392 Ciso jobs in the United Kingdom

Information Security Officer

Hybrid – Home & London | Permanent | £68,000 | 35 hrs/week (flexible)

A rare and brilliant opportunity to join this international development children’s charity, as their new Information Security Officer . You'll be the expert, working closely with the Chief Information Officer and other senior leaders to embed security practices across systems, suppliers, and staff. You’ll be joining a small but impactful Technology team where the culture is collaborative and down-to-earth. You’ll have the autonomy to get stuck in, alongside the backing to develop professionally, whether that’s through security qualifications or broader leadership skills.

What you will be doing

As Information Security Officer , you’ll lead the implementation of the organisation’s cyber security plans.

• Act as subject matter expert on information security across the organisation
• Ensure compliance with standards like Cyber Essentials Plus and CIS .
• Oversee third-party security providers and outsourced ICT services.
• Manage incident response planning, investigations, and reporting.
• Deliver engaging training to build a strong security culture.
• Collaborate with Legal and Data Protection teams to ensure GDPR compliance.
• Stay ahead of evolving threats and technologies to drive continuous improvement.
• Opportunity to influence at board level without people management responsibilities

What we are looking for

What matters most is your hands-on experience navigating real-world security challenges and your ability to see both the technical and human side of data protection.

You should have:

• Proven experience in ICT security management and incident response (CIS and Cyber Essential Plus).
• Strong technical knowledge of Microsoft 365, Azure, and cloud security.
• Familiarity with frameworks like ISO 27001, NIST, and CIS.
• Excellent communication skills and a pragmatic, risk-based mindset.
• Relevant certifications (e.g. AZ-500, CISSP, CISM, CCSP) are highly desirable.

This role offers hyrbid working (1-2 days/week in office) as well as open discussion around different working patterns i.e 9-day fortnight and varied start/finish times. The organisation values professional development and had a learning & development fund for certifications and career growth. A strong emphasis on wellbeing and work-life balance within a supportive, inclusive culture that welcomes applicants from all backgrounds.

To apply, please submit your up-to-date CV by the 26th of August 2025 at 5.00 PM . Cover letters are not required.

Please note, only successful applicants will be contacted with further information.

We want you to have every opportunity to demonstrate your skills, ability and potential; please contact us if you require any assistance or adjustment so that we can help with making the application process work for you.

Information Security Officer

Hybrid – Home & London | Permanent | £68,000 | 35 hrs/week (flexible)

A rare and brilliant opportunity to join this international development children’s charity, as their new Information Security Officer . You'll be the expert, working closely with the Chief Information Officer and other senior leaders to embed security practices across systems, suppliers, and staff. You’ll be joining a small but impactful Technology team where the culture is collaborative and down-to-earth. You’ll have the autonomy to get stuck in, alongside the backing to develop professionally, whether that’s through security qualifications or broader leadership skills.

What you will be doing

As Information Security Officer , you’ll lead the implementation of the organisation’s cyber security plans.

• Act as subject matter expert on information security across the organisation
• Ensure compliance with standards like Cyber Essentials Plus and CIS .
• Oversee third-party security providers and outsourced ICT services.
• Manage incident response planning, investigations, and reporting.
• Deliver engaging training to build a strong security culture.
• Collaborate with Legal and Data Protection teams to ensure GDPR compliance.
• Stay ahead of evolving threats and technologies to drive continuous improvement.
• Opportunity to influence at board level without people management responsibilities

What we are looking for

What matters most is your hands-on experience navigating real-world security challenges and your ability to see both the technical and human side of data protection.

You should have:

• Proven experience in ICT security management and incident response (CIS and Cyber Essential Plus).
• Strong technical knowledge of Microsoft 365, Azure, and cloud security.
• Familiarity with frameworks like ISO 27001, NIST, and CIS.
• Excellent communication skills and a pragmatic, risk-based mindset.
• Relevant certifications (e.g. AZ-500, CISSP, CISM, CCSP) are highly desirable.

This role offers hyrbid working (1-2 days/week in office) as well as open discussion around different working patterns i.e 9-day fortnight and varied start/finish times. The organisation values professional development and had a learning & development fund for certifications and career growth. A strong emphasis on wellbeing and work-life balance within a supportive, inclusive culture that welcomes applicants from all backgrounds.

To apply, please submit your up-to-date CV by the 26th of August 2025 at 5.00 PM . Cover letters are not required.

Please note, only successful applicants will be contacted with further information.

We want you to have every opportunity to demonstrate your skills, ability and potential; please contact us if you require any assistance or adjustment so that we can help with making the application process work for you.

WHJS1_UKTJ

About the company

Steamship Mutual is a P&I insurance company, with 230 employees worldwide. The main office is based near Liverpool Street station, London. We have offices in Bermuda, Brazil, Cyprus, Greece, Hong Kong, Japan, and Singapore.

Overall Job Purpose : 

The Junior Information Security Officer (JISO) will assist the Information Security team in implementing and maintaining the information security management system with the objective of managing risks to information assets to an acceptable level.

The JISO will develop a good understanding of the information security policies, standards and procedures and will assist InfoSec in implementing, managing and monitoring the relevant controls.

It is imperative that the JISO develops a strong understanding of the organisation’s technology landscape to help identify potential threats and vulnerabilities.

Requirements

Key Responsibilities:

• Assist in maintaining the information security standards, procedures and guidelines.
• Participate in the information security risk management process to identify, assess, treat and monitor risks.
• Manage information security incidents and events to protect information assets. Help develop and implement incident response plans and procedures to ensure that information services are recovered in a timely manner in the event of a security breach.
• Track vendor and media disclosure of threats and vulnerabilities and advise on the appropriate courses of action.
• Audit security controls and report non-compliance. Assist in auditing the environment against new or updated legal and regulatory requirements, or the agreed industry standards.
• Assist with the quarterly cybersecurity ITSC and Board updates and key risk indicator reporting.
• Maintain the information security awareness training program and conduct phishing tests.
• Maintain the Privileged Access Management, Security and Event Management and Vulnerability Management systems.
• Assist in identifying security solutions that will be effective in mitigating risks to information assets. Manage the implementation and maintenance of the approved solutions.

Person Specification:

• Degree in Cybersecurity, Computer Science, Information Systems, or a related field.
• Demonstrable interest in information security (e.g. coursework, certifications, personal projects).
• Familiarity with security frameworks such as ISO27001, NIST, or CIS Controls.
• Basic understanding of networking, operating systems, and cloud environments.
• Awareness of common threat vectors, controls and basic incident response principles.
• Basic knowledge of Windows operating systems, Active Directory, Entra ID
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication.
• Ability to handle sensitive information with discretion.
• Eagerness to learn and adapt in a fast-paced environment.
• Team player with a proactive and detail-oriented mindset.

Benefits

Join Us at Steamship Mutual

• Become part of our collaborative, supportive, and friendly working environment, where you can enjoy a rewarding career with opportunities to enhance your existing skills and knowledge. We prioritise a healthy work-life balance and offer a competitive hybrid working policy.
• Our clear and transparent career pathways provide continuous support for skill enhancement and create opportunities for professional development. Additionally, we offer access to the Protection & Indemnity Qualification, created by the International Group of P&I Clubs.
• Our attractive benefits package includes private healthcare and a competitive wellbeing subsidy.

Company Values

Mutuality ensuring fairness amongst Club Members

Integrity upholding high ethical, legal, and regulatory standards

Safety and Sustainability contributing to safety of life at sea and the preservation of the environment

Transparency building strong relationships based on trust and open communication

Excellence enabling our people to realise their full potential as team members, industry experts, leaders, and managers

Collaborative embracing flexibility, diversity, and inclusivity

**Steamship Insurance Management Services Ltd is committed to providing a great service to all our members. We pride ourselves on offering a people-centred culture that provides mutual respect and support for all our staff and we welcome and encourage you to apply**

Dentons is designed to be different. We are driven to always be the firm of the future, to challenge the status quo, and to provide holistic business solutions to our clients in new and innovative ways. We are the lightbulb moments. The bold ideas. We are the world's largest global law firm, with 12,000+ people across 80+ countries. Driven by the diverse perspectives of our people, our clients, and our communities, we combine local knowledge with global insight.

The Global Chief Information Officer (CIO) will lead the global technology function strategically, define a transformative vision, and provide high-impact leadership across a complex, multi-layered firm. This role is a strategic influencer tasked with aligning technology strategy to the global and regional business priorities and objectives.

The Global CIO will champion collaboration across regions, optimize business processes, enable inorganic and organic growth. They will oversee the cost-effective provision of shared services, global platforms, and vendor ecosystems, while ensuring technology security and regulatory compliance. The CIO will also work closely with the members of Global governance bodies (GMC, Global Board etc.) and all the Global Chiefs and in particular the Global Chief Finance Officer to manage complex budgets and billing structures and with the Global Chief Security Officer on technology security.

Strategic Vision & Operating Model:

• Develop and implement a Target Operating Model for the firmwide Technology function(s), including clarifying accountability over governance, funding, and delivery and support frameworks.
• Create a 5-year technology roadmap aligned with the Global CEO’s strategy and regional priorities.
• Influence and align regional and global stakeholders to ensure cohesive execution of technology initiatives.
• Lead and execute transformation efforts enabled by technology, as approved.

Shared Services & Global Platforms:

• Build upon the shared services already provided for the regions.
• Define and monitor SLAs for shared technologies and services provided to the regions.
• Oversee the provision and performance of global technology services, digital technologies, applications, and data services.
• Ensure seamless integration of global platforms.

Leadership & Collaboration:

• Lead and inspire a high-performing Global technology team; and align and inspire Regional IT leaders.
• Provide guidance on staffing and structuring to build upon and support the shared services delivery model.
• Foster cross-functional collaboration with practice, business, and security leaders.

Vendor & Financial Oversight:

• Manage Global vendor contracts, billing processes, and performance accountability.
• Identify opportunities to reduce costs through strategic sourcing.
• Partner with the Global Chief Finance Officer to navigate procurement and complex budget structures.

Security, Compliance & Risk:

• Collaborate with the Global Chief Security Officer to embed security and regulatory compliance into all technology initiatives and IT operations.
• Lead efforts to seek and retain compliance of managed technology assets with international cyber security standards including and not limited to ISO27001 and Soc2

Operational Excellence:

• Institute an IT Service Delivery model (e.g., ITIL) to maximize effectiveness and efficiency.
• Align tooling, policies, and standards to resolve gaps and drive modernization.

Requirements

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or related field.
• Master’s degree in Business Administration (MBA), IT Management, Organizational Leadership, or Strategy; advantageous.

Required Experience:

• 15+ years in IT leadership roles, including:
• Leading firm-wide digital transformation
• Managing global IT operations and infrastructure
• Driving innovation and business process optimization
• 5+ years in executive-level roles (e.g., CIO, CTO, VP of IT) with direct reporting to C-suite leadership

Skills & Knowledge:

• Mastery of enterprise architecture, cloud platforms, and infrastructure.
• Knowledge of cybersecurity frameworks and data privacy regulations.
• Familiarity with AI and other emerging technologies.
• Experience with IT service management (e.g., ITIL), DevOps, and software development lifecycle.

Competencies & Critical Leadership Capabilities:

Strategic & Business Knowledge

• Global Strategy Alignment: Ability to align IT initiatives with both global and regional business strategies.
• Target Operating Model Design: Expertise in defining and implementing shared service delivery models.
• Technology Road mapping: Experience developing long-term technology plans (e.g., 5-year strategy).

Technical Expertise

• Enterprise Architecture: Deep understanding of scalable, secure, and compliant systems.
• Cloud Platforms: Proficiency in Azure, AWS, and hybrid environments.
• Cybersecurity & Compliance: Familiarity with global regulatory frameworks.
• Emerging Technologies: Awareness of AI., blockchain, and automation tools.
• IT Service Management: Experience with ITIL frameworks and service-level agreements (SLAs).

Operational & Financial Skills

• Vendor Management: Ability to negotiate, manage, and evaluate global vendor contracts.
• Complex Budgeting: Skilled in navigating multi-layered, cross-regional IT budgets and billing structures.
• Asset & Risk Management: Oversight of IT assets, technical debt reduction, and audit remediation.

Leadership & Collaboration

• Cross-Functional Leadership: Leading global teams and regional IT leaders in a matrixed environment.
• Stakeholder Engagement: Building trust and alignment across C-suite, regional, and functional leaders.
• Change Management: Driving transformation with empathy, clarity, and strategic foresight.
• Security Partnership: Collaborating with the Chief Security Officer to embed security into all IT operations.

Communication & Influence

• Executive Communication: Translating complex technical concepts into business language.
• Cultural Intelligence: Navigating diverse teams.
• Client-Centric Mindset: Prioritizing user experience and client outcomes in technology decisions.

The above is intended to describe the general content of and requirements for the performance of this job.  It is not to be construed as an exhaustive statement of essential functions, responsibilities or requirements.

Benefits

Remuneration and benefits package will reflect the successful candidates experience and country where hired.

Information Security Manager

70,000- 75,000 PA

Central London

Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years.

The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements.

Responsibilities:

• Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business
• Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments
• Actively contribute to ISO processes, strategies and problem-solving
• Use prior ISO experience to support certification readiness
• Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap
• Handle varied and complex security challenges, from system reviews to high-level risk assessments
• Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing

Requirements:

• Experience with ISO 27001 is essential
• Strong background in cyber security management
• Proven experience in identifying and mitigating security risks#
• Ability to make actionable recommendations for security improvements
• Experience with GDPR and data protection, together with knowledge of IS standards
• Security assessment frameworks (threat modelling, controls assessment, risk assessment)
• Relevant qualifications; CISSP, CISM or similar would be beneficial.

Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation.

Information Security Manager

70,000- 75,000 PA

Central London

Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years.

The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements.

Responsibilities:

• Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business
• Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments
• Actively contribute to ISO processes, strategies and problem-solving
• Use prior ISO experience to support certification readiness
• Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap
• Handle varied and complex security challenges, from system reviews to high-level risk assessments
• Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing

Requirements:

• Experience with ISO 27001 is essential
• Strong background in cyber security management
• Proven experience in identifying and mitigating security risks#
• Ability to make actionable recommendations for security improvements
• Experience with GDPR and data protection, together with knowledge of IS standards
• Security assessment frameworks (threat modelling, controls assessment, risk assessment)
• Relevant qualifications; CISSP, CISM or similar would be beneficial.

Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation.

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform

• £70–80k base + 10% bonus
• Hybrid in London
• Training budget for certifications + conference attendance
• Strong emphasis on professional autonomy and ethical leadership

A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.

This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.

What you’ll bring:

• 5+ years in InfoSec, IT Security or Ops within a regulated environment
• Certification required: CISSP, CISM, CRISC, or equivalent
• Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA
• Confident with security risk assessments, audit responses, and policy governance
• Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model
• Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans
• Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice

What you’ll be doing:

• GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System
• Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays
• Security awareness & training: manage phishing simulations and content using Proofpoint
• Security architecture reviews: support technical assessments of new systems and services
• Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models
• Team leadership: mentor two analysts and deputize for the Head of InfoSec when required
• Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews

Tech & tools you’ll use:

• Protecht – Enterprise risk and audit management
• Panorays – Third-party risk tooling
• Rapid7 / Armis – Vulnerability management and threat detection
• Proofpoint – Phishing and awareness platform
• Microsoft Purview – Data governance and compliance
• Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued)

Why this role?

• High-impact GRC project work tied to new market expansion
• Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
• A clear opportunity to stretch across awareness, compliance, and operational domains

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform

• £70–80k base + 10% bonus
• Hybrid in London
• Training budget for certifications + conference attendance
• Strong emphasis on professional autonomy and ethical leadership

A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.

This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.

What you’ll bring:

• 5+ years in InfoSec, IT Security or Ops within a regulated environment
• Certification required: CISSP, CISM, CRISC, or equivalent
• Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA
• Confident with security risk assessments, audit responses, and policy governance
• Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model
• Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans
• Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice

What you’ll be doing:

• GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System
• Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays
• Security awareness & training: manage phishing simulations and content using Proofpoint
• Security architecture reviews: support technical assessments of new systems and services
• Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models
• Team leadership: mentor two analysts and deputize for the Head of InfoSec when required
• Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews

Tech & tools you’ll use:

• Protecht – Enterprise risk and audit management
• Panorays – Third-party risk tooling
• Rapid7 / Armis – Vulnerability management and threat detection
• Proofpoint – Phishing and awareness platform
• Microsoft Purview – Data governance and compliance
• Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued)

Why this role?

• High-impact GRC project work tied to new market expansion
• Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
• A clear opportunity to stretch across awareness, compliance, and operational domains

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform