A career without limits As the nation's flag carrier, we take great pride in connecting Britain with the world and the world with Britain. It's something we've been doing for over 100 years, ever since we launched the world's first international scheduled air service between London and Paris. This originality has been in our blood since day one. It's the spirit we share with the people that fly with us, our partners, and our colleagues. So, whether you are a reassuring voice on the end of a phone, a smile at the door, under a wing keeping the turbines spinning or landing us gently in far flung places, a job at British Airways is yours to make. We know great things can happen when you're inspired to think big and bring your ambition to work every day, which is why, at British Airways, the sky is never the limit. The role Cyber Delivery Assurance Lead As Cyber Delivery Assurance Lead, you'll act as the British Airways cyber representative embedded within product delivery teams, ensuring cyber risk is actively managed and security controls are designed, implemented and operating effectively across programmes and products. This is a hands on cyber assurance role. You'll be expected to bring strong practical experience of applying cyber security controls, assessing real systems and architectures, and working directly with delivery teams to embed security by design - not simply reviewing documentation or providing high level guidance. Reporting to the Head of Cyber & IT Risk, you'll work closely with BA Tech Delivery teams, the BA Cyber Team and the IAG Cyber Security Office to ensure solutions meet BA's risk appetite and regulatory obligations. What you'll do Provide delivery assurance to ensure programmes and products operate within BA's cyber risk appetite Work hands on with delivery teams to embed security by design and ensure appropriate cyber controls are implemented and operating effectively Interpret and apply cyber security policies, standards and guidelines across product releases and ongoing maintenance Conduct threat and risk assessments across varied technology stacks and define proportionate mitigating controls Provide authoritative advice on the practical application of security controls, legislation and regulatory requirements Act as the cyber point of contact for programmes and products, supporting secure delivery end to end Engage proactively with the IAG Cyber Security Office assurance and architecture functions to ensure consistency and best practice Identify, manage and report cyber risks and exceptions throughout the product lifecycle Support cyber governance forums and provide clear, accurate updates on security deliverables Promote cyber risk awareness and support security awareness initiatives across the organisation What you'll bring to British Airways Strong hands on cyber security experience, with the ability to assess real systems and influence secure design and delivery decisions Broad technical understanding of cyber security controls across multiple technology domains Confidence working directly with engineers, architects and delivery teams to resolve security issues pragmatically Ability to balance standards compliance with practical delivery constraints Excellent stakeholder management skills, with experience influencing at senior levels Calm, resilient approach in fast paced and changing environments Clear, positive communicator who can explain cyber risk and controls effectively Your experience Proven experience providing cyber security assurance or secure delivery support in complex environments Demonstrable experience performing threat and risk assessments and defining mitigating controls Experience working in regulated environments with strong cyber and compliance requirements Knowledge of cyber security frameworks and regulatory requirements such as NIST, PCI DSS, GDPR and NIS Experience in agile delivery environments is advantageous Relevant cyber security qualifications (e.g. CISSP, ISO27001 Lead Implementer, SANS GIAC or equivalent) desirable What we offer We believe that all the people who work with us should feel valued for the part they play. It's one of the reasons our rewards go far beyond a competitive salary. From the day you join us, you'll get access to brilliant staff travel benefits including unlimited basic and premium standby tickets on British Airways flights. You'll also receive up to 30 discounted 'Hotline' airfares per year for yourself, friends, and family. At British Airways you'll have the chance to take on new challenges and move forward in a way that feels right for you. We encourage all those who work for us to consider opportunities right across our business to help you develop and progress. We never stand still, and we don't expect our people to either. Inclusion & Diversity At British Airways we all have a part to play in creating an inclusive place to work. Diverse representation among our people is really important to us and we recognise that all our colleagues are uniquely different and bring their own originality, creativity and identity to work. Inclusion and diversity is a key driver of innovation and we're committed to creating a culture where everyone feels that they can be themselves. We're looking for people from all backgrounds and cultures to join us and be a part of our journey to become a Better BA as we continue to connect Britain with the world and the world with Britain.
12/03/2026
Full time
A career without limits As the nation's flag carrier, we take great pride in connecting Britain with the world and the world with Britain. It's something we've been doing for over 100 years, ever since we launched the world's first international scheduled air service between London and Paris. This originality has been in our blood since day one. It's the spirit we share with the people that fly with us, our partners, and our colleagues. So, whether you are a reassuring voice on the end of a phone, a smile at the door, under a wing keeping the turbines spinning or landing us gently in far flung places, a job at British Airways is yours to make. We know great things can happen when you're inspired to think big and bring your ambition to work every day, which is why, at British Airways, the sky is never the limit. The role Cyber Delivery Assurance Lead As Cyber Delivery Assurance Lead, you'll act as the British Airways cyber representative embedded within product delivery teams, ensuring cyber risk is actively managed and security controls are designed, implemented and operating effectively across programmes and products. This is a hands on cyber assurance role. You'll be expected to bring strong practical experience of applying cyber security controls, assessing real systems and architectures, and working directly with delivery teams to embed security by design - not simply reviewing documentation or providing high level guidance. Reporting to the Head of Cyber & IT Risk, you'll work closely with BA Tech Delivery teams, the BA Cyber Team and the IAG Cyber Security Office to ensure solutions meet BA's risk appetite and regulatory obligations. What you'll do Provide delivery assurance to ensure programmes and products operate within BA's cyber risk appetite Work hands on with delivery teams to embed security by design and ensure appropriate cyber controls are implemented and operating effectively Interpret and apply cyber security policies, standards and guidelines across product releases and ongoing maintenance Conduct threat and risk assessments across varied technology stacks and define proportionate mitigating controls Provide authoritative advice on the practical application of security controls, legislation and regulatory requirements Act as the cyber point of contact for programmes and products, supporting secure delivery end to end Engage proactively with the IAG Cyber Security Office assurance and architecture functions to ensure consistency and best practice Identify, manage and report cyber risks and exceptions throughout the product lifecycle Support cyber governance forums and provide clear, accurate updates on security deliverables Promote cyber risk awareness and support security awareness initiatives across the organisation What you'll bring to British Airways Strong hands on cyber security experience, with the ability to assess real systems and influence secure design and delivery decisions Broad technical understanding of cyber security controls across multiple technology domains Confidence working directly with engineers, architects and delivery teams to resolve security issues pragmatically Ability to balance standards compliance with practical delivery constraints Excellent stakeholder management skills, with experience influencing at senior levels Calm, resilient approach in fast paced and changing environments Clear, positive communicator who can explain cyber risk and controls effectively Your experience Proven experience providing cyber security assurance or secure delivery support in complex environments Demonstrable experience performing threat and risk assessments and defining mitigating controls Experience working in regulated environments with strong cyber and compliance requirements Knowledge of cyber security frameworks and regulatory requirements such as NIST, PCI DSS, GDPR and NIS Experience in agile delivery environments is advantageous Relevant cyber security qualifications (e.g. CISSP, ISO27001 Lead Implementer, SANS GIAC or equivalent) desirable What we offer We believe that all the people who work with us should feel valued for the part they play. It's one of the reasons our rewards go far beyond a competitive salary. From the day you join us, you'll get access to brilliant staff travel benefits including unlimited basic and premium standby tickets on British Airways flights. You'll also receive up to 30 discounted 'Hotline' airfares per year for yourself, friends, and family. At British Airways you'll have the chance to take on new challenges and move forward in a way that feels right for you. We encourage all those who work for us to consider opportunities right across our business to help you develop and progress. We never stand still, and we don't expect our people to either. Inclusion & Diversity At British Airways we all have a part to play in creating an inclusive place to work. Diverse representation among our people is really important to us and we recognise that all our colleagues are uniquely different and bring their own originality, creativity and identity to work. Inclusion and diversity is a key driver of innovation and we're committed to creating a culture where everyone feels that they can be themselves. We're looking for people from all backgrounds and cultures to join us and be a part of our journey to become a Better BA as we continue to connect Britain with the world and the world with Britain.
About the role As a Senior Security Compliance Analyst you'll support the organisation's information security compliance programme across all Zellis Group business units. The role ensures that security controls, processes, and documentation meet internal policies, contractual obligations, and external standards such as ISO 27001, SOC2, GDPR , PCI-DSS , and Cyber Essentials Plus. This position focuses on execution and continuous assurance - maintaining audit readiness, evidencing control effectiveness, and tracking remediation activities to uphold a consistent and trusted compliance posture. Key areas of responsibility will include: Compliance Management Maintaining compliance evidence repositories and supporting audit readiness across frameworks including ISO 27001, SOC 2, and others as required. Monitoring adherence to information security policies, standards, and procedures. Tracking completion of mandatory security training and awareness activities. Supporting Zellis Group business units in interpreting and applying compliance controls. Certification & Audit Management Coordinating internal and external audit activities for ISO 27001, SOC 2, and other frameworks introduced by group business units. Managing pre-audit preparation, evidence collection, and auditor liaison. Supporting transition of SOC 1 activities into the central compliance function. Maintaining certification schedules and ensuring corrective actions are tracked to closure. Internal Security Audits Planning and conducting internal control reviews to test compliance effectiveness. Documenting findings, non-conformities, and improvement opportunities. Tracking issue remediation and providing status reporting to management. Stakeholder Collaboration Acting as compliance liaison across business units, including customer facing and commercial teams. Supporting external customer engagements, tenders, and due diligence requests by providing accurate compliance information packs and evidence extracts. Collaborating with IT, Engineering, Compliance, Legal, HR, Operations and other teams to embed compliance into operational processes. Continuous Improvement & Integration Supporting compliance integration activities during mergers and acquisitions. Participating in the implementation and ongoing maintenance of automating audits. Participating in access reviews, control testing, and assurance checks. Recommending improvements to enhance consistency, efficiency, and auditability. Assisting Security Risk & Assurance Functions Supporting identification and assessment of compliance-related risks. Assisting in preparing risk and compliance dashboards, metrics, and SLA tracking. Contributing data to group risk registers and compliance scorecards. Maintaining localised policy registers and managing documented exceptions. Contributing to drafting and reviewing information security procedures. Ensuring all colleagues have access to, and acknowledge, current policy versions. Skills & experience Functional / technical: Extensive experience in IT or information security, with at least 2 years focused on compliance or audit. Strong working knowledge of information security compliance frameworks (ISO 27001, SOC 2, GDPR, PCI-DSS, NIS 2, Cyber Essentials Plus). Relevant certifications desirable (e.g. ISO 27001 Lead Implementer/Auditor, CISA, CRISC, CompTIA Security+). Working knowledge of cloud platforms (Azure, AWS, Google Cloud) and common security tooling (EDR/XDR, SIEM, IAM, PAM). Understanding of data protection and privacy requirements under UK GDPR. Experience maintaining audit trails, compliance registers, and remediation logs. Proficiency in preparing documentation for external audits and customer requests. Familiarity with risk assessment methodologies and SLA metric reporting. Experience of business tooling such as Teams, Project, Service Now, ADO, Jira would be advantageous. Ability to interpret technical controls and convey compliance requirements clearly. Personal attributes: Excellent analytical, organisational, and communication skills - able to engage effectively with both technical and business stakeholders. Detail-oriented and disciplined in maintaining documentation and audit evidence. Proactive and accountable in following through on compliance actions. Strong prioritisation skills with the ability to manage multiple audits and requests. Collaborative team player, promoting consistency and knowledge sharing across business units. Integrity, reliability, and commitment to maintaining high standards of security assurance. Adaptable and comfortable working in a fast-paced, evolving environment. Ability to establish and maintain strong, professional relationships with internal and external stakeholders. A positive and curious mindset for AI-first working, embracing the impact that 'human+AI' can bring to the world. You'll be adept at using AI tools, able to demonstrate examples of where you've utilised AI to improve your output or delivery efficiency, and you embrace to opportunity to learn more about how AI can drive enhancements in the way we work. Benefits & culture At Zellis we create market-leading HR & Payroll products and services, to power exceptional employee experiences so that you and your people do better. Our multi-award-winning products pay over five million employees a year, with almost half (42%) of the FTSE 100, 50% of the top retailers and 30% of the top universities in the UK & Ireland as customers, making us the largest provider of Payroll and HR software and managed services. Our vision is to be the clear leader in pay, reward, analytics, and people experiences. We're passionate about creating an environment where people want to join, belong to, and be part of a progressive organisation. Our values, which were defined with input from our colleagues, we live and breathe every day: Unstoppable together. Always learning. Make it count. Think scale. Our people are critical to our ongoing success; we're proud of our inclusive culture that gives you the platform to grow, challenge the status quo and play a crucial role in further enhancing our market position as the leading provider of HR & Payroll software and services. With Zellis you'll have the chance to stretch and challenge yourself in an environment that's varied, flexible and hugely supportive. We also love to reward and recognise our brilliant colleagues. As part of your benefits package, you'll receive: A competitive base salary. 25 days annual leave, plus your birthday off and the opportunity to buy additional holiday. Private medical insurance. Life assurance 4x salary. Enhanced pension scheme with company contributions up to 8.5%. A huge range of additional flexible benefits across financial & personal wellbeing, lifestyle & leisure.
12/03/2026
Full time
About the role As a Senior Security Compliance Analyst you'll support the organisation's information security compliance programme across all Zellis Group business units. The role ensures that security controls, processes, and documentation meet internal policies, contractual obligations, and external standards such as ISO 27001, SOC2, GDPR , PCI-DSS , and Cyber Essentials Plus. This position focuses on execution and continuous assurance - maintaining audit readiness, evidencing control effectiveness, and tracking remediation activities to uphold a consistent and trusted compliance posture. Key areas of responsibility will include: Compliance Management Maintaining compliance evidence repositories and supporting audit readiness across frameworks including ISO 27001, SOC 2, and others as required. Monitoring adherence to information security policies, standards, and procedures. Tracking completion of mandatory security training and awareness activities. Supporting Zellis Group business units in interpreting and applying compliance controls. Certification & Audit Management Coordinating internal and external audit activities for ISO 27001, SOC 2, and other frameworks introduced by group business units. Managing pre-audit preparation, evidence collection, and auditor liaison. Supporting transition of SOC 1 activities into the central compliance function. Maintaining certification schedules and ensuring corrective actions are tracked to closure. Internal Security Audits Planning and conducting internal control reviews to test compliance effectiveness. Documenting findings, non-conformities, and improvement opportunities. Tracking issue remediation and providing status reporting to management. Stakeholder Collaboration Acting as compliance liaison across business units, including customer facing and commercial teams. Supporting external customer engagements, tenders, and due diligence requests by providing accurate compliance information packs and evidence extracts. Collaborating with IT, Engineering, Compliance, Legal, HR, Operations and other teams to embed compliance into operational processes. Continuous Improvement & Integration Supporting compliance integration activities during mergers and acquisitions. Participating in the implementation and ongoing maintenance of automating audits. Participating in access reviews, control testing, and assurance checks. Recommending improvements to enhance consistency, efficiency, and auditability. Assisting Security Risk & Assurance Functions Supporting identification and assessment of compliance-related risks. Assisting in preparing risk and compliance dashboards, metrics, and SLA tracking. Contributing data to group risk registers and compliance scorecards. Maintaining localised policy registers and managing documented exceptions. Contributing to drafting and reviewing information security procedures. Ensuring all colleagues have access to, and acknowledge, current policy versions. Skills & experience Functional / technical: Extensive experience in IT or information security, with at least 2 years focused on compliance or audit. Strong working knowledge of information security compliance frameworks (ISO 27001, SOC 2, GDPR, PCI-DSS, NIS 2, Cyber Essentials Plus). Relevant certifications desirable (e.g. ISO 27001 Lead Implementer/Auditor, CISA, CRISC, CompTIA Security+). Working knowledge of cloud platforms (Azure, AWS, Google Cloud) and common security tooling (EDR/XDR, SIEM, IAM, PAM). Understanding of data protection and privacy requirements under UK GDPR. Experience maintaining audit trails, compliance registers, and remediation logs. Proficiency in preparing documentation for external audits and customer requests. Familiarity with risk assessment methodologies and SLA metric reporting. Experience of business tooling such as Teams, Project, Service Now, ADO, Jira would be advantageous. Ability to interpret technical controls and convey compliance requirements clearly. Personal attributes: Excellent analytical, organisational, and communication skills - able to engage effectively with both technical and business stakeholders. Detail-oriented and disciplined in maintaining documentation and audit evidence. Proactive and accountable in following through on compliance actions. Strong prioritisation skills with the ability to manage multiple audits and requests. Collaborative team player, promoting consistency and knowledge sharing across business units. Integrity, reliability, and commitment to maintaining high standards of security assurance. Adaptable and comfortable working in a fast-paced, evolving environment. Ability to establish and maintain strong, professional relationships with internal and external stakeholders. A positive and curious mindset for AI-first working, embracing the impact that 'human+AI' can bring to the world. You'll be adept at using AI tools, able to demonstrate examples of where you've utilised AI to improve your output or delivery efficiency, and you embrace to opportunity to learn more about how AI can drive enhancements in the way we work. Benefits & culture At Zellis we create market-leading HR & Payroll products and services, to power exceptional employee experiences so that you and your people do better. Our multi-award-winning products pay over five million employees a year, with almost half (42%) of the FTSE 100, 50% of the top retailers and 30% of the top universities in the UK & Ireland as customers, making us the largest provider of Payroll and HR software and managed services. Our vision is to be the clear leader in pay, reward, analytics, and people experiences. We're passionate about creating an environment where people want to join, belong to, and be part of a progressive organisation. Our values, which were defined with input from our colleagues, we live and breathe every day: Unstoppable together. Always learning. Make it count. Think scale. Our people are critical to our ongoing success; we're proud of our inclusive culture that gives you the platform to grow, challenge the status quo and play a crucial role in further enhancing our market position as the leading provider of HR & Payroll software and services. With Zellis you'll have the chance to stretch and challenge yourself in an environment that's varied, flexible and hugely supportive. We also love to reward and recognise our brilliant colleagues. As part of your benefits package, you'll receive: A competitive base salary. 25 days annual leave, plus your birthday off and the opportunity to buy additional holiday. Private medical insurance. Life assurance 4x salary. Enhanced pension scheme with company contributions up to 8.5%. A huge range of additional flexible benefits across financial & personal wellbeing, lifestyle & leisure.
Lead Cyber Security Consultant (Defence) UK Remote (travel required approx. 60%/3 days onsite per week) Full-time & Permanent | Consultancy Competitive salary + Excellent benefits About the Opportunity We're working with an established and growing UK cybersecurity consultancy expanding its Defence and Public Sector practice. This is a great opportunity for an experienced security professional to lead high-impact programmes, influence senior stakeholders, and shape security outcomes across MOD and wider Defence environments. The Role As a Lead Cyber Security Consultant, you'll take ownership of multiple client engagements, delivering expert advice across governance, risk, compliance, and Secure by Design practices. You'll work closely with senior stakeholders to assess risk, define security controls, deliver assurance activities, and support secure architecture across complex, high-profile systems. This is a hands-on, strategic role that combines leadership, client engagement, and technical depth. Key Responsibilities Lead Secure by Design and security assurance activities across MOD and Public Sector programmes Support and guide the application of risk management frameworks, ISMS, and Enterprise Security Risk Management Conduct and lead workshops with technical and business stakeholders Produce clear, actionable reporting on risk, vulnerabilities, and remediation Provide pragmatic, proportionate recommendations aligned to business goals Support secure design across cloud and on-premise platforms Contribute to internal knowledge sharing and thought leadership Experience & Expertise Strong background in Technical/Security Architecture or Governance, Risk & Compliance Experience working in Defence/MOD environments Strong analytical and communication skills, with the ability to influence senior stakeholders Passion for continuous learning and high-quality security outcomes Desirable Knowledge SAC (Security Assurance Coordinator) or Delivery Team Security Lead experience MOD/GDS Secure by Design Familiarity with: JSP440, JSP604/453, JSP490 Supplier Chain Assurance GDPR, PCI DSS, ICO ISO 27001, NIST CSF, CIS Controls v8 Skills in: Threat modelling (kill chain, attack trees, etc.) Cloud security (AWS, Azure), containerisation, Firewalls Secure SDLC HLD/LLD review ITHC scoping and remediation Certifications (Highly Desirable) CIISEC UK Cyber Security Council registration (Chartered or Principal) AWS/Azure Security (Professional) CCSP, CISSP, CISM ISO 27001 Lead Auditor Security Vetting/Clearance Active and transferable DV clearance is essential Must be a sole British National and UK-based Benefits Competitive salary and benefits package Private healthcare & wellbeing support Flexible working (remote with travel) Career pathways, mentoring and continuous learning Inclusive, supportive culture Interested? Submit your application to learn more about this exciting opportunity. Reasonable Adjustments: Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients. If you need any help or adjustments during the recruitment process for any reason , please let us know when you apply or talk to the recruiters directly so we can support you.
12/03/2026
Full time
Lead Cyber Security Consultant (Defence) UK Remote (travel required approx. 60%/3 days onsite per week) Full-time & Permanent | Consultancy Competitive salary + Excellent benefits About the Opportunity We're working with an established and growing UK cybersecurity consultancy expanding its Defence and Public Sector practice. This is a great opportunity for an experienced security professional to lead high-impact programmes, influence senior stakeholders, and shape security outcomes across MOD and wider Defence environments. The Role As a Lead Cyber Security Consultant, you'll take ownership of multiple client engagements, delivering expert advice across governance, risk, compliance, and Secure by Design practices. You'll work closely with senior stakeholders to assess risk, define security controls, deliver assurance activities, and support secure architecture across complex, high-profile systems. This is a hands-on, strategic role that combines leadership, client engagement, and technical depth. Key Responsibilities Lead Secure by Design and security assurance activities across MOD and Public Sector programmes Support and guide the application of risk management frameworks, ISMS, and Enterprise Security Risk Management Conduct and lead workshops with technical and business stakeholders Produce clear, actionable reporting on risk, vulnerabilities, and remediation Provide pragmatic, proportionate recommendations aligned to business goals Support secure design across cloud and on-premise platforms Contribute to internal knowledge sharing and thought leadership Experience & Expertise Strong background in Technical/Security Architecture or Governance, Risk & Compliance Experience working in Defence/MOD environments Strong analytical and communication skills, with the ability to influence senior stakeholders Passion for continuous learning and high-quality security outcomes Desirable Knowledge SAC (Security Assurance Coordinator) or Delivery Team Security Lead experience MOD/GDS Secure by Design Familiarity with: JSP440, JSP604/453, JSP490 Supplier Chain Assurance GDPR, PCI DSS, ICO ISO 27001, NIST CSF, CIS Controls v8 Skills in: Threat modelling (kill chain, attack trees, etc.) Cloud security (AWS, Azure), containerisation, Firewalls Secure SDLC HLD/LLD review ITHC scoping and remediation Certifications (Highly Desirable) CIISEC UK Cyber Security Council registration (Chartered or Principal) AWS/Azure Security (Professional) CCSP, CISSP, CISM ISO 27001 Lead Auditor Security Vetting/Clearance Active and transferable DV clearance is essential Must be a sole British National and UK-based Benefits Competitive salary and benefits package Private healthcare & wellbeing support Flexible working (remote with travel) Career pathways, mentoring and continuous learning Inclusive, supportive culture Interested? Submit your application to learn more about this exciting opportunity. Reasonable Adjustments: Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients. If you need any help or adjustments during the recruitment process for any reason , please let us know when you apply or talk to the recruiters directly so we can support you.
A career without limits As the nation s flag carrier, we take great pride in connecting Britain with the world and the world with Britain. It s something we ve been doing for over 100 years, ever since we launched the world s first international scheduled air service between London and Paris. This originality has been in our blood since day one. It s the spirit we share with the people that fly with us, our partners, and our colleagues. So, whether you are a reassuring voice on the end of a phone, a smile at the door, under a wing keeping the turbines spinning or landing us gently in far flung places, a job at British Airways is yours to make. We know great things can happen when you re inspired to think big and bring your ambition to work every day, which is why, at British Airways, the sky is never the limit. The role Cyber Delivery Assurance Lead As Cyber Delivery Assurance Lead, you ll act as the British Airways cyber representative embedded within product delivery teams, ensuring cyber risk is actively managed and security controls are designed, implemented and operating effectively across programmes and products. This is a hands on cyber assurance role. You ll be expected to bring strong practical experience of applying cyber security controls, assessing real systems and architectures, and working directly with delivery teams to embed security by design not simply reviewing documentation or providing high level guidance. Reporting to the Head of Cyber & IT Risk, you ll work closely with BA Tech Delivery teams, the BA Cyber Team and the IAG Cyber Security Office to ensure solutions meet BA s risk appetite and regulatory obligations. What you ll do Provide delivery assurance to ensure programmes and products operate within BA s cyber risk appetite Work hands on with delivery teams to embed security by design and ensure appropriate cyber controls are implemented and operating effectively Interpret and apply cyber security policies, standards and guidelines across product releases and ongoing maintenance Conduct threat and risk assessments across varied technology stacks and define proportionate mitigating controls Provide authoritative advice on the practical application of security controls, legislation and regulatory requirements Act as the cyber point of contact for programmes and products, supporting secure delivery end to end Engage proactively with the IAG Cyber Security Office assurance and architecture functions to ensure consistency and best practice Identify, manage and report cyber risks and exceptions throughout the product lifecycle Support cyber governance forums and provide clear, accurate updates on security deliverables Promote cyber risk awareness and support security awareness initiatives across the organisation What you ll bring to British Airways Strong hands on cyber security experience, with the ability to assess real systems and influence secure design and delivery decisions Broad technical understanding of cyber security controls across multiple technology domains Confidence working directly with engineers, architects and delivery teams to resolve security issues pragmatically Ability to balance standards compliance with practical delivery constraints Excellent stakeholder management skills, with experience influencing at senior levels Calm, resilient approach in fast paced and changing environments Clear, positive communicator who can explain cyber risk and controls effectively Your experience Proven experience providing cyber security assurance or secure delivery support in complex environments Demonstrable experience performing threat and risk assessments and defining mitigating controls Experience working in regulated environments with strong cyber and compliance requirements Knowledge of cyber security frameworks and regulatory requirements such as NIST, PCI DSS, GDPR and NIS Experience in agile delivery environments is advantageous Relevant cyber security qualifications (e.g. CISSP, ISO27001 Lead Implementer, SANS GIAC or equivalent) desirable What we offer We believe that all the people who work with us should feel valued for the part they play. It s one of the reasons our rewards go far beyond a competitive salary. From the day you join us, you ll get access to brilliant staff travel benefits including unlimited basic and premium standby tickets on British Airways flights. You ll also receive up to 30 discounted Hotline airfares per year for yourself, friends, and family. At British Airways you ll have the chance to take on new challenges and move forward in a way that feels right for you. We encourage all those who work for us to consider opportunities right across our business to help you develop and progress. We never stand still, and we don t expect our people to either. Inclusion & Diversity At British Airways we all have a part to play in creating an inclusive place to work. Diverse representation among our people is really important to us and we recognise that all our colleagues are uniquely different and bring their own originality, creativity and identity to work. Inclusion and diversity is a key driver of innovation and we re committed to creating a culture where everyone feels that they can be themselves. We re looking for people from all backgrounds and cultures to join us and be a part of our journey to become a Better BA as we continue to connect Britain with the world and the world with Britain.
12/03/2026
Full time
A career without limits As the nation s flag carrier, we take great pride in connecting Britain with the world and the world with Britain. It s something we ve been doing for over 100 years, ever since we launched the world s first international scheduled air service between London and Paris. This originality has been in our blood since day one. It s the spirit we share with the people that fly with us, our partners, and our colleagues. So, whether you are a reassuring voice on the end of a phone, a smile at the door, under a wing keeping the turbines spinning or landing us gently in far flung places, a job at British Airways is yours to make. We know great things can happen when you re inspired to think big and bring your ambition to work every day, which is why, at British Airways, the sky is never the limit. The role Cyber Delivery Assurance Lead As Cyber Delivery Assurance Lead, you ll act as the British Airways cyber representative embedded within product delivery teams, ensuring cyber risk is actively managed and security controls are designed, implemented and operating effectively across programmes and products. This is a hands on cyber assurance role. You ll be expected to bring strong practical experience of applying cyber security controls, assessing real systems and architectures, and working directly with delivery teams to embed security by design not simply reviewing documentation or providing high level guidance. Reporting to the Head of Cyber & IT Risk, you ll work closely with BA Tech Delivery teams, the BA Cyber Team and the IAG Cyber Security Office to ensure solutions meet BA s risk appetite and regulatory obligations. What you ll do Provide delivery assurance to ensure programmes and products operate within BA s cyber risk appetite Work hands on with delivery teams to embed security by design and ensure appropriate cyber controls are implemented and operating effectively Interpret and apply cyber security policies, standards and guidelines across product releases and ongoing maintenance Conduct threat and risk assessments across varied technology stacks and define proportionate mitigating controls Provide authoritative advice on the practical application of security controls, legislation and regulatory requirements Act as the cyber point of contact for programmes and products, supporting secure delivery end to end Engage proactively with the IAG Cyber Security Office assurance and architecture functions to ensure consistency and best practice Identify, manage and report cyber risks and exceptions throughout the product lifecycle Support cyber governance forums and provide clear, accurate updates on security deliverables Promote cyber risk awareness and support security awareness initiatives across the organisation What you ll bring to British Airways Strong hands on cyber security experience, with the ability to assess real systems and influence secure design and delivery decisions Broad technical understanding of cyber security controls across multiple technology domains Confidence working directly with engineers, architects and delivery teams to resolve security issues pragmatically Ability to balance standards compliance with practical delivery constraints Excellent stakeholder management skills, with experience influencing at senior levels Calm, resilient approach in fast paced and changing environments Clear, positive communicator who can explain cyber risk and controls effectively Your experience Proven experience providing cyber security assurance or secure delivery support in complex environments Demonstrable experience performing threat and risk assessments and defining mitigating controls Experience working in regulated environments with strong cyber and compliance requirements Knowledge of cyber security frameworks and regulatory requirements such as NIST, PCI DSS, GDPR and NIS Experience in agile delivery environments is advantageous Relevant cyber security qualifications (e.g. CISSP, ISO27001 Lead Implementer, SANS GIAC or equivalent) desirable What we offer We believe that all the people who work with us should feel valued for the part they play. It s one of the reasons our rewards go far beyond a competitive salary. From the day you join us, you ll get access to brilliant staff travel benefits including unlimited basic and premium standby tickets on British Airways flights. You ll also receive up to 30 discounted Hotline airfares per year for yourself, friends, and family. At British Airways you ll have the chance to take on new challenges and move forward in a way that feels right for you. We encourage all those who work for us to consider opportunities right across our business to help you develop and progress. We never stand still, and we don t expect our people to either. Inclusion & Diversity At British Airways we all have a part to play in creating an inclusive place to work. Diverse representation among our people is really important to us and we recognise that all our colleagues are uniquely different and bring their own originality, creativity and identity to work. Inclusion and diversity is a key driver of innovation and we re committed to creating a culture where everyone feels that they can be themselves. We re looking for people from all backgrounds and cultures to join us and be a part of our journey to become a Better BA as we continue to connect Britain with the world and the world with Britain.
Ready to take the next step in your penetration testing career and lead a high-performing team at a respected, fast-growing cybersecurity consultancy? This is your opportunity to join a CREST-certified organisation committed to excellence, innovation and integrity. As our new Penetration Testing Team Leader , you ll play a pivotal role in shaping cutting-edge testing services, developing talented testers, and helping protect clients across government, telecoms, finance, digital currencies and other critical sectors. With structured development, meaningful progression opportunities, and the chance to make a visible impact from day one, this is a role designed for a driven, highly skilled Team Lead who thrives on technical depth, leadership and solving complex security challenges. The Role at a Glance: Penetration Testing Team Leader Remote with travel to client sites and occasional meetings in London, UK or Channel Islands Up to £95,000 DOE Plus Benefits Benefits: 23 days holiday plus Bank Holidays and extra days based on service, 6% contributory pension and career progression opportunities. Growth: A structured career development plan and training Hours: 09:00 am to 17:30 pm Monday Friday Development Opportunity: Career progression opportunities to develop a growing team of penetration testers and break new ground in testing. Company: Specialist information and cybersecurity consultancy and audit services Company Values: We stand for honesty, integrity and fair practice and are committed to delivering value in every client engagement. Our people are creative, pragmatic and passionate about our purpose. Your Skills / Background: Existing CHECK Team Lead qualification and Team Lead experience. You will also be a tenacious problem solver and communicator with strong client-facing and leadership experience to lead engagements, mentor testers at all levels, and scope complex projects. The Penetration Testing Team Leader Opportunity: As Penetration Testing Team Leader, you will support our clients by delivering excellent penetration testing services and cloud security assessments that are ultimately articulated in high quality and valuable reports. You will deliver hands-on technical penetration testing on a variety of projects and guide and direct the team. In return, you will benefit from an inspiring environment with a team of highly experienced colleagues working across a diverse range of interesting security and assurance projects. This role also includes excellent progression opportunities as we always match enthusiasm and skill with training, opportunity and structured development plans. Key Responsibilities: • Improve and develop penetration testing methodologies, guide project scoping and execution, establish new testing services, and shape the future direction of the testing function with senior management. • Deliver high-quality penetration tests across infrastructure, applications (including APIs and mobile apps), wireless, segmentation and breakout scenarios, and cloud security assessments. • Work with client teams to research vulnerabilities and emerging attack vectors, plan assessments accordingly, and support clients during ongoing incidents. • Conduct vulnerability scans, unauthorised host discovery exercises, analyse findings, and translate results into actionable technical and business-risk recommendations. • Produce high-quality technical reports and create internal documentation, tooling, threat libraries, methodologies, and policies to ensure consistent, informed, and meaningful testing outcomes. • Provide technical presales support, contribute thought-leadership content (papers, articles, online posts, marketing material), and identify business development opportunities. • Mentor, coach, and help build the technical team, supporting their growth in knowledge, skills, and career development. About You: • A driven, battle-tested Team Leader, holding a current CHECK Team Leader qualification and proven senior-level experience • Extensive, hands-on penetration testing expertise backed by deep technical mastery • Fluent in a wide arsenal of security testing tools, using the right tech for maximum impact • Up-to-date, cutting-edge understanding of modern technologies, threats, and security trends • Well-versed in key industry bodies, frameworks, and security standards • Strong ability to translate vulnerabilities into real-world business risk, paired with standout reporting and client presentation skills • Proven track record in growing and developing technical teams, including reviews, appraisals, training plans, and long-term career progression • A credible, personable communicator who builds trust with clients, peers, and technical teams alike • Self-starter with a proactive mindset, comfortable taking initiative and driving outcomes • Genuinely passionate about penetration testing and nurturing teams across all skill levels • Eligible to work in the UK and obtain Government clearance (ILR is required as a minimum but we are unfortunately not able to offer sponsorship) About Us: We are a specialist information and cybersecurity consultancy and expert at understanding information security risks, creating appropriate security destinations and protecting clients from a range of security threats. We hold a CREST certification and offer certification services for PCI-DSS and Cyber Essentials /Essentials Plus. Our clients span telecommunications, Government infrastructure, and digital currencies - covering essential services and critical payment infrastructure. Services include: • Security consulting across the area of security governance, risk, compliance and standards alignment • Penetration testing • Security architecture for cloud and infrastructure • Detection and response • Fractional heads and virtual support • NCSC Assurance service provider for Cyber Essentials and a Certifying Body • Security auditing across varying standards such as ISO27001, NIST, PCI DSS and Cyber Essentials • Training and awareness If you re a proven Penetration Testing Team Leader with CHECK TL status, a passion for advancing security testing, and the drive to mentor and grow a talented team, we d love to hear from you. Step into a role where your expertise shapes real-world defence, your ideas influence future testing services, and your career continues to accelerate in a supportive, forward-thinking environment. Interested? Apply here for a fast-track path to our Hiring Manager Application notice We take your privacy seriously. When you apply, we shall process your details and pass your application to our client for review for this vacancy only. As you might expect you may be contacted by email, text or telephone. Your data is processed on the basis of our legitimate interests in fulfilling the recruitment process. Please refer to our Data Privacy Policy & Notice on our website for further details. If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.
09/03/2026
Full time
Ready to take the next step in your penetration testing career and lead a high-performing team at a respected, fast-growing cybersecurity consultancy? This is your opportunity to join a CREST-certified organisation committed to excellence, innovation and integrity. As our new Penetration Testing Team Leader , you ll play a pivotal role in shaping cutting-edge testing services, developing talented testers, and helping protect clients across government, telecoms, finance, digital currencies and other critical sectors. With structured development, meaningful progression opportunities, and the chance to make a visible impact from day one, this is a role designed for a driven, highly skilled Team Lead who thrives on technical depth, leadership and solving complex security challenges. The Role at a Glance: Penetration Testing Team Leader Remote with travel to client sites and occasional meetings in London, UK or Channel Islands Up to £95,000 DOE Plus Benefits Benefits: 23 days holiday plus Bank Holidays and extra days based on service, 6% contributory pension and career progression opportunities. Growth: A structured career development plan and training Hours: 09:00 am to 17:30 pm Monday Friday Development Opportunity: Career progression opportunities to develop a growing team of penetration testers and break new ground in testing. Company: Specialist information and cybersecurity consultancy and audit services Company Values: We stand for honesty, integrity and fair practice and are committed to delivering value in every client engagement. Our people are creative, pragmatic and passionate about our purpose. Your Skills / Background: Existing CHECK Team Lead qualification and Team Lead experience. You will also be a tenacious problem solver and communicator with strong client-facing and leadership experience to lead engagements, mentor testers at all levels, and scope complex projects. The Penetration Testing Team Leader Opportunity: As Penetration Testing Team Leader, you will support our clients by delivering excellent penetration testing services and cloud security assessments that are ultimately articulated in high quality and valuable reports. You will deliver hands-on technical penetration testing on a variety of projects and guide and direct the team. In return, you will benefit from an inspiring environment with a team of highly experienced colleagues working across a diverse range of interesting security and assurance projects. This role also includes excellent progression opportunities as we always match enthusiasm and skill with training, opportunity and structured development plans. Key Responsibilities: • Improve and develop penetration testing methodologies, guide project scoping and execution, establish new testing services, and shape the future direction of the testing function with senior management. • Deliver high-quality penetration tests across infrastructure, applications (including APIs and mobile apps), wireless, segmentation and breakout scenarios, and cloud security assessments. • Work with client teams to research vulnerabilities and emerging attack vectors, plan assessments accordingly, and support clients during ongoing incidents. • Conduct vulnerability scans, unauthorised host discovery exercises, analyse findings, and translate results into actionable technical and business-risk recommendations. • Produce high-quality technical reports and create internal documentation, tooling, threat libraries, methodologies, and policies to ensure consistent, informed, and meaningful testing outcomes. • Provide technical presales support, contribute thought-leadership content (papers, articles, online posts, marketing material), and identify business development opportunities. • Mentor, coach, and help build the technical team, supporting their growth in knowledge, skills, and career development. About You: • A driven, battle-tested Team Leader, holding a current CHECK Team Leader qualification and proven senior-level experience • Extensive, hands-on penetration testing expertise backed by deep technical mastery • Fluent in a wide arsenal of security testing tools, using the right tech for maximum impact • Up-to-date, cutting-edge understanding of modern technologies, threats, and security trends • Well-versed in key industry bodies, frameworks, and security standards • Strong ability to translate vulnerabilities into real-world business risk, paired with standout reporting and client presentation skills • Proven track record in growing and developing technical teams, including reviews, appraisals, training plans, and long-term career progression • A credible, personable communicator who builds trust with clients, peers, and technical teams alike • Self-starter with a proactive mindset, comfortable taking initiative and driving outcomes • Genuinely passionate about penetration testing and nurturing teams across all skill levels • Eligible to work in the UK and obtain Government clearance (ILR is required as a minimum but we are unfortunately not able to offer sponsorship) About Us: We are a specialist information and cybersecurity consultancy and expert at understanding information security risks, creating appropriate security destinations and protecting clients from a range of security threats. We hold a CREST certification and offer certification services for PCI-DSS and Cyber Essentials /Essentials Plus. Our clients span telecommunications, Government infrastructure, and digital currencies - covering essential services and critical payment infrastructure. Services include: • Security consulting across the area of security governance, risk, compliance and standards alignment • Penetration testing • Security architecture for cloud and infrastructure • Detection and response • Fractional heads and virtual support • NCSC Assurance service provider for Cyber Essentials and a Certifying Body • Security auditing across varying standards such as ISO27001, NIST, PCI DSS and Cyber Essentials • Training and awareness If you re a proven Penetration Testing Team Leader with CHECK TL status, a passion for advancing security testing, and the drive to mentor and grow a talented team, we d love to hear from you. Step into a role where your expertise shapes real-world defence, your ideas influence future testing services, and your career continues to accelerate in a supportive, forward-thinking environment. Interested? Apply here for a fast-track path to our Hiring Manager Application notice We take your privacy seriously. When you apply, we shall process your details and pass your application to our client for review for this vacancy only. As you might expect you may be contacted by email, text or telephone. Your data is processed on the basis of our legitimate interests in fulfilling the recruitment process. Please refer to our Data Privacy Policy & Notice on our website for further details. If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.
Excellent opportunity for a Senior Penetration Tester to join a highly-skilled and growing CREST-certified cybersecurity consultancy committed to excellence, innovation and integrity. The company offers great career progression opportunities, a generous training and development budget, and time to support research projects that allow you to break new ground in testing. You will need to be enthusiastic about continuous development and either have or wish to gain a current CRT qualification. The role is predominantly home based although will include some travel to customer sites and attendance at company meetings as needed. The Role at a Glance: Senior Penetration Tester Home based with visits to client sites and company meetings as required Up to £70,000 to £80,000 Per Annum depending on experience & qualifications Benefits: 23 days holiday plus Bank Holidays and extra days based on service, 6% contributory pension and career progression opportunities. Growth: A structured career development plan and training Hours: 09:00 am to 17:30 pm Monday Friday Development Opportunity: Career progression and training opportunities available Company: Specialist information and cyber security consultancy and audit services Company Values: We stand for honesty, integrity and fair practice and are committed to delivering value in every client engagement. Our people are creative, pragmatic and passionate about our purpose. Your Skills / Background: 4+ years hands-on penetration testing experience and ideally an existing CRT qualification or the aspiration to gain the qualification. You will also be a tenacious problem solver and good communicator. The Senior Penetration Tester Opportunity: As Senior Penetration Tester, you will support our clients by delivering excellent penetration testing services and cloud security assessments that are ultimately articulated in high quality and valuable reports. In return, you will work in an inspiring environment with a team of highly experienced colleagues working across a diverse range of interesting security and assurance projects. This role also includes excellent progression opportunities as we always match enthusiasm and skill with training, opportunity and structured development plans, and support/sponsorship to attain future qualifications. Key Responsibilities: • Delivering high quality infrastructure, applications (including APIs and mobile apps), wireless, segmentation and breakout penetration tests, along with cloud security assessments • Working with client teams to research potential vulnerabilities and then plan accordingly • Working with clients to research and identify new and emerging attack vectors • Conducting vulnerability assessment scanning and unauthorised host discovery exercises • Analysing findings and translating them into actionable recommendations • Delivering high-quality technical reports, outlining technical and business risk • Providing support to clients during on-going incidents • Creating and developing tooling, knowledge/threat libraries, methodologies and policies that ensure high quality and informed testing assessments are undertaken • Creating and developing internal documentation to ensure our reporting is meaningful • Authoring appropriate thought leadership papers, articles, online posts, and marketing materials About You: • A tenacious tester with 4+ years' demonstrable hands-on penetration testing experience • Have mastered a variety of security testing tools • Current and relevant technical understanding of technologies, security threats and trends • Familiar with relevant bodies and security standards • Strong demonstrated ability to take vulnerabilities and articulate the actual business risk along with good reporting writing and client presentation skills • Current CRT, OSCP and/or CTM / CTL qualification would be advantageous, but we are also considering applications from candidates with relevant work experience who would be ready and keen to obtain these qualifications in the near future (with relevant company sponsorship) • The desire to gain new skills, continuous learning and development, attend training courses and obtain future qualifications / accreditations • Strong verbal and written communication skills including report writing • Eligible to work in the UK and obtain Government clearance (ILR is required as a minimum, but we are unfortunately not able to offer sponsorship) About Us: We are a specialist information and cybersecurity consultancy and expert at understanding information security risks, creating appropriate security destinations and protecting clients from a range of security threats. We hold a CREST certification and offer certification services for PCI-DSS and Cyber Essentials /Essentials Plus. Our clients span telecommunications, Government infrastructure, and digital currencies - covering essential services and critical payment infrastructure. Services include: • Security consulting across the area of security governance, risk, compliance and standards alignment • Penetration testing • Security architecture for cloud and infrastructure • Detection and response • Fractional heads and virtual support • NCSC Assurance service provider for Cyber Essentials and a Certifying Body • Security auditing across varying standards such as ISO27001, NIST, PCI DSS and Cyber E Essentials • Training and awareness Interested? Apply here for a fast-track path to our Hiring Manager Application notice We take your privacy seriously. When you apply, we shall process your details and pass your application to our client for review for this vacancy only. As you might expect you may be contacted by email, text or telephone. Your data is processed on the basis of our legitimate interests in fulfilling the recruitment process. Please refer to our Data Privacy Policy & Notice on our website for further details. If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.
09/03/2026
Full time
Excellent opportunity for a Senior Penetration Tester to join a highly-skilled and growing CREST-certified cybersecurity consultancy committed to excellence, innovation and integrity. The company offers great career progression opportunities, a generous training and development budget, and time to support research projects that allow you to break new ground in testing. You will need to be enthusiastic about continuous development and either have or wish to gain a current CRT qualification. The role is predominantly home based although will include some travel to customer sites and attendance at company meetings as needed. The Role at a Glance: Senior Penetration Tester Home based with visits to client sites and company meetings as required Up to £70,000 to £80,000 Per Annum depending on experience & qualifications Benefits: 23 days holiday plus Bank Holidays and extra days based on service, 6% contributory pension and career progression opportunities. Growth: A structured career development plan and training Hours: 09:00 am to 17:30 pm Monday Friday Development Opportunity: Career progression and training opportunities available Company: Specialist information and cyber security consultancy and audit services Company Values: We stand for honesty, integrity and fair practice and are committed to delivering value in every client engagement. Our people are creative, pragmatic and passionate about our purpose. Your Skills / Background: 4+ years hands-on penetration testing experience and ideally an existing CRT qualification or the aspiration to gain the qualification. You will also be a tenacious problem solver and good communicator. The Senior Penetration Tester Opportunity: As Senior Penetration Tester, you will support our clients by delivering excellent penetration testing services and cloud security assessments that are ultimately articulated in high quality and valuable reports. In return, you will work in an inspiring environment with a team of highly experienced colleagues working across a diverse range of interesting security and assurance projects. This role also includes excellent progression opportunities as we always match enthusiasm and skill with training, opportunity and structured development plans, and support/sponsorship to attain future qualifications. Key Responsibilities: • Delivering high quality infrastructure, applications (including APIs and mobile apps), wireless, segmentation and breakout penetration tests, along with cloud security assessments • Working with client teams to research potential vulnerabilities and then plan accordingly • Working with clients to research and identify new and emerging attack vectors • Conducting vulnerability assessment scanning and unauthorised host discovery exercises • Analysing findings and translating them into actionable recommendations • Delivering high-quality technical reports, outlining technical and business risk • Providing support to clients during on-going incidents • Creating and developing tooling, knowledge/threat libraries, methodologies and policies that ensure high quality and informed testing assessments are undertaken • Creating and developing internal documentation to ensure our reporting is meaningful • Authoring appropriate thought leadership papers, articles, online posts, and marketing materials About You: • A tenacious tester with 4+ years' demonstrable hands-on penetration testing experience • Have mastered a variety of security testing tools • Current and relevant technical understanding of technologies, security threats and trends • Familiar with relevant bodies and security standards • Strong demonstrated ability to take vulnerabilities and articulate the actual business risk along with good reporting writing and client presentation skills • Current CRT, OSCP and/or CTM / CTL qualification would be advantageous, but we are also considering applications from candidates with relevant work experience who would be ready and keen to obtain these qualifications in the near future (with relevant company sponsorship) • The desire to gain new skills, continuous learning and development, attend training courses and obtain future qualifications / accreditations • Strong verbal and written communication skills including report writing • Eligible to work in the UK and obtain Government clearance (ILR is required as a minimum, but we are unfortunately not able to offer sponsorship) About Us: We are a specialist information and cybersecurity consultancy and expert at understanding information security risks, creating appropriate security destinations and protecting clients from a range of security threats. We hold a CREST certification and offer certification services for PCI-DSS and Cyber Essentials /Essentials Plus. Our clients span telecommunications, Government infrastructure, and digital currencies - covering essential services and critical payment infrastructure. Services include: • Security consulting across the area of security governance, risk, compliance and standards alignment • Penetration testing • Security architecture for cloud and infrastructure • Detection and response • Fractional heads and virtual support • NCSC Assurance service provider for Cyber Essentials and a Certifying Body • Security auditing across varying standards such as ISO27001, NIST, PCI DSS and Cyber E Essentials • Training and awareness Interested? Apply here for a fast-track path to our Hiring Manager Application notice We take your privacy seriously. When you apply, we shall process your details and pass your application to our client for review for this vacancy only. As you might expect you may be contacted by email, text or telephone. Your data is processed on the basis of our legitimate interests in fulfilling the recruitment process. Please refer to our Data Privacy Policy & Notice on our website for further details. If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.
We are seeking an experienced Solution Architect to play a key role in an excellent client's large-scale platform migration programme focused on consolidating multiple payment and card-processing systems into a unified global ecosystem. The successful candidate will bring expertise in system migrations, ETL/data transformation pipelines, and cross-functional collaboration. You will work with engineering, product, operations, compliance, and partner teams to define and govern architecture that delivers secure, compliant, resilient, and high-performing outcomes. This can either be a mainly remote or hybrid role depending on what the successful candidate prefers. As well as competitive salary's, our client offers a comprehensive benefits package. Key Responsibilities Lead solution architecture for the migration and consolidation of regional card-processing and payments platforms into a modern, unified global environment. Design and own large-scale data migration and ETL processes, including data mapping, transformation logic, orchestration, validation, lineage, and implementation. Translate complex business requirements into: Data models and data flow diagrams Sequence diagrams Migration runbooks Integration specifications and architectural patterns Provide hands-on technical guidance to engineering teams during solution buildout, ensuring alignment to architectural standards. Collaborate with compliance functions to ensure architectural designs meet regulatory obligations (e.g., PCI-DSS, PSD2, AML, GDPR, electronic money regulations). Promote security-by-design across all components, focusing on card data handling, encryption, tokenisation, and access controls. Facilitate technical workshops and architecture design reviews with internal teams and external partners. Key Skills & Experience Experience as a Solution Architect in fintech, payments, card issuing/acquiring, or financial services. Demonstrated experience with large-scale platform, system, and data migrations. Hands-on expertise in designing ETL and data integration pipelines (Python, SQL-based orchestration, cloud-native ETL tools, messaging ingestion). Solid understanding of data engineering concepts with practical experience in SQL Server, MongoDB, Synapse, Fabric, and Snowflake. Familiarity with card-processing systems, scheme integrations, authorisation flows, transaction life cycles, and settlement processes; knowledge of cryptographic key migrations (e.g., EMV, PEK) is advantageous. Experience architecting microservices, REST APIs, event-driven architectures, and secure cloud services (Azure). Exceptional communication and collaboration skills, capable of working with senior stakeholders, external partners, and technical teams. Ability to balance strategic thinking with hands-on technical problem solving. Spectrum IT Recruitment (South) Limited is acting as an Employment Agency in relation to this vacancy.
24/02/2026
Full time
We are seeking an experienced Solution Architect to play a key role in an excellent client's large-scale platform migration programme focused on consolidating multiple payment and card-processing systems into a unified global ecosystem. The successful candidate will bring expertise in system migrations, ETL/data transformation pipelines, and cross-functional collaboration. You will work with engineering, product, operations, compliance, and partner teams to define and govern architecture that delivers secure, compliant, resilient, and high-performing outcomes. This can either be a mainly remote or hybrid role depending on what the successful candidate prefers. As well as competitive salary's, our client offers a comprehensive benefits package. Key Responsibilities Lead solution architecture for the migration and consolidation of regional card-processing and payments platforms into a modern, unified global environment. Design and own large-scale data migration and ETL processes, including data mapping, transformation logic, orchestration, validation, lineage, and implementation. Translate complex business requirements into: Data models and data flow diagrams Sequence diagrams Migration runbooks Integration specifications and architectural patterns Provide hands-on technical guidance to engineering teams during solution buildout, ensuring alignment to architectural standards. Collaborate with compliance functions to ensure architectural designs meet regulatory obligations (e.g., PCI-DSS, PSD2, AML, GDPR, electronic money regulations). Promote security-by-design across all components, focusing on card data handling, encryption, tokenisation, and access controls. Facilitate technical workshops and architecture design reviews with internal teams and external partners. Key Skills & Experience Experience as a Solution Architect in fintech, payments, card issuing/acquiring, or financial services. Demonstrated experience with large-scale platform, system, and data migrations. Hands-on expertise in designing ETL and data integration pipelines (Python, SQL-based orchestration, cloud-native ETL tools, messaging ingestion). Solid understanding of data engineering concepts with practical experience in SQL Server, MongoDB, Synapse, Fabric, and Snowflake. Familiarity with card-processing systems, scheme integrations, authorisation flows, transaction life cycles, and settlement processes; knowledge of cryptographic key migrations (e.g., EMV, PEK) is advantageous. Experience architecting microservices, REST APIs, event-driven architectures, and secure cloud services (Azure). Exceptional communication and collaboration skills, capable of working with senior stakeholders, external partners, and technical teams. Ability to balance strategic thinking with hands-on technical problem solving. Spectrum IT Recruitment (South) Limited is acting as an Employment Agency in relation to this vacancy.
Directorate: Strategy & Innovation Contract Type: 18 Months Fixed Term Contract Hours: 36 Salary: 71,713 - 79,409 Location: Colindale Closing Date: Midnight March 9th 2026 About Barnet Council Barnet is a borough with much to be proud of. Our excellent schools, vibrant town centers, vast green spaces and diverse communities all help make it a great place to live and work. As a council we want to build on these strengths as we move into the future. We are growing and developing as an organisation to meet the challenges facing our borough and we are committed to working with partner organisations and residents to make Barnet even better. As an organisation, our staff are committed to Our Values: Learning to Improve, Caring, Inclusive, Collaborative - which drive everything we do. About the role This is an exciting time to join Barnet as we grow our Digital, Data and Technology (DDaT) capabilities and ensure our technology services and IT providers provide robust, secure services and Cyber security mitigation is designed into any digital transformation work. We're investing in smarter services, better use of data, modern technology, and you'll play a key part in shaping this future. The Cyber Security Manager will lead the Council's approach to safeguarding its technology assets, systems, and data against evolving cyber threats. This role is responsible for developing and implementing a robust cyber security strategy aligned with national standards and local government best practice. The postholder will oversee risk management, compliance, and incident response, ensuring the resilience of critical services and the protection of sensitive information. Acting as the Council's subject matter expert, the Cyber Security Manager will drive a culture of security awareness across the organisation, provide strategic advice to senior leaders, and manage relationships with external partners to maintain a secure and trusted digital and data environment. This is a high impact role with visibility across the organisation. You'll influence senior leaders, guide major technology decisions, and help create a modern and secure, integrated architecture that supports better services and outcomes for residents. This is a hybrid role. You will be expected to attend monthly in-person team days in our Colindale office. We also come into the office to meet service stakeholders, work together on collaboration, discovery and user testing sessions and department days Please click here to download the Job description for this role. About you You are an experienced cyber security professional who brings both strategic insight and handson expertise. You have a strong track record of protecting complex organisations from evolving cyber threats, ideally within the public sector or other regulated environments. You understand national standards and frameworks such as NCSC guidance, PSN, PCIDSS, GDPR and Cyber Essentials Plus, and you know how to translate these into practical, proportionate controls that keep systems, people and data safe. Relationship building is one of your strengths. You know how to influence, challenge constructively and collaborate across organisational boundaries, including with outsourced partners and internal stakeholders. You champion security by design, drive cultural change, and communicate in a way that brings people with you. Strong communication and negotiation skills, with proven experience influencing senior stakeholders. You are confident working with modern security technologies including Microsoft Sentinel, Microsoft Defender, and the wider Microsoft E5 security suite. You can analyse risks, interpret complex technical information, and provide clear advice to senior leaders, project teams and service managers. You're proactive, highly organised, and able to balance multiple priorities while keeping residents, partners and staff at the heart of your decision-making. You are motivated by public service, committed to learning and continuous improvement, and you share our values of caring, collaboration, inclusivity and curiosity. Above all, you want to help create a safer, more resilient and more secure Council for the residents and communities of Barnet. Please see full job description for further details What we offer - 31 days annual leave, plus public and bank holidays - Access to the Local Government Pension Scheme, which provides a valuable guaranteed income in your retirement together with security for your dependents - Work-life balance options may include hybrid working, flexitime, job share, home working, part-time - A vast range of lifestyle discounts from major retailers, supermarkets, energy suppliers and more - Broad range of payroll benefits including cycle to work, eye care vouchers, travel and gym membership - Excellent training and development opportunities - Employee well- being training programs including confidential employee assistance How to apply Read the job description and person specification before clicking 'Apply' to commence the online application form. If you would like any further information about the role before applying, please contact James Rapkin, Head of Organisational Insight & Intelligence, Barnet Council is committed to safeguarding and promoting the welfare of children, young people, and vulnerable adults and expects all staff and volunteers to share this commitment. Barnet operates stringent safer recruitment procedures, this may include AI Detection Screening, Biometric ID/Right to Work Checks, Qualification and Registration Checks, Up to 6 years of Employment Data and Insights to Accelerate Screening (Konfir), Up to 5 years of Employment History References, DBS (Disclosure & Barring Service) Checks, Credit Checks and Social Media, Sanctions and Occupational Health Screening. To deliver Barnet Council's commitment to equality of opportunity in the provision of services, all staff are expected to promote equality in the workplace and in the services the Council delivers. As such we value diversity and welcome applications from all backgrounds. Barnet Council embraces all forms of flexible working (including part-time, compressed hours, and hybrid working) and is committed to offering employees a healthy work-life balance. Candidates are encouraged to talk about relevant requirements and preferences at interview. We can't promise to give you exactly what you want, but we do promise not to judge you for asking. Barnet Council is a Disability Confident Committed Employer. We welcome and encourage job applications of all abilities. If you require any reasonable adjustments in the application or interview, please contact the lead contact on this advert. We will make reasonable adjustments to make sure our disabled applicants and those with health conditions are supported throughout our recruitment process. We support the access to work scheme, further details are available at (url removed) All posts with the council are subject to a probationary period of six months, during which time you will be required to demonstrate to the council satisfaction your suitability for the position in which you will be employed. Due to the high number of applications that are received for some posts we may close vacancies before the stated closing date if sufficient number of applications are received. Therefore, please apply as soon as possible. Please ensure you regularly check the email account (including JUNK MAIL folders) that you use to submit your application, as any further communication regarding your application will be sent electronically. Should you not hear from us within four working weeks of the closing date for this post, then regretfully in this instance, you have not been shortlisted.
13/02/2026
Contractor
Directorate: Strategy & Innovation Contract Type: 18 Months Fixed Term Contract Hours: 36 Salary: 71,713 - 79,409 Location: Colindale Closing Date: Midnight March 9th 2026 About Barnet Council Barnet is a borough with much to be proud of. Our excellent schools, vibrant town centers, vast green spaces and diverse communities all help make it a great place to live and work. As a council we want to build on these strengths as we move into the future. We are growing and developing as an organisation to meet the challenges facing our borough and we are committed to working with partner organisations and residents to make Barnet even better. As an organisation, our staff are committed to Our Values: Learning to Improve, Caring, Inclusive, Collaborative - which drive everything we do. About the role This is an exciting time to join Barnet as we grow our Digital, Data and Technology (DDaT) capabilities and ensure our technology services and IT providers provide robust, secure services and Cyber security mitigation is designed into any digital transformation work. We're investing in smarter services, better use of data, modern technology, and you'll play a key part in shaping this future. The Cyber Security Manager will lead the Council's approach to safeguarding its technology assets, systems, and data against evolving cyber threats. This role is responsible for developing and implementing a robust cyber security strategy aligned with national standards and local government best practice. The postholder will oversee risk management, compliance, and incident response, ensuring the resilience of critical services and the protection of sensitive information. Acting as the Council's subject matter expert, the Cyber Security Manager will drive a culture of security awareness across the organisation, provide strategic advice to senior leaders, and manage relationships with external partners to maintain a secure and trusted digital and data environment. This is a high impact role with visibility across the organisation. You'll influence senior leaders, guide major technology decisions, and help create a modern and secure, integrated architecture that supports better services and outcomes for residents. This is a hybrid role. You will be expected to attend monthly in-person team days in our Colindale office. We also come into the office to meet service stakeholders, work together on collaboration, discovery and user testing sessions and department days Please click here to download the Job description for this role. About you You are an experienced cyber security professional who brings both strategic insight and handson expertise. You have a strong track record of protecting complex organisations from evolving cyber threats, ideally within the public sector or other regulated environments. You understand national standards and frameworks such as NCSC guidance, PSN, PCIDSS, GDPR and Cyber Essentials Plus, and you know how to translate these into practical, proportionate controls that keep systems, people and data safe. Relationship building is one of your strengths. You know how to influence, challenge constructively and collaborate across organisational boundaries, including with outsourced partners and internal stakeholders. You champion security by design, drive cultural change, and communicate in a way that brings people with you. Strong communication and negotiation skills, with proven experience influencing senior stakeholders. You are confident working with modern security technologies including Microsoft Sentinel, Microsoft Defender, and the wider Microsoft E5 security suite. You can analyse risks, interpret complex technical information, and provide clear advice to senior leaders, project teams and service managers. You're proactive, highly organised, and able to balance multiple priorities while keeping residents, partners and staff at the heart of your decision-making. You are motivated by public service, committed to learning and continuous improvement, and you share our values of caring, collaboration, inclusivity and curiosity. Above all, you want to help create a safer, more resilient and more secure Council for the residents and communities of Barnet. Please see full job description for further details What we offer - 31 days annual leave, plus public and bank holidays - Access to the Local Government Pension Scheme, which provides a valuable guaranteed income in your retirement together with security for your dependents - Work-life balance options may include hybrid working, flexitime, job share, home working, part-time - A vast range of lifestyle discounts from major retailers, supermarkets, energy suppliers and more - Broad range of payroll benefits including cycle to work, eye care vouchers, travel and gym membership - Excellent training and development opportunities - Employee well- being training programs including confidential employee assistance How to apply Read the job description and person specification before clicking 'Apply' to commence the online application form. If you would like any further information about the role before applying, please contact James Rapkin, Head of Organisational Insight & Intelligence, Barnet Council is committed to safeguarding and promoting the welfare of children, young people, and vulnerable adults and expects all staff and volunteers to share this commitment. Barnet operates stringent safer recruitment procedures, this may include AI Detection Screening, Biometric ID/Right to Work Checks, Qualification and Registration Checks, Up to 6 years of Employment Data and Insights to Accelerate Screening (Konfir), Up to 5 years of Employment History References, DBS (Disclosure & Barring Service) Checks, Credit Checks and Social Media, Sanctions and Occupational Health Screening. To deliver Barnet Council's commitment to equality of opportunity in the provision of services, all staff are expected to promote equality in the workplace and in the services the Council delivers. As such we value diversity and welcome applications from all backgrounds. Barnet Council embraces all forms of flexible working (including part-time, compressed hours, and hybrid working) and is committed to offering employees a healthy work-life balance. Candidates are encouraged to talk about relevant requirements and preferences at interview. We can't promise to give you exactly what you want, but we do promise not to judge you for asking. Barnet Council is a Disability Confident Committed Employer. We welcome and encourage job applications of all abilities. If you require any reasonable adjustments in the application or interview, please contact the lead contact on this advert. We will make reasonable adjustments to make sure our disabled applicants and those with health conditions are supported throughout our recruitment process. We support the access to work scheme, further details are available at (url removed) All posts with the council are subject to a probationary period of six months, during which time you will be required to demonstrate to the council satisfaction your suitability for the position in which you will be employed. Due to the high number of applications that are received for some posts we may close vacancies before the stated closing date if sufficient number of applications are received. Therefore, please apply as soon as possible. Please ensure you regularly check the email account (including JUNK MAIL folders) that you use to submit your application, as any further communication regarding your application will be sent electronically. Should you not hear from us within four working weeks of the closing date for this post, then regretfully in this instance, you have not been shortlisted.
OT Security Risk & Compliance Lead Permanent Salary + £15% bonus + 10% pension Hybrid 1 day a week on site in your desired office location, Glasgow, London, Leeds or Ipswich Are you passionate about driving security standards in OT/ICS environments? This is an exciting opportunity to join a leading global renewables business as they strengthen their Cyber and Information Security capability. Reporting to the Head of InfoSec Governance, Risk & Compliance (via the OT Security Risk & Compliance Manager), the OT Security Risk & Compliance Lead will play a pivotal role in shaping, managing and influencing security risk management activities across the Group, with a particular focus on OT/ICS. Key Responsibilities: Define and deliver security risk assessments and maintain accurate risk registers and reports. Lead security risk review meetings with stakeholders and represent Security at senior leadership forums. Support the development, rollout and adoption of the Group Security Framework, Policies and Standards, ensuring alignment to external regulations (NIS Regulation 2018, SEC, PCI-DSS, etc.). Oversee compliance activities, promote a risk-aware culture, and manage non-compliance or exceptions. Provide security SME input into projects, supporting delivery teams and asset owners in understanding their responsibilities. Assist with supply chain security assessments and contribute to enterprise-wide risk and audit reporting. What We re Looking For: Previous experience working with OT Systems or applying engineering principles in production environments. Knowledge of control frameworks such as NIST, IEC 62443, ISO27001, ITIL, SABSA. Strong technical understanding across OT/ICS environments. Excellent stakeholder management skills with the ability to influence and communicate effectively at all levels. Why Join? Be part of a forward-thinking organisation investing heavily in innovation, renewables, AI and IoT. Play a key role in enhancing their global cyber resilience. Enjoy a flexible hybrid model with 95% remote working. Competitive package including bonus and pension.
06/10/2025
Full time
OT Security Risk & Compliance Lead Permanent Salary + £15% bonus + 10% pension Hybrid 1 day a week on site in your desired office location, Glasgow, London, Leeds or Ipswich Are you passionate about driving security standards in OT/ICS environments? This is an exciting opportunity to join a leading global renewables business as they strengthen their Cyber and Information Security capability. Reporting to the Head of InfoSec Governance, Risk & Compliance (via the OT Security Risk & Compliance Manager), the OT Security Risk & Compliance Lead will play a pivotal role in shaping, managing and influencing security risk management activities across the Group, with a particular focus on OT/ICS. Key Responsibilities: Define and deliver security risk assessments and maintain accurate risk registers and reports. Lead security risk review meetings with stakeholders and represent Security at senior leadership forums. Support the development, rollout and adoption of the Group Security Framework, Policies and Standards, ensuring alignment to external regulations (NIS Regulation 2018, SEC, PCI-DSS, etc.). Oversee compliance activities, promote a risk-aware culture, and manage non-compliance or exceptions. Provide security SME input into projects, supporting delivery teams and asset owners in understanding their responsibilities. Assist with supply chain security assessments and contribute to enterprise-wide risk and audit reporting. What We re Looking For: Previous experience working with OT Systems or applying engineering principles in production environments. Knowledge of control frameworks such as NIST, IEC 62443, ISO27001, ITIL, SABSA. Strong technical understanding across OT/ICS environments. Excellent stakeholder management skills with the ability to influence and communicate effectively at all levels. Why Join? Be part of a forward-thinking organisation investing heavily in innovation, renewables, AI and IoT. Play a key role in enhancing their global cyber resilience. Enjoy a flexible hybrid model with 95% remote working. Competitive package including bonus and pension.
Cyber Security - Secure by Design Consultant (Contract) London 680 per day 6-month initial contract (with strong potential to go permanent) Deerfoot Recruitment is working with a leading financial services organisation to recruit a Secure by Design Consultant to join their IT Risk, Security & Control function in London. This is a 6-month contract paying 680 per day (Inside IR35) , with a high likelihood of converting to a permanent role. The successful candidate will play a key role in delivering secure-by-design assessments across technology projects, ensuring compliance with IT security policies and industry standards. You will work closely with senior stakeholders, providing assurance on cybersecurity controls, identifying risks, and recommending actions to strengthen the organisation's security posture. Key responsibilities include: Conducting IT security assessments across infrastructure, cloud, applications, and service operations projects. Reviewing and testing security controls to ensure operating effectiveness. Documenting risks, gaps, and recommendations for remediation. Supporting project teams to embed security requirements from the outset. Engaging with senior stakeholders and providing clear, actionable reporting. Skills & experience sought: Strong background in IT Security, Cyber Assurance, or IT Audit. Hands-on knowledge across areas such as governance, IAM, threat management, vulnerability management, and incident response. Good understanding of security frameworks (e.g. ISO27001, NIST, PCI-DSS, SOX). Experience engaging with senior stakeholders within complex environments. Relevant certifications (CISSP, CISM, CISA, CRISC) desirable. This is an exciting opportunity to join a high-performing cyber security team within a global financial services organisation, with genuine long-term career potential. Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate 1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd acts as an Employment Business in relation to this vacancy.
02/10/2025
Contractor
Cyber Security - Secure by Design Consultant (Contract) London 680 per day 6-month initial contract (with strong potential to go permanent) Deerfoot Recruitment is working with a leading financial services organisation to recruit a Secure by Design Consultant to join their IT Risk, Security & Control function in London. This is a 6-month contract paying 680 per day (Inside IR35) , with a high likelihood of converting to a permanent role. The successful candidate will play a key role in delivering secure-by-design assessments across technology projects, ensuring compliance with IT security policies and industry standards. You will work closely with senior stakeholders, providing assurance on cybersecurity controls, identifying risks, and recommending actions to strengthen the organisation's security posture. Key responsibilities include: Conducting IT security assessments across infrastructure, cloud, applications, and service operations projects. Reviewing and testing security controls to ensure operating effectiveness. Documenting risks, gaps, and recommendations for remediation. Supporting project teams to embed security requirements from the outset. Engaging with senior stakeholders and providing clear, actionable reporting. Skills & experience sought: Strong background in IT Security, Cyber Assurance, or IT Audit. Hands-on knowledge across areas such as governance, IAM, threat management, vulnerability management, and incident response. Good understanding of security frameworks (e.g. ISO27001, NIST, PCI-DSS, SOX). Experience engaging with senior stakeholders within complex environments. Relevant certifications (CISSP, CISM, CISA, CRISC) desirable. This is an exciting opportunity to join a high-performing cyber security team within a global financial services organisation, with genuine long-term career potential. Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate 1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd acts as an Employment Business in relation to this vacancy.
Senior Backend Developer Capital Pay Software Solutions Ltd Promoting world class payment solution systems to global audiences Capital Pay Software Solutions Ltd is advancing its capabilities by enhancing its Payment Aggregator Platform. This strategic initiative is crucial to our international operations, designed for optimal flexibility and adaptability across diverse markets. We are seeking highly skilled and motivated professionals to strengthen our expert team. If you excel in a dynamic environment and are dedicated to developing secure and scalable FinTech solutions, we encourage you to connect with us. Join Capital Pay International in driving innovation in the global payment landscape. We are seeking a Senior Backend Developer with extensive experience in the FinTech industry, specifically in building secure and robust solutions. The ideal candidate will be a technical leader, capable of designing and implementing the core architecture of our payment aggregation platform. Key Responsibilities: Lead the design and development of the core backend architecture, including the API gateway, transaction management layer, and merchant management layer. Select and implement appropriate technologies from our stack, which includes python, Node.js, or Jave for programming languages; Django, Express.js, or Spring Boot for frameworks; and PostgreSQL or MySQL for transactional date, with Redis for caching and session management. Design and implement robust security measures, including AES-256 encryption for sensitive data, TLS for secure communication, and OAuth/JWT for authentication and authorisation. Ensure the platform is compliant with PCI-DSS, GDPR, and other relevant data protection regulations. Integrate multiple payment gateways (Capital Pay, Stripe, Paypal, Barclaycard, Adyen, Worldpay) using provided SDKs/APIs. Implement advanced fraud detection and anti-mney laundering (AML) systems. Develop and maintain RESTful APIs for seamless communication with the frontend and external systems. Implement features for transaction tracking and status management (pending, completed, failed), refund and chargeback handling, and payment settlement (funds transfer to merchant accounts). Participate in architectural design discussions, code reviews, and technical mentoring. Contribute to the development of a developer-friendly API and comprehensive documentation. Set up and manage cloud infrastructure on AWS, Google Cloud, or Azure. Implement and manage continuous integration and continuous delivery (CI/CD) pipelines to automate software builds and deployments We are looking for a candidate who: • Has a proven track record of 6+ years in backend development, with significant experience in the FinTech or financial services sector. • Possesses deep expertise in building scalable and secure backend services. • Is proficient in at least one of the specified programming languages (Python, Node.js, Kotlin or Java) and their associated frameworks. • Has a strong experience with database design and management, including both SQL (PostgreSQL or MySQL) and potentially NoSQL databases. • Has hands-on experience with RESTful API design and microservices architecture. • Demonstrates a strong understanding of security best practices and compliance standards like PCIDSS and GDPR. • Has experience integrating with third-party APIs, particularly payment gateways. • Has experience in NFC/RFID technology and Payment Networks integrations. • Is adept at problem-solving, has excellent attnetion to detail, and can work effectively in a fast-paced,agile environment. • Familiarity with serverless architecture is beneficial. • Experience with messaging systems like RabbitMQ or Kafka is a plus. • Experience implementing two-factor authentication (2FA) for user logins • Experience with performance optimisation for high-traffic scenarios and a large number of concurrent users.
01/09/2025
Full time
Senior Backend Developer Capital Pay Software Solutions Ltd Promoting world class payment solution systems to global audiences Capital Pay Software Solutions Ltd is advancing its capabilities by enhancing its Payment Aggregator Platform. This strategic initiative is crucial to our international operations, designed for optimal flexibility and adaptability across diverse markets. We are seeking highly skilled and motivated professionals to strengthen our expert team. If you excel in a dynamic environment and are dedicated to developing secure and scalable FinTech solutions, we encourage you to connect with us. Join Capital Pay International in driving innovation in the global payment landscape. We are seeking a Senior Backend Developer with extensive experience in the FinTech industry, specifically in building secure and robust solutions. The ideal candidate will be a technical leader, capable of designing and implementing the core architecture of our payment aggregation platform. Key Responsibilities: Lead the design and development of the core backend architecture, including the API gateway, transaction management layer, and merchant management layer. Select and implement appropriate technologies from our stack, which includes python, Node.js, or Jave for programming languages; Django, Express.js, or Spring Boot for frameworks; and PostgreSQL or MySQL for transactional date, with Redis for caching and session management. Design and implement robust security measures, including AES-256 encryption for sensitive data, TLS for secure communication, and OAuth/JWT for authentication and authorisation. Ensure the platform is compliant with PCI-DSS, GDPR, and other relevant data protection regulations. Integrate multiple payment gateways (Capital Pay, Stripe, Paypal, Barclaycard, Adyen, Worldpay) using provided SDKs/APIs. Implement advanced fraud detection and anti-mney laundering (AML) systems. Develop and maintain RESTful APIs for seamless communication with the frontend and external systems. Implement features for transaction tracking and status management (pending, completed, failed), refund and chargeback handling, and payment settlement (funds transfer to merchant accounts). Participate in architectural design discussions, code reviews, and technical mentoring. Contribute to the development of a developer-friendly API and comprehensive documentation. Set up and manage cloud infrastructure on AWS, Google Cloud, or Azure. Implement and manage continuous integration and continuous delivery (CI/CD) pipelines to automate software builds and deployments We are looking for a candidate who: • Has a proven track record of 6+ years in backend development, with significant experience in the FinTech or financial services sector. • Possesses deep expertise in building scalable and secure backend services. • Is proficient in at least one of the specified programming languages (Python, Node.js, Kotlin or Java) and their associated frameworks. • Has a strong experience with database design and management, including both SQL (PostgreSQL or MySQL) and potentially NoSQL databases. • Has hands-on experience with RESTful API design and microservices architecture. • Demonstrates a strong understanding of security best practices and compliance standards like PCIDSS and GDPR. • Has experience integrating with third-party APIs, particularly payment gateways. • Has experience in NFC/RFID technology and Payment Networks integrations. • Is adept at problem-solving, has excellent attnetion to detail, and can work effectively in a fast-paced,agile environment. • Familiarity with serverless architecture is beneficial. • Experience with messaging systems like RabbitMQ or Kafka is a plus. • Experience implementing two-factor authentication (2FA) for user logins • Experience with performance optimisation for high-traffic scenarios and a large number of concurrent users.
Senior Security Specialist - Salary £50,000 to £55,000 Are you someone who is passionate about Cyber Security and looking for an excellent opportunity to use and expand your skills within a dedicated security advisory team? This role exists within Aviva's CISO team and is responsible for carrying out consultancy and risk assessment activities across multiple geographical areas, business areas and change disciplines. If you feel this is something to which you could bring benefit, or indeed, personally benefit from joining, please read on... A bit about the job: The purpose of this role is to integrate into the existing team to provide a top-class service to protect Aviva against current and new cyber related threats. To reduce the risk of change activity (IT and Cyber initiatives) to Aviva, the successful candidate will provide: Security consultancy advice and guidance, security review of solution designs including recommendations, advice and guidance to promote secure by design and carry out Information Security Risk Assessments (ISRA) to better manage Aviva risks against reputational damage, system outage and data loss potentially leading to regulatory fines, as data security becomes an ever greater focus across the globe. The role will require someone with in-depth technical knowledge, who can collaborate well with colleagues across multiple disciplines as the team works with technical and operational teams across the business, to ensure change activity meets Aviva's security requirements whilst adopting the necessary security controls. The team is made up of professional people who are passionate about providing a top-class service and protecting Aviva, whilst also supporting each other. This is accomplished through knowledge sharing and maintaining an enjoyable working environment. Skills and experience we're looking for: Risk Assessment methods and frameworks (IRAM2, OCTAVE, NIST, ISO 27005 etc). Information Security Management System frameworks and standards and their application. Knowledge of governance processes and practices, including ISMS monitoring and control management frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks and the application within a financial services environment. Good working knowledge of one or more security technologies and domains, including, but not limited to network security, cyber security, data security, identity and access management, application security & cloud security and associated compliance frameworks such as SOX, PCI-DSS etc Security technologies (firewalls, WAFs, DLP, cryptography, vulnerability scanning, identity and access management, etc.) The ability to carry out threat modelling, vulnerability assessment, control effectiveness review and risk assessment of a proposal or design and deliver a comprehensive, easy consumable report targeted to audience and stakeholders What you'll get for this role: Starting salary between £45,000 and £55,000 (depending on location, skills, experience, and qualifications) Generous pension (starting level Aviva contributes 8% when you contribute 2%) Eligibility for annual performance bonus Family friendly parental and carer's leave 29 days holiday per year plus bank holidays and the option to buy/sell up to 5 additional days Up to 40% discount for Aviva products Brilliant flexible benefits including electric cars Aviva Matching Share Plan and Save As You Earn scheme 21 volunteering hours per year Aviva is for everyone: We are inclusive - we want applications from people with diverse backgrounds and experiences. Excited but not sure you tick every box? Research tells us that women, particularly, feel this way. So, regardless of gender, why not apply. And if you're in a job share just apply as a pair. We flex locations, hours and working patterns to suit our customers, business, and you. Most of our people are smart working - spending around 60% of their time in our offices and 40% at home. To find out more about working at Aviva take a look here We interview every disabled applicant who meets the minimum criteria for the job. Once you've applied, please send us an email stating that you have a disclosed disability, and we'll interview you. We'd love it if you could submit your application online. If you require an alternative method of applying, please give Alice a call on or send an email to .
22/09/2022
Full time
Senior Security Specialist - Salary £50,000 to £55,000 Are you someone who is passionate about Cyber Security and looking for an excellent opportunity to use and expand your skills within a dedicated security advisory team? This role exists within Aviva's CISO team and is responsible for carrying out consultancy and risk assessment activities across multiple geographical areas, business areas and change disciplines. If you feel this is something to which you could bring benefit, or indeed, personally benefit from joining, please read on... A bit about the job: The purpose of this role is to integrate into the existing team to provide a top-class service to protect Aviva against current and new cyber related threats. To reduce the risk of change activity (IT and Cyber initiatives) to Aviva, the successful candidate will provide: Security consultancy advice and guidance, security review of solution designs including recommendations, advice and guidance to promote secure by design and carry out Information Security Risk Assessments (ISRA) to better manage Aviva risks against reputational damage, system outage and data loss potentially leading to regulatory fines, as data security becomes an ever greater focus across the globe. The role will require someone with in-depth technical knowledge, who can collaborate well with colleagues across multiple disciplines as the team works with technical and operational teams across the business, to ensure change activity meets Aviva's security requirements whilst adopting the necessary security controls. The team is made up of professional people who are passionate about providing a top-class service and protecting Aviva, whilst also supporting each other. This is accomplished through knowledge sharing and maintaining an enjoyable working environment. Skills and experience we're looking for: Risk Assessment methods and frameworks (IRAM2, OCTAVE, NIST, ISO 27005 etc). Information Security Management System frameworks and standards and their application. Knowledge of governance processes and practices, including ISMS monitoring and control management frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks and the application within a financial services environment. Good working knowledge of one or more security technologies and domains, including, but not limited to network security, cyber security, data security, identity and access management, application security & cloud security and associated compliance frameworks such as SOX, PCI-DSS etc Security technologies (firewalls, WAFs, DLP, cryptography, vulnerability scanning, identity and access management, etc.) The ability to carry out threat modelling, vulnerability assessment, control effectiveness review and risk assessment of a proposal or design and deliver a comprehensive, easy consumable report targeted to audience and stakeholders What you'll get for this role: Starting salary between £45,000 and £55,000 (depending on location, skills, experience, and qualifications) Generous pension (starting level Aviva contributes 8% when you contribute 2%) Eligibility for annual performance bonus Family friendly parental and carer's leave 29 days holiday per year plus bank holidays and the option to buy/sell up to 5 additional days Up to 40% discount for Aviva products Brilliant flexible benefits including electric cars Aviva Matching Share Plan and Save As You Earn scheme 21 volunteering hours per year Aviva is for everyone: We are inclusive - we want applications from people with diverse backgrounds and experiences. Excited but not sure you tick every box? Research tells us that women, particularly, feel this way. So, regardless of gender, why not apply. And if you're in a job share just apply as a pair. We flex locations, hours and working patterns to suit our customers, business, and you. Most of our people are smart working - spending around 60% of their time in our offices and 40% at home. To find out more about working at Aviva take a look here We interview every disabled applicant who meets the minimum criteria for the job. Once you've applied, please send us an email stating that you have a disclosed disability, and we'll interview you. We'd love it if you could submit your application online. If you require an alternative method of applying, please give Alice a call on or send an email to .
Project Manager - Information Security | £5-600 p/day | Outside IR35 | Contract (5months) You will manage and lead all phases of global information security projects and contribute to execution of the strategy by solving a business need through the application of project management practices. Understand the business strategy and information security needs to drive change within the company. Identify and monitor efforts and costs required in Information Security and other IT functions to deliver optimal secure solutions to the company. Your 'day to day' · Understand the business strategy, global InfoSec strategic roadmap and specific project information security needs to drive change within the company. Get deep understanding of the company's global information security baselines and help defining InfoSec requirements, propose optimal solution, confirm financial proposal of the project and drive change management activities. · Manage and build a flexible, agile and innovative IT project organization that attracts, develops and retains the best global talent in order to deliver IT required, currently and in the future. · Apply project management, change management, service management methodology and usability practices based on known solutions, applications and best practices assuring adherence to standards. Resolve complex project related issues by analysing, identifying and facilitating the emergence of solutions leading to optimal resolution. · Drive communication and co-ordination for the success of the project and provide project status reports and other project information to project stakeholders and senior management on a regular basis. Timely identify project needs impacting other IT platforms or teams, and coordinate project efforts in close collaboration with these teams to ensure timely and effective project delivery. · Drive the projects within agreed scope, budget, resources and timing. Allocate and manage resources for assigned projects based on historical information, input from other staff, and general understanding of project tasks; anticipate and mobilise cross functional resources when required (procurement, legal, technology, finance, 3rd party suppliers and consultant, etc.). Monitor and measure results and provide constructive feedback to assigned resources in terms of deliverables on what and how. · Ensure development and distribution of quality project-related documentation to all interested parties, including project plan and schedule, project charter, communications plan, requirements document, design document, deployment plan, test plan, maintenance transition plan, and closing report. Who we're looking for · 5-10 years of experience in leading IT projects, preferably in information security related domains, within a large organization · Experience in Agile development methodology · Deep understanding of IT processes: logical and physical access management, change management, system operations, system availability and continuity, risk assessment · Good presentation, analytic, conceptual design, and decision-making skills · Knowledge of information security management systems such as the National Institute of Standards and Technology (NIST) Special Publication 800-53, ISO 2700x, COBIT 2019 · Knowledge of Sarbanes-Oxley (SOX) compliance and PCI-DSS compliance · University degree (Computer Sciences, Information Systems, Engineering, Business Administration or equivalent) · Professional certifications in IT audit, information security, or risk management (e.g. ISACA CISA, ISACA CISM, ISACA CRISC, CISSP, ISO 27001 Lead Auditor/Implementer, GIAC Security Essentials Certification (GSEC), etc.) · Professional certifications in project management (e.g. PRINCE2, Project Management Professional (PMP), Agile, SCRUM) · Delivery of DLP, Cloud Security, Endpoint Security, Infrastructure Security projects will be added advantage. The job/role offer is subject to valid right to work in UK
10/09/2021
Contractor
Project Manager - Information Security | £5-600 p/day | Outside IR35 | Contract (5months) You will manage and lead all phases of global information security projects and contribute to execution of the strategy by solving a business need through the application of project management practices. Understand the business strategy and information security needs to drive change within the company. Identify and monitor efforts and costs required in Information Security and other IT functions to deliver optimal secure solutions to the company. Your 'day to day' · Understand the business strategy, global InfoSec strategic roadmap and specific project information security needs to drive change within the company. Get deep understanding of the company's global information security baselines and help defining InfoSec requirements, propose optimal solution, confirm financial proposal of the project and drive change management activities. · Manage and build a flexible, agile and innovative IT project organization that attracts, develops and retains the best global talent in order to deliver IT required, currently and in the future. · Apply project management, change management, service management methodology and usability practices based on known solutions, applications and best practices assuring adherence to standards. Resolve complex project related issues by analysing, identifying and facilitating the emergence of solutions leading to optimal resolution. · Drive communication and co-ordination for the success of the project and provide project status reports and other project information to project stakeholders and senior management on a regular basis. Timely identify project needs impacting other IT platforms or teams, and coordinate project efforts in close collaboration with these teams to ensure timely and effective project delivery. · Drive the projects within agreed scope, budget, resources and timing. Allocate and manage resources for assigned projects based on historical information, input from other staff, and general understanding of project tasks; anticipate and mobilise cross functional resources when required (procurement, legal, technology, finance, 3rd party suppliers and consultant, etc.). Monitor and measure results and provide constructive feedback to assigned resources in terms of deliverables on what and how. · Ensure development and distribution of quality project-related documentation to all interested parties, including project plan and schedule, project charter, communications plan, requirements document, design document, deployment plan, test plan, maintenance transition plan, and closing report. Who we're looking for · 5-10 years of experience in leading IT projects, preferably in information security related domains, within a large organization · Experience in Agile development methodology · Deep understanding of IT processes: logical and physical access management, change management, system operations, system availability and continuity, risk assessment · Good presentation, analytic, conceptual design, and decision-making skills · Knowledge of information security management systems such as the National Institute of Standards and Technology (NIST) Special Publication 800-53, ISO 2700x, COBIT 2019 · Knowledge of Sarbanes-Oxley (SOX) compliance and PCI-DSS compliance · University degree (Computer Sciences, Information Systems, Engineering, Business Administration or equivalent) · Professional certifications in IT audit, information security, or risk management (e.g. ISACA CISA, ISACA CISM, ISACA CRISC, CISSP, ISO 27001 Lead Auditor/Implementer, GIAC Security Essentials Certification (GSEC), etc.) · Professional certifications in project management (e.g. PRINCE2, Project Management Professional (PMP), Agile, SCRUM) · Delivery of DLP, Cloud Security, Endpoint Security, Infrastructure Security projects will be added advantage. The job/role offer is subject to valid right to work in UK
Governance Risk and Control Analyst/Tester Inside IR35 Leading banking client requires an experienced Governance Risk and Control Analyst/Tester to join on an initial 6 month contract to conduct controls testing of cybersecurity controls against industry security frameworks (e.g., SOX ISO27001. NIST Cybersecurity Improvement framework, FFIEC). Experience of working as an IT auditor, security auditor or governance, risk and compliance analyst Good understanding of cybersecurity/IT control frameworks including but not limited to frameworks from SOX, FFIEC, ISO27001, NIST, Cloud Security Alliance, and PCI-DSS Proven understanding of current best practice approach to security assurance and the application of security frameworks Experience in project management Planning and prioritizing multiple project work streams in response to rapidly developing and changing portfolios. Experience of security risk management Broad knowledge of computer, networking and IT security systems including operating systems, databases, firewalls, SIEM, DLP etc Ability to handle ambiguity and make decisions and recommendations with limited data Solid analytical/problem-solving skills with capability to identify solutions to unusual and complex problems Good presentation, documentation and reporting skills Essential skills: Experience in managing multiple tasks with broad scope, ambiguity, and high degree of difficulty Experience in providing assurance for cybersecurity technologies, policies, standards and procedures Demonstrable proficiency in a wide range of information IT security domains such as Security Governance, Identity and Access Management, Access Controls, Threat Intelligence, Asset Management, Risk Management, Security Assessment/Testing, Security Incident Management and Vulnerability and Patch Management Possessing high level of analytical ability where problems are typically unusual and difficult Ability to maintain a working knowledge of cybersecurity principles and elements Understand global IT risk management structure Demonstrable experience of senior stakeholder management and relevant management reporting. Ability to coach team members through knowledge transfer and constructive feedback Governance Risk and Control Analyst/Tester Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
10/09/2021
Contractor
Governance Risk and Control Analyst/Tester Inside IR35 Leading banking client requires an experienced Governance Risk and Control Analyst/Tester to join on an initial 6 month contract to conduct controls testing of cybersecurity controls against industry security frameworks (e.g., SOX ISO27001. NIST Cybersecurity Improvement framework, FFIEC). Experience of working as an IT auditor, security auditor or governance, risk and compliance analyst Good understanding of cybersecurity/IT control frameworks including but not limited to frameworks from SOX, FFIEC, ISO27001, NIST, Cloud Security Alliance, and PCI-DSS Proven understanding of current best practice approach to security assurance and the application of security frameworks Experience in project management Planning and prioritizing multiple project work streams in response to rapidly developing and changing portfolios. Experience of security risk management Broad knowledge of computer, networking and IT security systems including operating systems, databases, firewalls, SIEM, DLP etc Ability to handle ambiguity and make decisions and recommendations with limited data Solid analytical/problem-solving skills with capability to identify solutions to unusual and complex problems Good presentation, documentation and reporting skills Essential skills: Experience in managing multiple tasks with broad scope, ambiguity, and high degree of difficulty Experience in providing assurance for cybersecurity technologies, policies, standards and procedures Demonstrable proficiency in a wide range of information IT security domains such as Security Governance, Identity and Access Management, Access Controls, Threat Intelligence, Asset Management, Risk Management, Security Assessment/Testing, Security Incident Management and Vulnerability and Patch Management Possessing high level of analytical ability where problems are typically unusual and difficult Ability to maintain a working knowledge of cybersecurity principles and elements Understand global IT risk management structure Demonstrable experience of senior stakeholder management and relevant management reporting. Ability to coach team members through knowledge transfer and constructive feedback Governance Risk and Control Analyst/Tester Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Working as part of the Security Engineering Team the Security Engineer will oversee the implementation, configuration and administration of our technical security control suite. You will work on the design and implementation of new security controls/technologies to help further improve Next's security posture, working with the other security and IT teams to ensure they integrate with our existing systems. Once implemented the Security Engineer will help ensure these systems are maintained and tuned by working with our Red and Blue teams so as to ensure they remain effective against new and emerging threats. As a Security Engineer you will also help mentor more inexperienced members of the team. You will also maintain an awareness of the changing threat landscape and industry standards, working to identify, justify and progress opportunities to improve the security of our environment and counter new threats. Your role will involve participating in a shift and call out rota to help ensure our environment is monitored and supported on a 24x7 basis. Responsibilities Manage and maintain Next's technical security controls Establish, monitor and maintain automated processes that aid in alert information enrichment and incident management Maintain control baselines to identify capacity and licencing requirements for future budgets Ensure controls meet required standards Work with other Information Security teams to identify control gaps and implement improvements to address Work with the Information Security Management team to identify new technical controls and implement Work with other IT Teams to ensure that new and existing security controls integrate seamlessly with our IT systems Assist Incident Response team with the investigation and resolution of Security Incidents Create and maintain operational procedures, configuration and technical documentation to a high standard Manage and maintain metrics and reporting to ensure the performance of our security controls is understood Maintain an awareness of new and emerging security technologies and threats Be a mentor for more inexperienced members of the Security Engineering team Promote and follow good change management practices Help manage and resolve operational issues with technical controls, helping coordinate and direct team efforts Criteria Information Technology experience with an understanding of network protocols and server infrastructure Project delivery and design experience plan and prioritise workloads, and to measure and report on current progress Strong Windows Server and/or Linux experience Solid comprehension of Information Security including malware, new threats, attack techniques, and vulnerability management Experience installing, configuring and maintaining common security tools such as Anti-Virus, FIM, IDS/IPS Experience mentoring other team members Take a lead role in coordinating the diagnosis and resolution of major issues Report technical solutions to senior management in a clear and concise manner Must follow and promote team standards including documentation. Understand and operate change management Desirable Criteria Relevant industry recognised security qualification Experience with Risk Management and/or Threat Modelling Experience with security or compliance standards such as PCI-DSS or ISO27001 Experience of working for a Retail company
17/03/2021
Full time
Working as part of the Security Engineering Team the Security Engineer will oversee the implementation, configuration and administration of our technical security control suite. You will work on the design and implementation of new security controls/technologies to help further improve Next's security posture, working with the other security and IT teams to ensure they integrate with our existing systems. Once implemented the Security Engineer will help ensure these systems are maintained and tuned by working with our Red and Blue teams so as to ensure they remain effective against new and emerging threats. As a Security Engineer you will also help mentor more inexperienced members of the team. You will also maintain an awareness of the changing threat landscape and industry standards, working to identify, justify and progress opportunities to improve the security of our environment and counter new threats. Your role will involve participating in a shift and call out rota to help ensure our environment is monitored and supported on a 24x7 basis. Responsibilities Manage and maintain Next's technical security controls Establish, monitor and maintain automated processes that aid in alert information enrichment and incident management Maintain control baselines to identify capacity and licencing requirements for future budgets Ensure controls meet required standards Work with other Information Security teams to identify control gaps and implement improvements to address Work with the Information Security Management team to identify new technical controls and implement Work with other IT Teams to ensure that new and existing security controls integrate seamlessly with our IT systems Assist Incident Response team with the investigation and resolution of Security Incidents Create and maintain operational procedures, configuration and technical documentation to a high standard Manage and maintain metrics and reporting to ensure the performance of our security controls is understood Maintain an awareness of new and emerging security technologies and threats Be a mentor for more inexperienced members of the Security Engineering team Promote and follow good change management practices Help manage and resolve operational issues with technical controls, helping coordinate and direct team efforts Criteria Information Technology experience with an understanding of network protocols and server infrastructure Project delivery and design experience plan and prioritise workloads, and to measure and report on current progress Strong Windows Server and/or Linux experience Solid comprehension of Information Security including malware, new threats, attack techniques, and vulnerability management Experience installing, configuring and maintaining common security tools such as Anti-Virus, FIM, IDS/IPS Experience mentoring other team members Take a lead role in coordinating the diagnosis and resolution of major issues Report technical solutions to senior management in a clear and concise manner Must follow and promote team standards including documentation. Understand and operate change management Desirable Criteria Relevant industry recognised security qualification Experience with Risk Management and/or Threat Modelling Experience with security or compliance standards such as PCI-DSS or ISO27001 Experience of working for a Retail company
Prism Digital
Information Security Analyst - SIEM - Famous Arts Institution A world-renowned arts institution based in South Kensington is looking for a Cyber Security Analyst You will be joining an IT department of circa 20 staff. Your role will be as a very hands on IT Security specialist to maintain the internal and external security of the business at a large scale; 3,000 devices and 1,200 end users. You will be responsible for the day-to-day actions that will ensure the established information security policies are adhered to by all staff and all systems. You will monitor all security and compliance systems regularly taking action where required or ensuring that others who are responsible for those systems are taking appropriate action. Main tasks: * Lead the development, documentation and maintenance of information security policies, procedures, and standards across the organisation * Proactively initiate, facilitate, and promote activities to create awareness of information security * Assist in system and software architecture and design to ensure that data and assets remain secure at all times * Perform Information Security Risk Assessments of all new systems implemented * Perform regular risk assessments and work closely with auditors to pre-empt, mitigate, and swiftly respond to any audit findings * To investigate suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken * Work with the IT Security Manager to implement and maintain the Information Security Management System (ISMS) * Manage the Security Information and Event Management system (SIEM) and other security systems ensuring appropriate actions are taken for all issues flagged for action by the system * Monitor all security compliance reporting ensuring appropriate actions are taken in response to the report details and escalating issues as required * Monitor security risks using data from security vendors, application vendors, government security organisations and other appropriate information sources and highlight areas of concern to the IT Security Manager * Monitor all security systems for potential security breaches and recommend remedial actions to be taken * Manage regular penetration tests (internal and external) Monitor the SIEM for issues arising Check compliance reports daily and get others to make appropriate updates Work with the Programme Manager on developing further compliance reports for regular review Verify Windows patches are applied by performing random checks Implement Nessus scanner with Cyber Essentials rules for internal systems to verify compliance levels Follow up on any phishing attacks or other security events to ensure proper process and documentation is followed Assist in putting together an Information Security Risk Assessment template and then conducting those for each of our systems. Follow up on penetration test results liaising with internal teams and external vendors to deliver required remediation Essential requirements: * Formal Information Security qualification (CISM, CISSP/CISA or equivalent) * At least 3 years of experience in Information Security Management or IT Audit related role * Understanding of ISO27001, Cyber Essentials, business continuity and compliance and audit frameworks * Understanding of IT infrastructure, networking systems and information management systems * Experienced in the selection and implementation of appropriate security controls * Ability to produce clear written material for Senior Management * Ability to communicate technical information in a clear and understandable manner to non-technical stakeholders * Ability to direct, interact and effectively share technical issues with IT staff and end users Desirable requirements: * Familiar with the configuration and operation of Nessus * Working within an ISO27001 or Cyber Essentials compliant environment * Strong understanding of GDPR and PCIDSS * Excellent analytical and problem-solving skills * Experience establishing an ISMS and SIEM Benefits: 28 days holiday 10% Co. Pension - no personal contrib needed Season Ticket Loan Cycle to Work Scheme Heavily subsidised Staff Canteen 36 Working Hour Week with a degree of flex Information Security Analyst - SIEM - Famous Arts Institution This is an amazing company to work for and they are looking for someone to start ASAP!
15/02/2019
Prism Digital
Information Security Analyst - SIEM - Famous Arts Institution A world-renowned arts institution based in South Kensington is looking for a Cyber Security Analyst You will be joining an IT department of circa 20 staff. Your role will be as a very hands on IT Security specialist to maintain the internal and external security of the business at a large scale; 3,000 devices and 1,200 end users. You will be responsible for the day-to-day actions that will ensure the established information security policies are adhered to by all staff and all systems. You will monitor all security and compliance systems regularly taking action where required or ensuring that others who are responsible for those systems are taking appropriate action. Main tasks: * Lead the development, documentation and maintenance of information security policies, procedures, and standards across the organisation * Proactively initiate, facilitate, and promote activities to create awareness of information security * Assist in system and software architecture and design to ensure that data and assets remain secure at all times * Perform Information Security Risk Assessments of all new systems implemented * Perform regular risk assessments and work closely with auditors to pre-empt, mitigate, and swiftly respond to any audit findings * To investigate suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken * Work with the IT Security Manager to implement and maintain the Information Security Management System (ISMS) * Manage the Security Information and Event Management system (SIEM) and other security systems ensuring appropriate actions are taken for all issues flagged for action by the system * Monitor all security compliance reporting ensuring appropriate actions are taken in response to the report details and escalating issues as required * Monitor security risks using data from security vendors, application vendors, government security organisations and other appropriate information sources and highlight areas of concern to the IT Security Manager * Monitor all security systems for potential security breaches and recommend remedial actions to be taken * Manage regular penetration tests (internal and external) Monitor the SIEM for issues arising Check compliance reports daily and get others to make appropriate updates Work with the Programme Manager on developing further compliance reports for regular review Verify Windows patches are applied by performing random checks Implement Nessus scanner with Cyber Essentials rules for internal systems to verify compliance levels Follow up on any phishing attacks or other security events to ensure proper process and documentation is followed Assist in putting together an Information Security Risk Assessment template and then conducting those for each of our systems. Follow up on penetration test results liaising with internal teams and external vendors to deliver required remediation Essential requirements: * Formal Information Security qualification (CISM, CISSP/CISA or equivalent) * At least 3 years of experience in Information Security Management or IT Audit related role * Understanding of ISO27001, Cyber Essentials, business continuity and compliance and audit frameworks * Understanding of IT infrastructure, networking systems and information management systems * Experienced in the selection and implementation of appropriate security controls * Ability to produce clear written material for Senior Management * Ability to communicate technical information in a clear and understandable manner to non-technical stakeholders * Ability to direct, interact and effectively share technical issues with IT staff and end users Desirable requirements: * Familiar with the configuration and operation of Nessus * Working within an ISO27001 or Cyber Essentials compliant environment * Strong understanding of GDPR and PCIDSS * Excellent analytical and problem-solving skills * Experience establishing an ISMS and SIEM Benefits: 28 days holiday 10% Co. Pension - no personal contrib needed Season Ticket Loan Cycle to Work Scheme Heavily subsidised Staff Canteen 36 Working Hour Week with a degree of flex Information Security Analyst - SIEM - Famous Arts Institution This is an amazing company to work for and they are looking for someone to start ASAP!
