect across the AWS cloud platform and possess a high-level understanding of data platforms and their integration into enterprise systems. A solid grasp of regulatory controls, policies, and procedures is essential, as you will be supporting the organisation's architectural roadmap with frameworks that ensure compliance and mitigate risk. This is a unique opportunity to be part of a forward-thinking team, driving innovation and resilience in a critical area of the business. What you'll need to succeed Experience with Governance, Risk and Compliance tools and Technologies such as Metricstream. Strong understanding of Operational Risk practices in multi-national setups providing B2B services (Financial services or other regulated environments would be a plus) Exposure to regulatory compliance such as DORA, SOX, HIPAA, CSRD etc. Knowledge of architectural frameworks (e.g. TOGAF) and data/systems integration exposure Strong communicator and good stakeholder management (team and upwards) Experience in Architecture, design and delivery for Cloud (AWS, Azure) and on-prem platforms including integrations to key services What you'll get in return Flexible working options available. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
Cyber and Information Security Lead Bath 75,000 - 85,000 Our client is looking for an ambitious Cyber and Information Security Lead to join their growing SaaS Business. They are seeking a conscientious, personable, and knowledgeable leader, ideally with commercial experience in the public sector. You may already be operating at the CISO level in a small company or have ambitions to reach the next level in your career. Key Responsibilities: Strategy and Compliance: Design and implement a comprehensive security strategy and roadmap, ensuring our security posture meets the requirements of the NHS Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus, ISO 27001:2022, and other relevant frameworks. Risk Management: Lead the information security risk management program, including the identification, assessment, mitigation, and monitoring of risks across all systems and operations. Policy and Governance: Support and oversee the creation and enforcement of security policies, standards, and procedures. Incident Response: Develop, implement, and manage the security incident response plan. Leadership: Provide strong leadership and mentorship to the governance, risk, and compliance team. Essential Requirements: Extensive security leadership: Proven experience (10+ years) in a senior information security role, with significant experience in a CISO or equivalent position within a software development or health technology environment UK health sector experience: In-depth knowledge and practical experience with UK healthcare security standards and regulations, including demonstrable expertise with the NHS Data Security and Protection Toolkit (DSPT), Digital Technology Assessment Criteria (DTAC) and NCSC CAF. ISO 27001:2022 implementation & maintenance: Hands-on experience with the successful implementation, certification, and ongoing maintenance of an ISO 27001 Information Security Management System (ISMS), ideally to the 2022 standard. Security architecture & Secure by Design: Strong understanding and experience of secure software development lifecycles (SDLC) and embedding security by design into product development processes, along with secure system architecture principles. Risk management: Demonstrated expertise in developing, implementing, and managing information security risk management frameworks, including risk assessment methodologies (eg OCTAVE, FAIR). Incident response: Proven track record in developing, leading, and managing security incident response plans, including experience with major incident handling and communication with regulatory bodies (eg NCSC, ICO, NHS England). Policy & governance: Extensive experience in developing, implementing, and enforcing comprehensive information security policies, standards, and procedures. Regulatory compliance: Solid understanding of UK and EU data protection laws (eg GDPR, Data Protection Act 2018), NIS Directive, and their practical application within a health tech context. Stakeholder management: Excellent communication, influencing, and negotiation skills with the ability to articulate complex security concepts to technical and non-technical stakeholders, including senior leadership, product teams, and external partners. Team leadership & mentoring: Proven ability to lead, mentor, and develop a high-performing governance, risk, and compliance (GRC) team. Vulnerability management: Experience scoping, overseeing and interpreting the results of vulnerability scanning, penetration testing, and security audits. Please apply for more details
01/10/2025
Full time
Cyber and Information Security Lead Bath 75,000 - 85,000 Our client is looking for an ambitious Cyber and Information Security Lead to join their growing SaaS Business. They are seeking a conscientious, personable, and knowledgeable leader, ideally with commercial experience in the public sector. You may already be operating at the CISO level in a small company or have ambitions to reach the next level in your career. Key Responsibilities: Strategy and Compliance: Design and implement a comprehensive security strategy and roadmap, ensuring our security posture meets the requirements of the NHS Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus, ISO 27001:2022, and other relevant frameworks. Risk Management: Lead the information security risk management program, including the identification, assessment, mitigation, and monitoring of risks across all systems and operations. Policy and Governance: Support and oversee the creation and enforcement of security policies, standards, and procedures. Incident Response: Develop, implement, and manage the security incident response plan. Leadership: Provide strong leadership and mentorship to the governance, risk, and compliance team. Essential Requirements: Extensive security leadership: Proven experience (10+ years) in a senior information security role, with significant experience in a CISO or equivalent position within a software development or health technology environment UK health sector experience: In-depth knowledge and practical experience with UK healthcare security standards and regulations, including demonstrable expertise with the NHS Data Security and Protection Toolkit (DSPT), Digital Technology Assessment Criteria (DTAC) and NCSC CAF. ISO 27001:2022 implementation & maintenance: Hands-on experience with the successful implementation, certification, and ongoing maintenance of an ISO 27001 Information Security Management System (ISMS), ideally to the 2022 standard. Security architecture & Secure by Design: Strong understanding and experience of secure software development lifecycles (SDLC) and embedding security by design into product development processes, along with secure system architecture principles. Risk management: Demonstrated expertise in developing, implementing, and managing information security risk management frameworks, including risk assessment methodologies (eg OCTAVE, FAIR). Incident response: Proven track record in developing, leading, and managing security incident response plans, including experience with major incident handling and communication with regulatory bodies (eg NCSC, ICO, NHS England). Policy & governance: Extensive experience in developing, implementing, and enforcing comprehensive information security policies, standards, and procedures. Regulatory compliance: Solid understanding of UK and EU data protection laws (eg GDPR, Data Protection Act 2018), NIS Directive, and their practical application within a health tech context. Stakeholder management: Excellent communication, influencing, and negotiation skills with the ability to articulate complex security concepts to technical and non-technical stakeholders, including senior leadership, product teams, and external partners. Team leadership & mentoring: Proven ability to lead, mentor, and develop a high-performing governance, risk, and compliance (GRC) team. Vulnerability management: Experience scoping, overseeing and interpreting the results of vulnerability scanning, penetration testing, and security audits. Please apply for more details
Job Description: The Secure by Design (SBD) Consultant team members assist in the review, development, testing and implementation of security plans, products and control techniques, including enhancement of existing processes and service offerings. The role ensures that Bank of America continuously develops cyber secure technologies that adhere to internal policies as well as industry best practices. In addition, the team may be asked to provide technical support to the client, management, and lines of business in risk assessments and implementation of appropriate data security procedures and products. Must be able to meet demands associated with managing multiple projects in a global environment. Assist with and contribute to overall SBD success. The Team The Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Chief Information Officers (CIOs)/Chief Technology Officers (CTOs). Required Skills: • number of years' experience in cyber security or a technology-related field. • Experience in vulnerability assessment, security incident response, application security. • Evaluating threats/risks posed by new technologies spanning networks, hardware, software, etc. • Ability to evaluate technology to ensure cyber-secure development that adheres to internal application policy, standards, and baselines. • Experience in analyzing and responding to advanced cyber threats, technology risk and the motivation/attack vectors of each threat. • Experience in implementation of information security strategy, including compliance with industry best practices and regulatory requirements. • Excellent verbal and written communication skills. Ability to communicate with business leaders, users and tech-savvy stakeholders. • Experience with basic SharePoint usage. • Ability to take ownership of an initiative/issue through completion. • Ability to work in a collaborative environment. • Strong project management skills. • Ability to work with minimal supervision. • Ability to own and deliver on complex initiatives in a high paced, evolving environment. Optional Certifications: CISSP (ISC2), CISA, CRISC, CISM (ISACA), CCIE (Cisco), TOGAF, CCTA (McAfee), CCFP (ISC2). Desired Skills: • Bachelor's degree in Information Technology, information security or related field • Master's degree preferred • Knowledge in Application security, Risk assessments, Cloud technologies, GRC (Governance, Risk, and Compliance) with emphasis on security processes and controls • Strong analytical skills/problem solving/conceptual thinking • Ability to work with technical and non-technical business owners • Assist with internal efficiencies projects and development E very day, across the globe, our employees bring a commitment to our purpose and to driving responsible growth by living our values: deliver together, act responsibly, realize the power of our people and trust the team. A key aspect of driving responsible growth is doing so in a sustainable manner, a critical pillar of which is being a great place to work for our teammates In line with these values, in EMEA we have 9 Employee Networks, a wide range of Sports & Social clubs, and other development and networking opportunities so that you can enjoy a range of experiences and connect with colleagues across the bank. We also offer exclusive discounts to some of the most iconic cultural experiences for you to enjoy in your spare time outside of work. Learn more about our benefits here. Good conduct and sound judgment is crucial to our long term success. It's important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mind- set are the cornerstones of our Code of Conduct and are at the heart of managing risk well. We are an equal opportunities employer, and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnic or national origins, age, sexual orientation, socio- economic background, responsibilities for dependants, physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience. We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements. As part of our standard hiring process to manage risk, please note background screening checks will be conducted on all hires before commencing employment. Job Band: H5 Shift: Hours Per Week: 35 Weekly Schedule: Referral Bonus Amount: 0
24/09/2022
Full time
Job Description: The Secure by Design (SBD) Consultant team members assist in the review, development, testing and implementation of security plans, products and control techniques, including enhancement of existing processes and service offerings. The role ensures that Bank of America continuously develops cyber secure technologies that adhere to internal policies as well as industry best practices. In addition, the team may be asked to provide technical support to the client, management, and lines of business in risk assessments and implementation of appropriate data security procedures and products. Must be able to meet demands associated with managing multiple projects in a global environment. Assist with and contribute to overall SBD success. The Team The Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Chief Information Officers (CIOs)/Chief Technology Officers (CTOs). Required Skills: • number of years' experience in cyber security or a technology-related field. • Experience in vulnerability assessment, security incident response, application security. • Evaluating threats/risks posed by new technologies spanning networks, hardware, software, etc. • Ability to evaluate technology to ensure cyber-secure development that adheres to internal application policy, standards, and baselines. • Experience in analyzing and responding to advanced cyber threats, technology risk and the motivation/attack vectors of each threat. • Experience in implementation of information security strategy, including compliance with industry best practices and regulatory requirements. • Excellent verbal and written communication skills. Ability to communicate with business leaders, users and tech-savvy stakeholders. • Experience with basic SharePoint usage. • Ability to take ownership of an initiative/issue through completion. • Ability to work in a collaborative environment. • Strong project management skills. • Ability to work with minimal supervision. • Ability to own and deliver on complex initiatives in a high paced, evolving environment. Optional Certifications: CISSP (ISC2), CISA, CRISC, CISM (ISACA), CCIE (Cisco), TOGAF, CCTA (McAfee), CCFP (ISC2). Desired Skills: • Bachelor's degree in Information Technology, information security or related field • Master's degree preferred • Knowledge in Application security, Risk assessments, Cloud technologies, GRC (Governance, Risk, and Compliance) with emphasis on security processes and controls • Strong analytical skills/problem solving/conceptual thinking • Ability to work with technical and non-technical business owners • Assist with internal efficiencies projects and development E very day, across the globe, our employees bring a commitment to our purpose and to driving responsible growth by living our values: deliver together, act responsibly, realize the power of our people and trust the team. A key aspect of driving responsible growth is doing so in a sustainable manner, a critical pillar of which is being a great place to work for our teammates In line with these values, in EMEA we have 9 Employee Networks, a wide range of Sports & Social clubs, and other development and networking opportunities so that you can enjoy a range of experiences and connect with colleagues across the bank. We also offer exclusive discounts to some of the most iconic cultural experiences for you to enjoy in your spare time outside of work. Learn more about our benefits here. Good conduct and sound judgment is crucial to our long term success. It's important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mind- set are the cornerstones of our Code of Conduct and are at the heart of managing risk well. We are an equal opportunities employer, and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnic or national origins, age, sexual orientation, socio- economic background, responsibilities for dependants, physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience. We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements. As part of our standard hiring process to manage risk, please note background screening checks will be conducted on all hires before commencing employment. Job Band: H5 Shift: Hours Per Week: 35 Weekly Schedule: Referral Bonus Amount: 0
Cloud Security Assurance Specialist Fully Remote Initial contract until July 2022 Pay rate up to £500 per day via Umbrella inside IR35 Job Description: The primary purpose of this position is to drive cloud security compliance by ensuring policies are appropriately deployed, enforced and tracked. Initially focused within Microsoft Azure, you will work with stakeholders across the organisation to remediate any identified risks. Review existing Azure security policy exemptions and determine as to whether those exemptions are still required. Remediate policy exemptions which aren't correctly captured within the designated system. Provide policy compliance metrics to Cyber Risk & Assurance Leads. Ensure resources are tagged in-line with tagging strategy. In conjunction with GRC, ensure risks are captured within appropriate system and any remediation plans are documented. Provide assurance on existing & new blueprints. Conduct foundational cloud security assessments, identifying, documenting and escalating any gaps. Review cloud security scores and advise resource owners as to how those scores can be increased. Provide cloud security consultancy for projects on an ad-hoc basis. Skills Required: Experience with Azure Cloud Security policies Experienced in all cyber security domains Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products Prior experience in conducting cyber Security risk assessments Stakeholder/internal business management experience Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority Work with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles Exposure to any GRC technologies to conduct cyber risk management CCSP and AZ-500 is desired but not mandatory
10/01/2022
Contractor
Cloud Security Assurance Specialist Fully Remote Initial contract until July 2022 Pay rate up to £500 per day via Umbrella inside IR35 Job Description: The primary purpose of this position is to drive cloud security compliance by ensuring policies are appropriately deployed, enforced and tracked. Initially focused within Microsoft Azure, you will work with stakeholders across the organisation to remediate any identified risks. Review existing Azure security policy exemptions and determine as to whether those exemptions are still required. Remediate policy exemptions which aren't correctly captured within the designated system. Provide policy compliance metrics to Cyber Risk & Assurance Leads. Ensure resources are tagged in-line with tagging strategy. In conjunction with GRC, ensure risks are captured within appropriate system and any remediation plans are documented. Provide assurance on existing & new blueprints. Conduct foundational cloud security assessments, identifying, documenting and escalating any gaps. Review cloud security scores and advise resource owners as to how those scores can be increased. Provide cloud security consultancy for projects on an ad-hoc basis. Skills Required: Experience with Azure Cloud Security policies Experienced in all cyber security domains Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products Prior experience in conducting cyber Security risk assessments Stakeholder/internal business management experience Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority Work with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles Exposure to any GRC technologies to conduct cyber risk management CCSP and AZ-500 is desired but not mandatory
Information Security Consultant (Secure by Design) Banking Remote / can be based in either Chester or London when necessary 6 months+ £650 - £700 per day The Secure by Design (SBD) Consultant team members assist in the review, development, testing and implementation of security plans, products and control techniques, including enhancement of existing processes and service offerings. The role ensures that the client continuously develops cyber secure technologies that adhere to internal policies as well as industry best practices. In addition, the team may be asked to provide technical support to the client, management, and lines of business in risk assessments and implementation of appropriate data security procedures and products. Must be able to meet demands associated with managing multiple projects in a global environment. Assist with and contribute to overall SBD success. Required Skills: * 4 to 8 years of experience in cyber security or a technology-related field. * Experience in vulnerability assessment, security incident response, application security. * Evaluating threats/risks posed by new technologies spanning networks, hardware, software, etc. * Ability to evaluate technology to ensure cyber-secure development that adheres to internal application policy, standards, and baselines. * Experience in analysing and responding to advanced cyber threats, technology risk and the motivation/attack vectors of each threat. * Experience in implementation of information security strategy, including compliance with industry best practices and regulatory requirements. * Excellent verbal and written communication skills. Ability to communicate with business leaders, users and tech-savvy stakeholders. * Experience with basic SharePoint usage. * Ability to take ownership of an initiative/issue through completion. * Ability to work in a collaborative environment. * Strong project management skills. * Ability to work with minimal supervision. * Ability to own and deliver on complex initiatives in a high paced, evolving environment. * Optional Certifications: CISSP (ISC2), CISA, CRISC, CISM (ISACA), CCIE (Cisco), TOGAF, CCTA (McAfee), CCFP (ISC2). Desired Skills: * Bachelor's degree in Information Technology, information security or related field * Master's degree preferred * Knowledge in Application security, Risk assessments, Cloud technologies, GRC (Governance, Risk, and Compliance) with emphasis on security processes and controls * Strong analytical skills/problem solving/conceptual thinking * Ability to work with technical and non-technical business owners * Assist with internal efficiencies projects and development Candidates will ideally show evidence of the above in their CV in order to be considered. Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.
14/09/2021
Contractor
Information Security Consultant (Secure by Design) Banking Remote / can be based in either Chester or London when necessary 6 months+ £650 - £700 per day The Secure by Design (SBD) Consultant team members assist in the review, development, testing and implementation of security plans, products and control techniques, including enhancement of existing processes and service offerings. The role ensures that the client continuously develops cyber secure technologies that adhere to internal policies as well as industry best practices. In addition, the team may be asked to provide technical support to the client, management, and lines of business in risk assessments and implementation of appropriate data security procedures and products. Must be able to meet demands associated with managing multiple projects in a global environment. Assist with and contribute to overall SBD success. Required Skills: * 4 to 8 years of experience in cyber security or a technology-related field. * Experience in vulnerability assessment, security incident response, application security. * Evaluating threats/risks posed by new technologies spanning networks, hardware, software, etc. * Ability to evaluate technology to ensure cyber-secure development that adheres to internal application policy, standards, and baselines. * Experience in analysing and responding to advanced cyber threats, technology risk and the motivation/attack vectors of each threat. * Experience in implementation of information security strategy, including compliance with industry best practices and regulatory requirements. * Excellent verbal and written communication skills. Ability to communicate with business leaders, users and tech-savvy stakeholders. * Experience with basic SharePoint usage. * Ability to take ownership of an initiative/issue through completion. * Ability to work in a collaborative environment. * Strong project management skills. * Ability to work with minimal supervision. * Ability to own and deliver on complex initiatives in a high paced, evolving environment. * Optional Certifications: CISSP (ISC2), CISA, CRISC, CISM (ISACA), CCIE (Cisco), TOGAF, CCTA (McAfee), CCFP (ISC2). Desired Skills: * Bachelor's degree in Information Technology, information security or related field * Master's degree preferred * Knowledge in Application security, Risk assessments, Cloud technologies, GRC (Governance, Risk, and Compliance) with emphasis on security processes and controls * Strong analytical skills/problem solving/conceptual thinking * Ability to work with technical and non-technical business owners * Assist with internal efficiencies projects and development Candidates will ideally show evidence of the above in their CV in order to be considered. Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.
