238 Cybersecurity jobs in London

Our client, a leading financial institution, is seeking a highly skilled and experienced Senior Cybersecurity Threat Intelligence Analyst to join their global security operations team. This is a fully remote position, open to candidates based anywhere in the UK. You will play a critical role in identifying, analyzing, and mitigating cyber threats to protect the organization's sensitive data and critical infrastructure. This role requires a deep understanding of the threat landscape, advanced analytical capabilities, and the ability to translate complex technical information into actionable intelligence for various stakeholders.

Key Responsibilities:

• Proactively research, identify, and analyze emerging cyber threats, attack vectors, and adversary tactics, techniques, and procedures (TTPs).
• Develop and maintain high-quality threat intelligence reports, briefings, and alerts for technical and non-technical audiences.
• Leverage a variety of threat intelligence sources, tools, and platforms (e.g., OSINT, commercial feeds, government partnerships) to gather and correlate information.
• Conduct in-depth investigations into security incidents and suspicious activities to determine attribution and impact.
• Develop and implement threat hunting methodologies and exercises to uncover advanced persistent threats (APTs) and zero-day vulnerabilities.
• Provide strategic recommendations for enhancing the organization's defensive posture based on threat intelligence findings.
• Collaborate closely with security operations center (SOC) analysts, incident responders, security architects, and other security teams to integrate threat intelligence into security operations.
• Develop and maintain metrics to measure the effectiveness of threat intelligence programs.
• Mentor junior analysts and contribute to the professional development of the threat intelligence team.
• Stay current with the latest cybersecurity trends, research, and technologies.
• Participate in industry forums and information-sharing communities to enhance organizational intelligence.
• Contribute to the development and refinement of threat intelligence collection requirements and processes.

Qualifications and Skills:

• Proven experience (5+ years) in cybersecurity, with a strong focus on threat intelligence, incident response, or security operations.
• Deep understanding of threat actor methodologies, malware analysis, and network security principles.
• Proficiency with threat intelligence platforms (TIPs), SIEM systems, and relevant analytical tools.
• Experience with scripting languages (e.g., Python, PowerShell) for automation and data analysis.
• Excellent analytical, critical thinking, and problem-solving skills.
• Strong written and verbal communication skills, with the ability to present complex information clearly and concisely.
• Experience in conducting threat hunting operations.
• Relevant certifications such as CISSP, GIAC (GCTI, GCFA, GCIH), or equivalent are highly desirable.
• Ability to work independently and as part of a distributed, global team.
• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent work experience.

This is an exceptional opportunity for a seasoned cybersecurity professional to contribute to the protection of a major financial organization from anywhere in the UK.

Job Description

This is an opportunity to join Ascot Group - one of the world's preeminent specialty risk underwriting organizations.

Designed as a modern-era company operating through an ecosystem of interconnected global operating platforms, we're bound by a common mission and purpose: One Ascot. Our greatest strength is a talented team who flourish in a collaborative, inclusive, and entrepreneurial culture, steeped in underwriting excellence, integrity, and a passion to find a better way,

The Ascot Way .

The Ascot Way guides our people and our organization. Our underwriting platforms collaborate to find creative ways to deploy our capital in a true cross-product and cross-platform approach. These platforms work as one, deploying our capital creatively through our unique Fusion Model: Client Centric, Risk Centric, Technology Centric.

Built to be resilient, Ascot maximizes client financial security while delivering bespoke products and world class service - both pre- and post-claims. Ascot exists to solve for our clients' brightest tomorrow, through agility, collaboration, resilience, and discipline.

About the role:

This position is part of the Cybersecurity Engineering team, requiring hands-on experience with security tools and frameworks, and a strong understanding of server, network, and system security.

The Cybersecurity Engineer provides technical expertise on both large and small-scale projects to improve and enhance Ascot's cyber security posture, including the global infrastructure environment. The engineer makes operational changes working collaboratively with both IT and other security teams to improve security posture, while ensuring zero operational impact.

The Engineer is involved in product selection and collaborates with the Security Architecture function on selecting new security tools. The Engineer also tests, implements and supports these tools, leveraging knowledge and experience of the enterprise environment.

The successful candidate will play a key role in ensuring that security tools are fully documented, managed consistently and to high standards of operational excellence. The Cybersecurity Engineer also assists in troubleshooting and root cause analysis of complex security incidents.

Responsibilities:

Maintain and improve the security posture of the global environment through BAU and project changes as part of the formal change management process.nProvide technical expertise as a Cybersecurity Engineer, participate in the formulation of security engineering best practices, assess security configurations, and document security processes and procedures.nWork closely with Cyber Defence analysts to identify and address cyber-security issues across environments. Formulate systems and methodologies, respond to security-related events, and assist in remediation efforts.nSupport the full security project delivery life cycle as the Security Engineering subject matter expert and lead engineer, including identifying and implementing security requirements.nPlan, implement, manage, document, monitor, and upgrade security measures for the protection of information systems and networks.nInteract with vendors, researchers, and other third parties to escalate security issues, perform vendor selection, and implement Proof of Concepts.nBe actively involved in all stages of planning initiatives.nAutomate common tasks and processes.nImplement and contribute to best practice security and set standards.nDesign workflows and document processes.nDemonstrate the ability to troubleshoot and resolve complex issues.nRequirements:

Bachelor's degree in Cybersecurity or equivalent.nMinimum 7 years of experience in a cybersecurity engineering role.nPreference will be given to candidates who also have additional technical, security vendor or cyber-risk certifications such as CISSP, CompTIA Security+, GSEC, GCIH, CCSP, Microsoft SC-200, CISSP-ISSMP, CTIA, OSCP.nProven experience with security technologies such as Firewalls, SIEM platforms, Endpoint Detection & Response, DLP, WAF and Privilege Access Management.nFamiliarity with secure architecture principles, zero trust and cloud security principles and settings.nGood understanding of Security frameworks NIST CSF, ISO 27001, CIS controls, MITRE ATT&CK.nGood skills with manipulating large data sets and generating meaningful actionable deductions from reporting outputs.nPossesses a growth mindset and is able to learn quickly to resolve technical security issues.nDemonstrates an ability to review security technical assessment reports and recommend and implement remediation plans.nDemonstrates ability to manage project lifecycles including defining technical milestones and project reporting disciplines.nDemonstrates a detail-oriented approach and can take a structured approach to procedures and working instructions.nWorks and maintains a calm structured mindset even when under pressure.nPossesses an aptitude for understanding and analysing data when troubleshooting.nPossesses strong written communication, critical thinking, and analysis skills, including the ability to present potential risks and actual findings to a wide audience. Ability to communicate complex problems to a non-technical audience.nPossesses a working understanding of key security concepts and attack types such as phishing, malware, vulnerabilities, AI Security risks, Cyber Kill Chain, and attack stages.nPossesses an analytical mindset, capable of digesting a wide range of information and makes practical judgements based on available data and context.nSolid experience with security tools and technologies, including SIEM, intrusion detection systems, EDR, XDR, log analysis, malware analysis and DLP controls.nExperience of Windows OS from Server 2012 to Server 2022 and Windows 10 to 11 as well as Hyper V and/or VMware solutions.nKnowledge of typical enterprise technologies: On-premise and cloud base Windows and Linux operating systems (OS), Microsoft Azure, Managed Active Directory / Group Policy, InTune , M365, and Microsoft security technologies as well as the ability to make changes to improve security posture on these systems.nDemonstrated ability to troubleshoot AD, perform policy rollouts and reporting.nDemonstrates a working and genuine interest and talent in Cyber Security.nPossesses a curious and creative growth mindset.nA hybrid work schedule of two days in the office will be required.

#J-18808-Ljbffrn

OverviewnThis is an opportunity to join Ascot Group - one of the world’s preeminent specialty risk underwriting organizations. Designed as a modern-era company operating through an ecosystem of interconnected global operating platforms, we’re bound by a common mission and purpose: One Ascot. Our greatest strength is a talented team who flourish in a collaborative, inclusive, and entrepreneurial culture, steeped in underwriting excellence, integrity, and a passion to find a better way, The Ascot Way.

The Ascot Way guides our people and our organization. Our underwriting platforms collaborate to find creative ways to deploy our capital in a true cross-product and cross-platform approach. These platforms work as one, deploying our capital creatively through our unique Fusion Model: Client Centric, Risk Centric, Technology Centric. Built to be resilient, Ascot maximizes client financial security while delivering bespoke products and world class service — both pre- and post-claims. Ascot exists to solve for our clients’ brightest tomorrow, through agility, collaboration, resilience, and discipline.

About The Role

This position is part of the Cybersecurity Engineering team, requiring hands-on experience with security tools and frameworks, and a strong understanding of server, network, and system security.

The Cybersecurity Engineer provides technical expertise on both large and small-scale projects to improve and enhance Ascot’s cyber security posture, including the global infrastructure environment. The engineer makes operational changes working collaboratively with both IT and other security teams to improve security posture, while ensuring zero operational impact.

The Engineer is involved in product selection and collaborates with the Security Architecture function on selecting new security tools. The Engineer also tests, implements and supports these tools, leveraging knowledge and experience of the enterprise environment.

The successful candidate will play a key role in ensuring that security tools are fully documented, managed consistently and to high standards of operational excellence. The Cybersecurity Engineer also assists in troubleshooting and root cause analysis of complex security incidents.

Responsibilities

Maintain and improve the security posture of the global environment through BAU and project changes as part of the formal change management process.

Provide technical expertise as a Cybersecurity Engineer, participate in the formulation of security engineering best practices, assess security configurations, and document security processes and procedures.

Work closely with Cyber Defence analysts to identify and address cyber-security issues across environments. Formulate systems and methodologies, respond to security-related events, and assist in remediation efforts.

Support the full security project delivery life cycle as the Security Engineering subject matter expert and lead engineer, including identifying and implementing security requirements.

Plan, implement, manage, document, monitor, and upgrade security measures for the protection of information systems and networks.

Interact with vendors, researchers, and other third parties to escalate security issues, perform vendor selection, and implement Proof of Concepts.

Be actively involved in all stages of planning initiatives.

Automate common tasks and processes.

Implement and contribute to best practice security and set standards.

Design workflows and document processes.

Demonstrate the ability to troubleshoot and resolve complex issues.

Qualifications

Bachelor’s degree in Cybersecurity or equivalent.

Minimum 7 years of experience in a cybersecurity engineering role.

Preference will be given to candidates who also have additional technical, security vendor or cyber-risk certifications such as CISSP, CompTIA Security+, GSEC, GCIH, CCSP, Microsoft SC-200, CISSP-ISSMP, CTIA, OSCP.

Proven experience with security technologies such as Firewalls, SIEM platforms, Endpoint Detection & Response, DLP, WAF and Privilege Access Management.

Familiarity with secure architecture principles, zero trust and cloud security principles and settings.

Good understanding of Security frameworks NIST CSF, ISO 27001, CIS controls, MITRE ATT&CK.

Good skills with manipulating large data sets and generating meaningful actionable deductions from reporting outputs.

Possesses a growth mindset and is able to learn quickly to resolve technical security issues.

Demonstrates an ability to review security technical assessment reports and recommend and implement remediation plans.

Demonstrates ability to manage project lifecycles including defining technical milestones and project reporting disciplines.

Demonstrates a detail-oriented approach and can take a structured approach to procedures and working instructions.

Works and maintains a calm structured mindset even when under pressure.

Possesses an aptitude for understanding and analysing data when troubleshooting.

Possesses strong written communication, critical thinking, and analysis skills, including the ability to present potential risks and actual findings to a wide audience. Ability to communicate complex problems to a non-technical audience.

Possesses a working understanding of key security concepts and attack types such as phishing, malware, vulnerabilities, AI Security risks, Cyber Kill Chain, and attack stages.

Possesses an analytical mindset, capable of digesting a wide range of information and makes practical judgements based on available data and context.

Solid experience with security tools and technologies, including SIEM, intrusion detection systems, EDR, XDR, log analysis, malware analysis and DLP controls.

Experience of Windows OS from Server 2012 to Server 2022 and Windows 10 to 11 as well as Hyper V and/or VMware solutions.

Knowledge of typical enterprise technologies: On-premise and cloud base Windows and Linux operating systems (OS), Microsoft Azure, Managed Active Directory / Group Policy, InTune , M365, and Microsoft security technologies as well as the ability to make changes to improve security posture on these systems.

Demonstrated ability to troubleshoot AD, perform policy rollouts and reporting.

Demonstrates a working and genuine interest and talent in Cyber Security.

Possesses a curious and creative growth mindset.

A hybrid work schedule of two days in the office will be required.

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Information Technology

Industries

Insurance

#J-18808-Ljbffrn

This range is provided by Yolk Recruitment Ltd. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.nBase pay range

Salary: up to £63,000nCyber Security Manager - £3,000 – Hybrid (London, Durham, Lytham or Glasgow)nThe Opportunity

Yolk Recruitment Public Sector & Not-for-Profit team are working closely with a really interesting Civil Service organisation that works to support everyone with managing their money.nThey are looking for three experienced Cyber Security Managers who take a holistic approach to cyber security – ensuring service providers are operating effective cyber security control environments. They will be tasked with maintaining trusting relationships with key stakeholders inside the organisation and service providers.nWhat the Cyber Security Manager will be doing

Document a comprehensive view of the cyber security threat profile of a service provider environmentnProactively identify and manage risks associated with cyber security and information activities throughout the service providers environment and their wider supply chainnMonitor the performance of your service provider to validate that identified threats, events and incidents are responded to effectively, efficiently and that lessons learned are identified and implemented, driving continuous improvement.nSupport the wider cyber security team by providing subject matter expertise to all colleagues and service providers, promoting good security practice.nWhat the successful Cyber Security Manager will bring to the team

You will have strong experience overseeing third party providers, holding them accountable for delivery of critical cyber security services.nExperience delivering top quality written and oral presentations on cyber securitynGood knowledge of the NIST CSF and ISO27001nDemonstrable experience of performing Cyber Security Risk Assessments, and developing associated risk mitigation plansnProven experience in Incidence Response, and overseeing patching vulnerabilitiesnDedection, response, recovery and post incident analysis experiencenHere’s What You’ll Get in Return

Salary of up to £63,000n nsion scheme up to 27.9%nGenerous parental leave optionsn25 days annual leavenVery Flexible Working arrangementsnHybrid working optionsnThink this one’s for you

If you think this Cyber Security Manager opportunity is for you then please apply online.nYolk Public Sector & Not-for-Profit team works with organisations across the UK to fulfil their recruitment needs and to achieve their D&I objectives. We recruit temporary, contract and permanent hires for 1 off specialist needs or for volume campaigns. We support our applicants to navigate the public sector recruitment processes and secure their dream jobs.nYolk Recruitment is an equal opportunities employer and embraces diversity in our workforce. We employ the best people for the job at hand and actively encourage applications from all qualified candidates, regardless of gender, age, race, religion, sexual orientation, disability, educational background, parental status, gender identity or any other protected characteristic. We champion and celebrate diversity at Yolk allowing our team to bring their whole selves to work.nWe’re unable to assess additional content beyond what is presented here.

#J-18808-Ljbffrn

Cybersecurity Officer

Application Deadline:

21 September 2025nDepartment:

IT & Digital TransformationnEmployment Type:

Fixed Term ContractnLocation:

London, UKnReporting To:

Cybersecurity ManagernCompensation:

£37,970 - £41,500 / year

DescriptionnWelcome to MAP

About the RolenAs part of our continued investment and growth in the team, we are now recruiting a Cybersecurity Officer to join our expanding cyber security function. This role will be working alongside an existing colleague and playing a key part in strengthening MAP’s cyber resilience, supporting the Cybersecurity Manager in protecting the charity’s digital assets and ensuring compliance with internal security policies and relevant international standards.

The role will also assist in implementing, monitoring, and maintaining cybersecurity controls across our technology environment. It is well-suited to someone at an early stage of their cybersecurity career who brings enthusiasm, a willingness to learn, and a commitment to contributing to meaningful humanitarian work.

Please note: this is a fixed-term contract for 6 months.

About YounCandidate should have a Degree or diploma in Computer Science, Information Security, or related field (or equivalent experience) with up to 2 years of experience in an IT or cybersecurity role (internships or volunteer roles considered). Familiarity with cybersecurity principles and technologies, including antivirus, firewalls, intrusion detection/prevention systems, and access control. Basic knowledge of Microsoft 365 security stack, including Defender and Intune. Hands-on experience with any of the following: Ubiquiti, SharePoint, Egress, or Cloudflare.

DisclaimernDue to the high volume of applications, we receive, we are unable to respond to every application. If you have not heard from us within two weeks of the deadline, then you have not been successful in shortlisting.

#J-18808-Ljbffrn

Cybersecurity Vulnerability Lead - £700 per day - Inside IR35 - Remote - 6 Months initial contract.

Our client, the UKs leading producer of Zero Carbon energy, is looking for a Cybersecurity Vulnerability Lead to join them on a contract basis. 

This is a senior role with responsibility for the organisation’s vulnerability management programme across multiple business units, technologies, and regulatory environments.

The organisation has made significant investment in Tenable as its core vulnerability management platform. You’ll be expected to lead its strategic and day-to-day usage, ensuring vulnerabilities are accurately identified, prioritised, and remediated while driving continuous improvement in how the platform is integrated and utilised.

Candidates with strong Tenable expertise, particularly those who have embedded it at scale in large or regulated environments such as financial services, will be especially attractive for this role.

Security Clearance -

Due to the sensitive nature of the work, candidates must be eligible for SC clearance.

• Candidates with active or recently lapsed SC clearance will be prioritised.

• Applicants without clearance must be willing and eligible to undergo vetting.

The Role -

As Cybersecurity Vulnerability Lead, you will:

• Own the end-to-end vulnerability management programme, with Tenable One at the core.

• Define and deliver the strategy, policies, SLAs, and operating rhythm.

• Lead on risk-based prioritisation using exploit intelligence, asset criticality, and business impact.

• Translate scan data into clear, actionable remediation plans for technical teams.

• Build dashboards and executive reports (ServiceNow, Power BI).

• Provide rapid risk assessments and emergency patch governance during incidents.

• Support audits and regulatory compliance (ISO27001, CE+, GDPR, NIS2, ONR).

• Drive automation, integrating tools and workflows to improve efficiency.

• Act as subject matter expert for Tenable and related tooling, ensuring platforms are fully leveraged.

• Mentor analysts and security champions, building maturity across the team.

About You - 

You will bring experience leading vulnerability management at enterprise scale, ideally in financial services or similarly regulated industries.

You should also have hands-on knowledge of the following:

Core Vulnerability Management -

• Tenable One (Exposure Management, Attack Surface Management, Attack Paths, Identity)

• AWS Inspector

• Agent-based and network-based scanning

• Cloud integrations (AWS, Azure, GCP)

• Dashboards and risk-based prioritisation

Patch & Endpoint Management -

• Microsoft Intune / SCCM / WSUS

• Jamf

Workflow & ITSM Integration - 

• ServiceNow (dashboards, SOAR)

• Jira

Cloud & Application Security -

• AWS Security Hub

• Azure Defender for Cloud

• Veracode

Threat Intelligence & Exploit Context -

• Tenable Threat Intelligence

• Exploit DB

• Metasploit

SIEM, SOAR & Monitoring - 

• Microsoft Sentinel

• SOAR platforms (ServiceNow SOAR)

Automation & Scripting - 

• Python, PowerShell, Bash, Ansible

Reporting & Metrics -

• Power BI

• ServiceNow dashboards

• Excel (advanced analysis)

Frameworks & Standards -

• NIST CSF, ISO 27001, OWASP, CE / CE+, GDPR, NIS2, ONR

Security Domains / Capabilities -

• Identity and Access Management (IAM)

• Network Security

• Data Protection

• Cloud Security Controls

• Application Security

• Security Monitoring

Processes & Practices -

• Vulnerability Management Programmes

• Incident Response and Threat Assessment

• Emergency Patch Governance

• Risk-based Prioritisation (CVEs, exploit intelligence, asset criticality, business impact)

• Audit Support (internal assurance, penetration test follow-ups, external audits)

• Exception and exemption management

• Automation of manual tasks

• Dashboarding for risk and SLA metrics

What's on Offer -

• A leadership role with significant influence across a major UK organisation.
• Opportunity to work with a forward-thinking Cyber Services function pushing boundaries in vulnerability management.

Cybersecurity Vulnerability Lead - £700 per day - Inside IR35 - Remote - 6 Months initial contract.

Our client, the UKs leading producer of Zero Carbon energy, is looking for a Cybersecurity Vulnerability Lead to join them on a contract basis. 

This is a senior role with responsibility for the organisation’s vulnerability management programme across multiple business units, technologies, and regulatory environments.

The organisation has made significant investment in Tenable as its core vulnerability management platform. You’ll be expected to lead its strategic and day-to-day usage, ensuring vulnerabilities are accurately identified, prioritised, and remediated while driving continuous improvement in how the platform is integrated and utilised.

Candidates with strong Tenable expertise, particularly those who have embedded it at scale in large or regulated environments such as financial services, will be especially attractive for this role.

Security Clearance -

Due to the sensitive nature of the work, candidates must be eligible for SC clearance.

• Candidates with active or recently lapsed SC clearance will be prioritised.

• Applicants without clearance must be willing and eligible to undergo vetting.

The Role -

As Cybersecurity Vulnerability Lead, you will:

• Own the end-to-end vulnerability management programme, with Tenable One at the core.

• Define and deliver the strategy, policies, SLAs, and operating rhythm.

• Lead on risk-based prioritisation using exploit intelligence, asset criticality, and business impact.

• Translate scan data into clear, actionable remediation plans for technical teams.

• Build dashboards and executive reports (ServiceNow, Power BI).

• Provide rapid risk assessments and emergency patch governance during incidents.

• Support audits and regulatory compliance (ISO27001, CE+, GDPR, NIS2, ONR).

• Drive automation, integrating tools and workflows to improve efficiency.

• Act as subject matter expert for Tenable and related tooling, ensuring platforms are fully leveraged.

• Mentor analysts and security champions, building maturity across the team.

About You - 

You will bring experience leading vulnerability management at enterprise scale, ideally in financial services or similarly regulated industries.

You should also have hands-on knowledge of the following:

Core Vulnerability Management -

• Tenable One (Exposure Management, Attack Surface Management, Attack Paths, Identity)

• AWS Inspector

• Agent-based and network-based scanning

• Cloud integrations (AWS, Azure, GCP)

• Dashboards and risk-based prioritisation

Patch & Endpoint Management -

• Microsoft Intune / SCCM / WSUS

• Jamf

Workflow & ITSM Integration - 

• ServiceNow (dashboards, SOAR)

• Jira

Cloud & Application Security -

• AWS Security Hub

• Azure Defender for Cloud

• Veracode

Threat Intelligence & Exploit Context -

• Tenable Threat Intelligence

• Exploit DB

• Metasploit

SIEM, SOAR & Monitoring - 

• Microsoft Sentinel

• SOAR platforms (ServiceNow SOAR)

Automation & Scripting - 

• Python, PowerShell, Bash, Ansible

Reporting & Metrics -

• Power BI

• ServiceNow dashboards

• Excel (advanced analysis)

Frameworks & Standards -

• NIST CSF, ISO 27001, OWASP, CE / CE+, GDPR, NIS2, ONR

Security Domains / Capabilities -

• Identity and Access Management (IAM)

• Network Security

• Data Protection

• Cloud Security Controls

• Application Security

• Security Monitoring

Processes & Practices -

• Vulnerability Management Programmes

• Incident Response and Threat Assessment

• Emergency Patch Governance

• Risk-based Prioritisation (CVEs, exploit intelligence, asset criticality, business impact)

• Audit Support (internal assurance, penetration test follow-ups, external audits)

• Exception and exemption management

• Automation of manual tasks

• Dashboarding for risk and SLA metrics

What's on Offer -

• A leadership role with significant influence across a major UK organisation.
• Opportunity to work with a forward-thinking Cyber Services function pushing boundaries in vulnerability management.

ABOUT TOSCA Tosca is a global leader in reusable packaging and pooling solutions that service the supply chain end to end. Re-use is the key word as Tosca facilitates moving away from single use packaging towards a circular model of reusable packaging with its robust portfolio of plastic containers, pallets, bins, crates and more. We focus on optimizing the flow of perishables, eliminating waste at every turn – product, packaging, labor and transportation waste. Our reusable plastic products improve the quality of product delivered, create more efficient supply chains, and are more sustainable than single-use packaging. To strengthen our IT department, we are currently looking for a Cybersecurity & Compliance Manager. This is a key role focused on ensuring the security and regulatory compliance of our systems and processes. The position offers flexibility and can be fulfilled either remotely (within the Greater London area) or in a hybrid setup from our office in Dudley. Position purpose The Cybersecurity & Compliance Manager will lead Tosca’s efforts to ensure adherence to NIST CFS 2.0, ISO 27001, and other standards. This role focuses on developing security protocols, maintaining documentation, conducting risk assessments, and ensuring regulatory compliance. Responsibilities include managing security infrastructure, incident response, and promoting cybersecurity awareness. The position requires collaboration with Global IT, cross-functional teams, and third-party partners. Key qualifications include experience in cybersecurity and compliance, strong knowledge of NIST and ISO standards, risk management expertise, and effective communication skills. This is a full-time role, with travel up to 30% of the time. Responsibilities Implement security protocols and manage information security programs Report performance, exceptions, and outages to all audiences transparently. Align disaster recovery with business continuity plans. Ensure compliance with ISO27001, NIST CFS 2.0, and maintain ISMS. Identify risks, develop a comprehensive security plan. Test cyber-attacks regularly to address vulnerabilities. Monitor security trends, adapt strategies. Oversee incident monitoring, detection, response via SOC and MSSPs. Manage security tools like SIEM and endpoint protection. Lead incident response and post-incident analysis. Enforce policies for data privacy (GDPR & NIST). Conduct regular security audits. Manage vendor relationships and negotiate contracts. Report service performance to stakeholders. Coordinate with other Tosca functions for effective implementation. Other relevant responsibilities as required. Requirements, Experience & Education Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field; a Master's degree is preferred. At least 5 years of experience in information security, specifically within security operations, with proven experience in a leadership or management role. Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor) are highly desirable. Strong knowledge of security frameworks (e.g., ISO 27001, COBIT), security technologies, tools, and best practices across EU, UK, and USA Proficiency in risk management processes, vulnerability assessments, and incident response strategies. Current technical and hands-on experience with security tools and technologies, including Rapid7, Rubrik, Sentinel, and endpoint protection solutions like Microsoft Defender. Excellent analytical, problem-solving, and decision-making skills, with the ability to conduct post-incident analysis and implement corrective actions. Strong communication and interpersonal skills, capable of working effectively with diverse teams and stakeholders. Ability to stay current with security trends, emerging threats, and best practices in the cybersecurity landscape. Experience of manufacturing and/or supply chain industry is preferred. Able to operate in a multinational corporation with several locations. Competencies You have expertise within Customer/Relationship Management. You have excellent communication skills. You excel in conveying ideas clearly and effectively. You possess specialized knowledge and skills in your field. You have a collaborative spirit. You thrive in teamwork and enjoy working with others. You can analyze situations and make informed decisions You think ahead and plan for long-term success. Our Offer You will have a permanent contract with a competitive remuneration package in line with your knowledge and experience. We continuously invest in your personal and professional development through our training & coaching programs. You will join a dynamic and fast growing company that is part of a strong international group. We take pride in our green service and encourage our employees to participate in our growth and help us co-define the path to success. You will work in a fun environment with a supportive team that cares about each other and encourages collaboration at all levels. Interested? We cultivate a tight-knit team of smart people who care about their work and their colleagues. We believe this is a really exciting opportunity for someone who is up for a fast-paced challenge and is eager to become an integral member of our team. Send us your CV and your letter of motivation in English. We’re looking forward to meeting you! We value diversity and equal opportunity. Applicants are welcomed on the basis of their individual merits as we do not discriminate on the grounds of age, sex, disability, ethnic or racial origin, religion or belief, or sexual orientation. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us. External recruitment services/agencies will not be used for this position.

Our client is seeking a Cybersecurity Threat Handler to join the Engineering and Technology Information Security team. 3 days in office in London Salary is up to £80k base Responsibilities Acting as a hands-on expert and builder for cloud-based technologies, ensuring security, performance, operability, and scale. Assisting as an internal specialist, facilitating the implementation of modern Front End technologies within technology and business teams. Building strong relationships with developers, technology teams, solution teams, and business application owners. Implementing and maintaining industry-standard protocols to strengthen our security measures. Developing and implementing innovative and differentiating cloud technologies. Collaborating and consulting with key technical experts, technology teams, and external industry groups to resolve complex technical issues and achieve our goals. Required Qualifications Bachelor's degree or higher in MIS, CS, or a related field, or equivalent combination of education and work experience. 5 years of experience in engineering and technology, preferably in Financial Services, Technology, or a related field. Experience analyzing cybersecurity incidents using industry standard frameworks such as Cyber Kill Chain and MITRE ATT&CK. Experience handling cybersecurity incidents at each stage of the incident lifecycle, including initial analysis, triage, containment, eradication, recovery, and postmortem. Strong knowledge of AWS Security, specifically in areas such as IAM, KMS, and Network Infrastructure. Expertise in analyzing security events from Microsoft Windows endpoints with a deep understanding of operating system security. Experience handling incidents originating from Microsoft cloud-based services like Azure and Microsoft 365. Preferred Qualifications Familiarity with AWS threat detection and logging services such as GuardDuty and CloudTrail, as well as industry standard Cloud SIEMs like DataDog. Proficiency in analyzing security events within endpoint protection platforms like CrowdStrike Falcon. Ability to liaise effectively with SOC Analysts and Threat Hunters from our Managed Detection and Response vendor. Understanding of current cybersecurity threats, typical signs of attacks, and approaches to prevent and mitigate such incidents. 2 years of experience with AWS or other hyperscale cloud provider implementation.