113 Data Privacy Officer jobs in the United Kingdom

Our client is seeking a highly experienced Senior Data Privacy Officer to lead their data protection initiatives. This is a fully remote, strategic role where you will be responsible for developing, implementing, and overseeing the company's comprehensive data privacy program. You will ensure compliance with global data protection regulations, including GDPR, CCPA, and others as applicable. Your key responsibilities will include conducting Data Protection Impact Assessments (DPIAs), managing data subject access requests (DSARs), developing and delivering privacy training, and advising business units on privacy-related matters. You will also be instrumental in drafting and updating privacy policies, procedures, and contractual clauses. This role requires a deep understanding of data privacy laws, information security principles, and risk management frameworks. The ideal candidate will possess exceptional analytical, communication, and interpersonal skills, with the ability to translate complex legal and technical requirements into practical business solutions. Experience in developing and managing a privacy program within a technology-driven or regulated industry is essential. You should be adept at stakeholder management, working effectively with legal, IT, security, and business teams across different geographies. A proactive approach to identifying and mitigating privacy risks is crucial. This position demands a self-starter who can work autonomously in a remote setting, manage their workload effectively, and drive privacy best practices throughout the organization. If you are a dedicated privacy professional passionate about safeguarding sensitive data and upholding ethical data handling practices, this remote opportunity offers significant impact and professional growth.

Key Responsibilities:

• Develop, implement, and maintain the global data privacy program.
• Ensure compliance with GDPR, CCPA, and other relevant data protection regulations.
• Conduct and document Data Protection Impact Assessments (DPIAs) and Privacy Risk Assessments.
• Manage and respond to Data Subject Access Requests (DSARs) and other privacy rights requests.
• Develop and deliver data privacy training and awareness programs for employees.
• Advise business stakeholders on privacy implications of new projects, products, and services.
• Draft, review, and update privacy policies, notices, and procedures.
• Monitor regulatory changes and update the privacy program accordingly.
• Investigate and manage data privacy incidents and breaches.
• Collaborate with Legal, IT, Security, and business teams to embed privacy by design and default.

Qualifications:

• Law degree or equivalent qualification, with a specialization in data protection or privacy law.
• Minimum of 7 years of experience in data privacy or compliance roles.
• In-depth knowledge of GDPR, CCPA, and other international privacy regulations.
• Professional certification such as CIPP/E, CIPP/US, CIPM, or equivalent.
• Experience conducting DPIAs and managing DSARs.
• Strong understanding of information security principles and technologies.
• Excellent analytical, problem-solving, and communication skills.
• Proven ability to work independently and manage complex projects in a remote setting.
• Experience in advising cross-functional teams on privacy matters.

Our client is seeking a highly experienced and knowledgeable Senior Data Privacy Officer to lead their data protection initiatives. This is a critical, fully remote position, offering the opportunity to shape and implement robust privacy frameworks across the organisation from anywhere in the UK. You will be responsible for ensuring compliance with all relevant data protection regulations, including GDPR and other international privacy laws. This includes developing and maintaining comprehensive data privacy policies, procedures, and guidelines. You will conduct regular data protection impact assessments (DPIAs), manage data subject access requests (DSARs), and oversee breach notification processes. The ideal candidate will possess a deep understanding of data privacy law, risk management, and information security principles. You will work closely with legal, IT, and business departments to embed privacy by design and by default into all operations. This role requires exceptional analytical skills, the ability to conduct thorough investigations, and strong communication and influencing skills to engage with stakeholders at all levels, including senior management. Experience in developing and delivering privacy training programs is essential. You will also stay abreast of evolving privacy regulations and best practices, advising the organisation on necessary adjustments. This senior role requires significant experience in a dedicated data privacy or compliance role, preferably with a legal or IT security background. A relevant professional certification (e.g., CIPP/E, CIPM) is highly desirable. This role is based in Edinburgh, Scotland, UK , however it is a fully remote position, enabling you to work autonomously and effectively from your chosen location.
Responsibilities:

• Develop, implement, and maintain the organisation's data privacy strategy and framework.
• Ensure compliance with GDPR, CCPA, and other applicable data protection regulations.
• Conduct Data Protection Impact Assessments (DPIAs) for new projects and systems.
• Manage and respond to Data Subject Access Requests (DSARs) and other individual rights requests.
• Develop and deliver data privacy training and awareness programs for all staff.
• Investigate and manage data breaches, including notification procedures.
• Advise on privacy implications of new technologies and business initiatives.
• Liaise with data protection authorities and relevant regulatory bodies.
• Oversee and update data processing agreements with third-party vendors.
• Conduct regular audits to ensure ongoing compliance with privacy policies.

Qualifications:

• Minimum of 5-7 years of experience in data privacy, compliance, or information security roles.
• In-depth knowledge of GDPR and other international data protection laws.
• Proven experience in developing and implementing data privacy policies and procedures.
• Experience conducting DPIAs and managing DSARs.
• Strong analytical, risk assessment, and problem-solving skills.
• Excellent communication, negotiation, and interpersonal skills.
• Ability to influence and engage stakeholders at all levels.
• Relevant professional certifications such as CIPP/E, CIPM, or CIPP/US are highly desirable.
• Bachelor's degree in Law, IT, Business, or a related field.
• Ability to work independently and manage complex responsibilities in a remote setting.

Avanade is looking for an experienced Data Security Architect to join our security practice. This is a client-facing role where you will be engaged in some of the most exciting, complex, and leading-edge projects. You will play an active role in transforming our client's Information Protection strategy, capabilities, and operations through the design and implementation of predominantly Microsoft Threat Protection technologies. You will also be part of the Avanade Security presales and Architecture function, creating proposals and solutions for our largest, most complex enterprise clients. This role will include partial delivery expectations for the year.
About the Role:
In this role, you will:
- Lead large projects and project teams.
- Manage deliverables and be responsible for delivering against critical milestones.
- Engage in solution architecture and pre-sales deal shaping.
- Develop and maintain long-term strategic client relationships.
- Lead the implementation and management of Microsoft Purview for data discovery, classification, sensitivity labelling, and retention policies
- Drive DSPM strategy to ensure AI models, pipelines, and infrastructure meet enterprise data protection and compliance requirements
- Design and enforce DSPM (Data Security Posture Management) frameworks tailored for AI-driven data infrastructure
- Define and monitor KPIs for data discovery, classification, and protection coverage
- Implementing DSPM solutions to discover, classify, and secure data across AI pipelines
- Integration of data classification and retention policies within AI lifecycle
- Develop Response plans for data breach and exfiltration response tailored to AI environments. Forensic tracing of AI usage and auditability of input data
- Integrate Purview alerts and telemetry with Microsoft Defender and Sentinel to enable real-time threat detection and incident correlation.
- Oversee configuration of E5 security tools, including Microsoft Information Protection, Data Loss Prevention, and Insider Risk Management
- Stay current with evolving data privacy regulations (e.g., GDPR, HIPAA, CCPA, NIST AI RMF) and recommend policy updates accordingly
- Develop high-level documentation and executive reports on data security posture, risk exposures, and improvement roadmaps.
- Additional experience with Entra suite, M365 and Defender is not mandatory but valuable.
Your responsibilities may include :
- Develop and maintain strong relationships with the account teams and client stakeholders
- Identify customer needs and understand business goals to envisage a high-level solution and winning strategy.
- Develop detailed security transformation and operations opportunities based on the capabilities, standardised tools, processes and partner technology with the security architects and other technology partners.
- Drive and be involved in the proposal, solution presentations and discussions.
- Conduct and follow through the sales process to accomplish deal closure.
Requirements:
- Advanced Microsoft Security Certifications such as: SC-100, SC-200, SC-401, AI-900
- Industry-recognised certifications such as: CISSP, CCSP, CISM, GIAC
- In-depth Knowledge of Azure Security Tools: Have a key in-depth Experience implementing Purview, and Purview DSPM strategies for AI models or hybrid data platforms.
- Security Architecture Design: Design and implement robust security architectures for cloud-based applications and services. Ensure compliance with industry standards and best practices.
- RFP Responses: Prepare and review responses to Requests for Proposals (RFPs) related to cloud security. Ensure that all security requirements are addressed and communicated to potential clients.
- Continuous Improvement: Stay updated on the latest security trends, technologies, and threats. Continuously improve security processes and tools to enhance the overall security posture.
- Strong knowledge of Azure Security tools and experience with compliance frameworks (e.g., GDPR, NIST AI RMF, ISO 27001, SOC 2).
- Familiarity with industry standards and best practices for cloud security.
- Excellent communication and collaboration skills.
- Ability to lead RFP responses related to cloud security and Managed Security Services.
- Beneficial Knowledge: Familiarity with the Defender suite of products, including Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Cloud App Security.
Beneficial Knowledge:
- Understanding of how AI/ML models handle training data, inference data, and derived data.
- Experience with case management workflows and insider threat response protocols.
- Data lineage tracking for model input/output.
- Familiarity with Responsible AI practices, including bias, fairness, and explainability
Benefits We Offer:
- Opportunity to work for Microsoft's Global Alliance Partner of the Year (17 of the last 20 years!)
- Pension, Electric Car Purchase scheme (tax-free!), 25 days holiday, Flexible benefits, Car allowance (where applicable), bonus, PMI, Life cover, IP cover, and much more.
- Exceptional development and training with a minimum of 80 hours/year of training and paid certifications.
- Avanade University - real-time access to technical and skilled resources globally.
- Dedicated career adviser to encourage your progression.
- Engaged and helpful coworkers genuinely interested in you.
- Reward and recognition program.
- Full benefits package including medical coverage, income protection policy, extended benefits, bonus program, generous retirement plan, and much more.
About Avanade:
Avanade leads in providing innovative digital services, business solutions, and design-led experiences for its clients, delivered through the power of people and the Microsoft ecosystem. Our professionals combine technology, business, and industry expertise to build and deploy solutions to realize results for clients and their customers. Avanade has 39,000 digitally connected people across 24 countries, bringing clients the best thinking through a collaborative culture that honours diversity and reflects the communities in which we operate. The majority owned by Accenture, Avanade was founded in 2000 by Accenture LLP and Microsoft Corporation. Learn more at is an Equal Opportunity Employer. We evaluate applicants without regard to race, colour, age, religion, sex, national origin, gender identity or expression, sexual orientation, disability, veteran, military or marital status, genetic information, or any other protected status.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. Please contact us to request accommodation.
We work hard to provide an inclusive, diverse culture with a deep sense of belonging for all our employees. Avanade believes that all persons are entitled to equal employment opportunities, and we do not discriminate against our employees, applicants, or job seekers because of their race, color, gender, religion, national origin, disability, veteran status, age, marital status, sexual orientation, genetic information, gender identity, or any other protect group status as defined by law.

About **Zscaler**
Serving thousands of enterprise customers around the world including 45% of Fortune 500 companies, Zscaler (NASDAQ: ZS) was founded in 2007 with a mission to make the cloud a safe place to do business and a more enjoyable experience for enterprise users. As the operator of the world's largest security cloud, Zscaler accelerates digital transformation so enterprises can be more agile, efficient, resilient, and secure. The pioneering, AI-powered Zscaler Zero Trust Exchange platform, which is found in our SASE and SSE offerings, protects thousands of enterprise customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location.
Named a Best Workplace in Technology by Fortune and others, Zscaler fosters an inclusive and supportive culture that is home to some of the brightest minds in the industry. If you thrive in an environment that is fast-paced and collaborative, and you are passionate about building and innovating for the greater good, come make your next move with Zscaler.
The Zscaler Sales and Go-to-Market team is a global group of professionals who are passionate about delighting our customers, nurturing trusted partnerships, and sharing their expertise to drive a secure, cloud-enabled digital future and further cement our position as the world leader in cloud security. Sales, Customer Success, Sales Enablement, Solution Architects, Business Development, Transformation, and Technology Partnerships all work together to demonstrate the power and agility of Zscaler cloud transformation to the world.
We're looking for an experienced Regional Director to join our Sales and Go-to-Market team. Reporting to the Global Vice President-Data Security, you'll be responsible for:
+ Recruiting, hiring and developing world-class specialist sales talent in EMEA and APJ, build development plans for each sales rep, and coach and motivate sales team to overachieve on targets
+ Being the GM of your business and create a plan for success, and accurately forecast business monthly/quarterly/yearly
+ Aligning with regional sales leadership, field sales,marketing and partners to prioritize focused revenue attainment in a matrixed organization.
+ Engaging with Product Management, Product Marketing, Services and other cross-functional teams to drive continuous performance improvement.
**What We're Looking for (Minimum Qualifications):**
+ 10+ years of full-cycle sales experience within software or security industry
+ Experience managing teams in EMEA and APJ
+ Bachelor's degree or equivalent experience
+ Progressive selling experience engaging with accounts and selling at C-Level
+ 3 years leadership experience managing a team
**What Will Make You Stand Out (Preferred Qualifications):**
+ You have led a product specialist sales team or have past experience as a product sales specialist in a matrix environment
+ You have recent experience in the Data Protection industry and bring a passionate point of view to customers, partners and your team.
+ Proficiency in data-driven territory management
#LI-Remote
#LI-FO1
At Zscaler, we are committed to building a team that reflects the communities we serve and the customers we work with. We foster an inclusive environment that values all backgrounds and perspectives, emphasizing collaboration and belonging. Join us in our mission to make doing business seamless and secure.
Our Benefits program is one of the most important ways we support our employees. Zscaler proudly offers comprehensive and inclusive benefits to meet the diverse needs of our employees and their families throughout their life stages, including:
+ Various health plans
+ Time off plans for vacation and sick time
+ Parental leave options
+ Retirement options
+ Education reimbursement
+ In-office perks, and more!
Learn more about Zscaler's Future of Work strategy, hybrid working model, and benefits here ( .
By applying for this role, you adhere to applicable laws, regulations, and Zscaler policies, including those related to security and privacy standards and guidelines.
Zscaler is committed to providing equal employment opportunities to all individuals. We strive to create a workplace where employees are treated with respect and have the chance to succeed. All qualified applicants will be considered for employment without regard to race, color, religion, sex (including pregnancy or related medical conditions), age, national origin, sexual orientation, gender identity or expression, genetic information, disability status, protected veteran status, or any other characteristic protected by federal, state, or local laws. _See more information by clicking on the_ Know Your Rights: Workplace Discrimination is Illegal ( _link._
Pay Transparency
Zscaler complies with all applicable federal, state, and local pay transparency rules.
Zscaler is committed to providing reasonable support (called accommodations or adjustments) in our recruiting processes for candidates who are differently abled, have long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support.

Our client is looking for an experienced and meticulous Information Security Manager to lead their data protection and compliance efforts. This role is crucial in safeguarding sensitive company and customer data, ensuring adherence to regulatory requirements, and fostering a strong security-aware culture across the organisation. You will be responsible for developing and implementing comprehensive information security policies, procedures, and controls. The ideal candidate will have a deep understanding of data privacy regulations (e.g., GDPR), risk management frameworks, and various security technologies. You will work closely with IT, legal, and business units to identify and mitigate security risks. Responsibilities include conducting regular security assessments and audits; developing and managing incident response plans; overseeing vulnerability management programs; implementing and maintaining security awareness training for employees; ensuring compliance with relevant data protection laws and industry standards; managing third-party risk assessments; advising on security best practices for system design and implementation; and staying current with emerging threats and security technologies. You will also be responsible for managing security projects and budgets. This is a vital role in protecting our client's digital assets and reputation in **Belfast, Northern Ireland, UK**. A minimum of 5 years of experience in information security, with a focus on data protection and compliance, is required. Proven experience in developing and implementing security policies and procedures is essential. Strong knowledge of GDPR and other relevant data privacy regulations is mandatory. Experience with security frameworks such as ISO 27001 is highly desirable. Relevant certifications such as CISSP, CISM, or CIPP/E are preferred. Excellent analytical, communication, and leadership skills are crucial.

**Introduction**
At IBM CIC, we provide technical and industry expertise to a wide range of public and private sector clients in the UK.
A career in IBM CIC means you'll have the opportunity to work with leading professionals across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. You will get the chance to deliver effective solutions, driving meaningful business change for our clients, using some of the latest technology platforms.
Curiosity and a constant quest for knowledge serve as the foundation to success here. You'll be encouraged and supported to constantly reinvent yourself, focusing on skills in demand in an ever changing market. You'll be working with diverse teams, coming up with creative solutions which impact a wide network of clients, who may be at their site or one of our CIC or IBM locations. Our culture of evolution centres on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.
We offer:
* Many training opportunities from classroom to e-learning, mentoring and coaching programs and the chance to gain industry recognized certifications
* Regular and frequent promotion opportunities to ensure you can drive and develop your career with us
* Feedback and checkpoints throughout the year
* Diversity & Inclusion as an essential and authentic component of our culture through our policies and process as well as our Employee Champion teams and support networks
* A culture where your ideas for growth and innovation are always welcome
* Internal recognition programs for peer-to-peer appreciation as well as from manager to employees
* Tools and policies to support your work-life balance from flexible working approaches, sabbatical programs, paid paternity leave, maternity leave and an innovative maternity returners scheme
* More traditional benefits, such as 25 days holiday (in addition to public holidays), private medical, dental & optical cover, online shopping discounts, an Employee Assistance Program, life assurance and a group personal pension plan of an additional 5% of your base salary paid by us monthly to save for your future.
**Your role and responsibilities**
As a Security Consultant specializing in Data and Application Security, you will help clients secure their applications and sensitive information across the full development and data lifecycle. You will guide organizations through application security challenges, embedding controls into design, build, and deployment phases, while leveraging practices such as Threat Modelling, Secure SDLC, and DevSecOps. With expertise in vulnerability management, data protection, and regulatory compliance, you will design security guardrails that support application modernization programs in multicloud environments, ensuring risks are minimized and business objectives are achieved securely.
Responsibilities
* Provide advisory and technical expertise on application security across the Software Development Lifecycle (Design, Build, Deploy).
* Lead activities such as Threat Modelling, Secure SDLC integration, DevSecOps practices, and application security testing.
* Implement security guardrails to support secure application modernization on multicloud platforms.
* Drive application vulnerability management, analyzing high-risk vulnerabilities, reducing false positives, and developing effective mitigation plans.
* Apply data protection techniques including encryption, masking, and anonymization to safeguard sensitive information.
* Define and enforce data classification and lifecycle management policies, ensuring security across all stages of data handling.
* Advise clients on regulatory requirements (e.g., GDPR, HIPAA, CCPA) and align security programs to meet compliance obligations.
* Strengthen database security through access management, auditing, and patch control.
* Integrate with SIEM platforms to monitor, analyze, and respond to potential data and application security incidents.
* Collaborate with development and infrastructure teams to embed security seamlessly into business processes and IT solutions.
**Required technical and professional expertise**
* Strong experience in application security domains, including Threat Modelling, Secure SDLC, DevSecOps, and security testing.
* Knowledge of data protection methods: encryption (at rest/in transit), masking, anonymization.
* Hands-on experience with Data Loss Prevention (DLP) tools and strategies.
* Proficiency in database security controls, including access, auditing, and patch management.
* Familiarity with SIEM platforms for monitoring and analysis of data/application security events.
* Understanding of data classification principles and lifecycle management practices.
* Knowledge of privacy regulations (GDPR, HIPAA, CCPA) and ability to align security programs to compliance.
* Strong grasp of security frameworks such as NIST, ISO 27001, and CIS Critical Security Controls.
As an equal opportunities' employer, we welcome applications from individuals of all backgrounds. However, for you to be eligible for this role, you must have the valid right to work in the UK. Unfortunately, we do not offer visa sponsorship and have no future plans to do so. You must be a resident in the UK and have been living continuously in the UK for the last 2 years. You must be able to hold or gain a UK government security clearance.
**Preferred technical and professional experience**
* Experience embedding security guardrails in application modernization programs across hybrid/multicloud environments.
* Proficiency with automation tools and pipelines supporting DevSecOps practices.
* Certifications such as CSSLP, CISSP, CISM, CCSP, or equivalent.
* Strong consulting experience, with the ability to translate complex security challenges into actionable recommendations for development and business stakeholders.
* Experience in designing and managing enterprise-wide data governance frameworks.
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

**Introduction**
At IBM CIC, we provide technical and industry expertise to a wide range of public and private sector clients in the UK.
A career in IBM CIC means you'll have the opportunity to work with leading professionals across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. You will get the chance to deliver effective solutions, driving meaningful business change for our clients, using some of the latest technology platforms.
Curiosity and a constant quest for knowledge serve as the foundation to success here. You'll be encouraged and supported to constantly reinvent yourself, focusing on skills in demand in an ever changing market. You'll be working with diverse teams, coming up with creative solutions which impact a wide network of clients, who may be at their site or one of our CIC or IBM locations. Our culture of evolution centres on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.
We offer:
* Many training opportunities from classroom to e-learning, mentoring and coaching programs and the chance to gain industry recognized certifications
* Regular and frequent promotion opportunities to ensure you can drive and develop your career with us
* Feedback and checkpoints throughout the year
* Diversity & Inclusion as an essential and authentic component of our culture through our policies and process as well as our Employee Champion teams and support networks
* A culture where your ideas for growth and innovation are always welcome
* Internal recognition programs for peer-to-peer appreciation as well as from manager to employees
* Tools and policies to support your work-life balance from flexible working approaches, sabbatical programs, paid paternity leave, maternity leave and an innovative maternity returners scheme
* More traditional benefits, such as 25 days holiday (in addition to public holidays), private medical, dental & optical cover, online shopping discounts, an Employee Assistance Program, life assurance and a group personal pension plan of an additional 5% of your base salary paid by us monthly to save for your future.
**Your role and responsibilities**
As a Security Consultant specializing in Data and Application Security, you will help clients secure their applications and sensitive information across the full development and data lifecycle. You will guide organizations through application security challenges, embedding controls into design, build, and deployment phases, while leveraging practices such as Threat Modelling, Secure SDLC, and DevSecOps. With expertise in vulnerability management, data protection, and regulatory compliance, you will design security guardrails that support application modernization programs in multicloud environments, ensuring risks are minimized and business objectives are achieved securely.
Responsibilities
* Provide advisory and technical expertise on application security across the Software Development Lifecycle (Design, Build, Deploy).
* Lead activities such as Threat Modelling, Secure SDLC integration, DevSecOps practices, and application security testing.
* Implement security guardrails to support secure application modernization on multicloud platforms.
* Drive application vulnerability management, analyzing high-risk vulnerabilities, reducing false positives, and developing effective mitigation plans.
* Apply data protection techniques including encryption, masking, and anonymization to safeguard sensitive information.
* Define and enforce data classification and lifecycle management policies, ensuring security across all stages of data handling.
* Advise clients on regulatory requirements (e.g., GDPR, HIPAA, CCPA) and align security programs to meet compliance obligations.
* Strengthen database security through access management, auditing, and patch control.
* Integrate with SIEM platforms to monitor, analyze, and respond to potential data and application security incidents.
* Collaborate with development and infrastructure teams to embed security seamlessly into business processes and IT solutions.
**Required technical and professional expertise**
* Strong experience in application security domains, including Threat Modelling, Secure SDLC, DevSecOps, and security testing.
* Knowledge of data protection methods: encryption (at rest/in transit), masking, anonymization.
* Hands-on experience with Data Loss Prevention (DLP) tools and strategies.
* Proficiency in database security controls, including access, auditing, and patch management.
* Familiarity with SIEM platforms for monitoring and analysis of data/application security events.
* Understanding of data classification principles and lifecycle management practices.
* Knowledge of privacy regulations (GDPR, HIPAA, CCPA) and ability to align security programs to compliance.
* Strong grasp of security frameworks such as NIST, ISO 27001, and CIS Critical Security Controls.
As an equal opportunities' employer, we welcome applications from individuals of all backgrounds. However, for you to be eligible for this role, you must have the valid right to work in the UK. Unfortunately, we do not offer visa sponsorship and have no future plans to do so. You must be a resident in the UK and have been living continuously in the UK for the last 2 years. You must be able to hold or gain a UK government security clearance.
**Preferred technical and professional experience**
* Experience embedding security guardrails in application modernization programs across hybrid/multicloud environments.
* Proficiency with automation tools and pipelines supporting DevSecOps practices.
* Certifications such as CSSLP, CISSP, CISM, CCSP, or equivalent.
* Strong consulting experience, with the ability to translate complex security challenges into actionable recommendations for development and business stakeholders.
* Experience in designing and managing enterprise-wide data governance frameworks.
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

**Introduction**
At IBM CIC, we provide technical and industry expertise to a wide range of public and private sector clients in the UK.
A career in IBM CIC means you'll have the opportunity to work with leading professionals across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. You will get the chance to deliver effective solutions, driving meaningful business change for our clients, using some of the latest technology platforms.
Curiosity and a constant quest for knowledge serve as the foundation to success here. You'll be encouraged and supported to constantly reinvent yourself, focusing on skills in demand in an ever changing market. You'll be working with diverse teams, coming up with creative solutions which impact a wide network of clients, who may be at their site or one of our CIC or IBM locations. Our culture of evolution centres on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.
We offer:
* Many training opportunities from classroom to e-learning, mentoring and coaching programs and the chance to gain industry recognized certifications
* Regular and frequent promotion opportunities to ensure you can drive and develop your career with us
* Feedback and checkpoints throughout the year
* Diversity & Inclusion as an essential and authentic component of our culture through our policies and process as well as our Employee Champion teams and support networks
* A culture where your ideas for growth and innovation are always welcome
* Internal recognition programs for peer-to-peer appreciation as well as from manager to employees
* Tools and policies to support your work-life balance from flexible working approaches, sabbatical programs, paid paternity leave, maternity leave and an innovative maternity returners scheme
* More traditional benefits, such as 25 days holiday (in addition to public holidays), private medical, dental & optical cover, online shopping discounts, an Employee Assistance Program, life assurance and a group personal pension plan of an additional 5% of your base salary paid by us monthly to save for your future.
**Your role and responsibilities**
As a Security Consultant specializing in Data and Application Security, you will help clients secure their applications and sensitive information across the full development and data lifecycle. You will guide organizations through application security challenges, embedding controls into design, build, and deployment phases, while leveraging practices such as Threat Modelling, Secure SDLC, and DevSecOps. With expertise in vulnerability management, data protection, and regulatory compliance, you will design security guardrails that support application modernization programs in multicloud environments, ensuring risks are minimized and business objectives are achieved securely.
Responsibilities
* Provide advisory and technical expertise on application security across the Software Development Lifecycle (Design, Build, Deploy).
* Lead activities such as Threat Modelling, Secure SDLC integration, DevSecOps practices, and application security testing.
* Implement security guardrails to support secure application modernization on multicloud platforms.
* Drive application vulnerability management, analyzing high-risk vulnerabilities, reducing false positives, and developing effective mitigation plans.
* Apply data protection techniques including encryption, masking, and anonymization to safeguard sensitive information.
* Define and enforce data classification and lifecycle management policies, ensuring security across all stages of data handling.
* Advise clients on regulatory requirements (e.g., GDPR, HIPAA, CCPA) and align security programs to meet compliance obligations.
* Strengthen database security through access management, auditing, and patch control.
* Integrate with SIEM platforms to monitor, analyze, and respond to potential data and application security incidents.
* Collaborate with development and infrastructure teams to embed security seamlessly into business processes and IT solutions.
**Required technical and professional expertise**
* Strong experience in application security domains, including Threat Modelling, Secure SDLC, DevSecOps, and security testing.
* Knowledge of data protection methods: encryption (at rest/in transit), masking, anonymization.
* Hands-on experience with Data Loss Prevention (DLP) tools and strategies.
* Proficiency in database security controls, including access, auditing, and patch management.
* Familiarity with SIEM platforms for monitoring and analysis of data/application security events.
* Understanding of data classification principles and lifecycle management practices.
* Knowledge of privacy regulations (GDPR, HIPAA, CCPA) and ability to align security programs to compliance.
* Strong grasp of security frameworks such as NIST, ISO 27001, and CIS Critical Security Controls.
As an equal opportunities' employer, we welcome applications from individuals of all backgrounds. However, for you to be eligible for this role, you must have the valid right to work in the UK. Unfortunately, we do not offer visa sponsorship and have no future plans to do so. You must be a resident in the UK and have been living continuously in the UK for the last 2 years. You must be able to hold or gain a UK government security clearance.
**Preferred technical and professional experience**
* Experience embedding security guardrails in application modernization programs across hybrid/multicloud environments.
* Proficiency with automation tools and pipelines supporting DevSecOps practices.
* Certifications such as CSSLP, CISSP, CISM, CCSP, or equivalent.
* Strong consulting experience, with the ability to translate complex security challenges into actionable recommendations for development and business stakeholders.
* Experience in designing and managing enterprise-wide data governance frameworks.
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.