963 Database Security jobs in the United Kingdom
Senior Information Security Engineer
Posted 7 days ago
Job Viewed
Job Description
_Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential._
**Title and Summary**
Senior Information Security Engineer
Who is Mastercard?
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.
Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
Overview
The Data Security Team team is looking for a Senior Information Security Engineer to drive several key initiatives associated with data protection and related cutting edge technology. The ideal candidate will join Emerging Corporate Security Solutions, an engineering-focused group with the critical mission of protecting Mastercard data, with a focus on classification, labeling, encryption, and data loss prevention (DLP). In addition, testing and creating best practices for monitoring and use of appropriate, safe and secure AI will be a key initiative.
Role
The core mission for this role is providing security requirements, standards, and related engineering of solutions associated with:
- Bringing clarity, consistency, and standards to Mastercard data
- Ensuring alignment with the Zero Trust Maturity Model (and related workflows)
- Executing various projects and initiatives to solve for and lower risks associated with complex data types (PCI, PII, Source Code, various types of customer and user data) and their storage & transfer
- Ensuring alignment with related standards and associated business units such as Access, Privacy, Insider Threat, Security Operations Center, Desktop Support
- Contributing to solutioning from an architecture and engineering perspective for necessary exceptions to security standards
- Helping develop security awareness communications and training to educate employees about data security and protection efforts and standards
- Helping establish and run continuous monitoring processes and alerting pursuant to data security policies to identify and respond to threats
- Staying current with Industry Trends (ISO, NIST, Regulations, Best Practices as they potentially or actually impact Data Security standards and execution of the same)
The Ideal candidate for this position should have:
- Working knowledge of basic security controls validation on applications, systems, networks, platforms, environments including on-prem and cloud
- Exposure to Data Security Standards efforts (labeling, classification, data protection)
- Working knowledge of the Zero Trust framework, with a focus on the Data Pillar
- Working knowledge of data protection technologies such as:
o Microsoft Purview Information Protection / Azure Information Protection
o DLP technologies like, Symantec DLP
o Data Security Posture Management (DSPM) tools and usage
o EDR tools (like Microsoft Defender)
o Cloud security tools (like Microsoft Defender for Cloud Apps)
o Data transfer tools (FTP, Citrix FileShare, others)
- Familiarity with data storage technologies such as, but not limited to:
o Relational Databases such as SQL Server, Oracle DB, IBM DB
o Non-Relational Databases such as MongoDB, Redis
o Data Warehouse and Data Lake tools such as Snowflake, Hadoop
o File servers, NAS, Isilon, Cloud Drives
- Ability to work collaboratively with key stakeholders (Data & Analytics group, Data Strategy & Management team, Access, Network and Security Architects, various Security Engineers) as well as coordinate with vendors to evaluate, test and deploy new technology solutions
Corporate Security Responsibility
Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must:
- Abide by Mastercard's security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
NOTE: Candidates go through a thorough screening and interview process. There is no need to include all preferred skills in the job description.
**Corporate Security Responsibility**
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
+ Abide by Mastercard's security policies and practices;
+ Ensure the confidentiality and integrity of the information being accessed;
+ Report any suspected information security violation or breach, and
+ Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Information Security Manager
Posted 8 days ago
Job Viewed
Job Description
Information Security Manager
Location: Central Bristol
Job Type: Full-time, Hybrid (2 days per week in-office)
Salary: 60,000 - 70,000 + Benefits
We are recruiting an Information Security Manager to lead the operational and strategic security programme for a respected organisation headquartered in central Bristol. This hybrid role offers the opportunity to shape the company's approach to information risk and resilience, while managing a skilled internal team and driving alignment with industry standards and best practice.
Reporting to the Head of Security & Governance , the successful candidate will play a central role in delivering risk reduction across the business. You'll be responsible for maintaining ISO27001 compliance, overseeing risk assessment and mitigation, and supporting incident management across multi-entity operations.
Key Accountabilities:
- Lead and manage a team of three security professionals , supporting their development and day-to-day delivery.
- Ensure ongoing ISO27001 accreditation and alignment with broader assurance frameworks (e.g. NIST CSF, Cyber Essentials).
- Shape and implement the company's information security strategy , including policy, tooling, and training.
- Conduct risk assessments, oversee remediation plans, and guide secure-by-design approaches across projects.
- Provide technical leadership in areas including threat intelligence, compliance reporting, and incident response .
- Support regulatory and internal audits, contributing clear documentation and continuous improvement.
- Collaborate with internal teams and external partners, including service providers and the organisation's parent company.
Required Skills & Qualifications:
- Demonstrable experience in information security leadership , including line management or team leadership .
- In-depth knowledge of ISO27001, GDPR, FCA SYSC, PCI DSS and other regulatory/compliance frameworks.
- Hands-on experience with security technologies: SIEM, IAM, vulnerability assessment, endpoint protection, cloud services (AWS, SaaS, IaaS) .
- Strong communication skills and stakeholder management abilities.
- Experience in incident response and enterprise risk reporting.
- Professional certifications such as CISSP or ISO27001 Lead Implementer/Auditor (desirable).
Benefits:
- Hybrid working (2 days per week in-office)
- Generous annual leave & pension contributions
- Life assurance and private health options
- Training budget and career development support
- Collaborative, supportive team culture
If you're ready to lead a team, shape an enterprise-wide security programme, and work at the heart of a well-established organisation, we'd love to hear from you.
Apply today - successful applicants will be contacted within 24-48 working hours.
Information Security Manager
Posted 1 day ago
Job Viewed
Job Description
Information Security Manager
Location: Central Bristol
Job Type: Full-time, Hybrid (2 days per week in-office)
Salary: 60,000 - 70,000 + Benefits
We are recruiting an Information Security Manager to lead the operational and strategic security programme for a respected organisation headquartered in central Bristol. This hybrid role offers the opportunity to shape the company's approach to information risk and resilience, while managing a skilled internal team and driving alignment with industry standards and best practice.
Reporting to the Head of Security & Governance , the successful candidate will play a central role in delivering risk reduction across the business. You'll be responsible for maintaining ISO27001 compliance, overseeing risk assessment and mitigation, and supporting incident management across multi-entity operations.
Key Accountabilities:
- Lead and manage a team of three security professionals , supporting their development and day-to-day delivery.
- Ensure ongoing ISO27001 accreditation and alignment with broader assurance frameworks (e.g. NIST CSF, Cyber Essentials).
- Shape and implement the company's information security strategy , including policy, tooling, and training.
- Conduct risk assessments, oversee remediation plans, and guide secure-by-design approaches across projects.
- Provide technical leadership in areas including threat intelligence, compliance reporting, and incident response .
- Support regulatory and internal audits, contributing clear documentation and continuous improvement.
- Collaborate with internal teams and external partners, including service providers and the organisation's parent company.
Required Skills & Qualifications:
- Demonstrable experience in information security leadership , including line management or team leadership .
- In-depth knowledge of ISO27001, GDPR, FCA SYSC, PCI DSS and other regulatory/compliance frameworks.
- Hands-on experience with security technologies: SIEM, IAM, vulnerability assessment, endpoint protection, cloud services (AWS, SaaS, IaaS) .
- Strong communication skills and stakeholder management abilities.
- Experience in incident response and enterprise risk reporting.
- Professional certifications such as CISSP or ISO27001 Lead Implementer/Auditor (desirable).
Benefits:
- Hybrid working (2 days per week in-office)
- Generous annual leave & pension contributions
- Life assurance and private health options
- Training budget and career development support
- Collaborative, supportive team culture
If you're ready to lead a team, shape an enterprise-wide security programme, and work at the heart of a well-established organisation, we'd love to hear from you.
Apply today - successful applicants will be contacted within 24-48 working hours.
Information Security Adviser
Posted today
Job Viewed
Job Description
At Boeing, we innovate and collaborate to make the world a better place. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
Boeing delivers leading-edge platforms, technology, services, and capabilities to bring the best value to the Ministry of Defence and UK national security services.
Employing more than 2,100 people, Boeing Defence UK provides long-term support for more than 120 Boeing military rotary-wing and fixed-wing aircrafts in the UK. For example, the Chinook and Apache helicopters, and the Poseidon and C-17 airplanes. Our support ranges from mission critical Logistics Information Services, next generation in-flight digital tools, to aircraft and operational modelling and simulation methodology.
Leveraging our established defence business in the UK, and blending our local expertise with our 'One Boeing' global approach, Boeing Defence UK is well positioned to support the UK with its current and future defence and security challenges.
An exciting opportunity has arisen for an **Information Security Adviser** to join **Boeing Defence UK** in the support of the Defence Equipment Engineering and Asset Management System (DEEAMS) programme.
Due to continued business growth there is an opportunity to join a multi-skilled security team that delivers all aspects of protective security to Boeing Defence UK (BDUK), including information security and assurance, personnel security, business continuity and counter threat support and risk advice. The successful candidate would be a part of a supportive team of around 26, with access to varied work and opportunities to progress their career alongside the growth of the business. At Boeing we're committed to rewarding excellence and fostering an inclusive environment where team members are seen, heard, valued, respected and fully engaged.
The successful candidate will work alongside other Boeing Security Advisers to deliver the security aspects of bringing a new information services solution into service whilst working with both the UK customer and collaborating with external suppliers and other agencies. The role will be expected to: produce security artefacts associated with implementing and maintaining the new solution, preparing security assurance evidence, liaise with the customer and other agencies as required and deliver other programme contractual deliverables as required.
The post holder will also have experience of information security, defence security management and defence cyber protection partnership processes. Post initial operating capability the role will be supportive in maintaining the continued authority to operate by maintaining the Information Security Management System throughout the Sustainment phase of the programme.
**Please note: this role is subject to successful Contract Award. This is an on-site role based in Bristol, with flexibility for occasional remote working at the discretion of the management team.**
**Position Responsibilities:**
+ Identifying security risks within complex information systems and developing for implementation, effective and risk balanced security measures
+ Supporting Supply Chain Security Assurance through application of the Defence Cyber Protection Partnership (DCPP) and other relevant standards and policies
+ Providing security documentation and evidence to meet HMG (MOD) security assurance requirements
+ Liaison with customers, Delivery Team Security Leads, and technical authorities, including attendance at Security Working Groups
+ Supporting security analysis of operational environments, threats, vulnerabilities and internal interfaces to define and assess compliance to accepted industry and government standards
+ Contributing to the development of information governance and risk management structures and processes
+ Assisting in the integration of information assurance activities with the system engineering, design and manufacturing elements of new business ventures and programmes
+ Engaging with stakeholders, the engineering team and sub-contractors to provide direction, guidance and support on acceptable and balanced information security solutions
+ Supporting the creation of business and user focused security policies, procedures, processes and operational guidance for the compliant delivery of customer information security requirements
+ Maintaining knowledge of technology development (both hardware and software), threat actors, tools and techniques and the risk implications for information security
+ Deliver programme security onboarding training to the Boeing programme team
+ Provide ad hoc security advice to the Boeing DEEAMS delivery team
+ Preferred Qualifications/Education
+ Ideally qualified to degree level (or equivalent) OR with substantial relevant information security experience, particularly within a similar role in UK Government or Defence
+ Relevant industry security certifications would be advantageous (e.g. SC2 Certified in Cyber Security (CC), CISMP, CCP (Ex-CLAS), CISSP, CISM).
+ Knowledge/Competences
**Basic Qualifications (Required Skills/Experience):**
+ Knowledge and understanding of MOD and Government information security policy, standards and guidance.
+ Experience of assuring IT systems in a secure government environment (MOD)
+ Understanding of systems and security verification, validation, testing and evaluation approaches.
+ Experience in generation of information security Risk Assessments, Risk Treatment Plans.
+ Experience in the specification and development of effective and balanced information assurance solutions or approaches.
+ Ability to analyse the security aspects of business risks
+ Pragmatic approach to the recommendation of security controls.
+ Ability to plan, prioritise and manage own workload with limited day-to-day supervision, but know when to seek assistance/escalate.
**Preferred Qualifications (Desired Skills/Experience):**
+ Experience of working within a multinational matrix management environment/ structure and a large-scale, complex international organization, but also within small teams, would be highly advantageous.
+ Experience of working with and assurance/gaining authority to operate information system related platforms and communication networks
+ Information assurance experience across Cloud services and Systems Engineering, Development Lifecycle would be preferred.
+ Experience of participating in developing security solutions in response to customer requirements.
+ Experience of SAP or other Enterprise Resource Planning systems.
+ Experience of systems rollout and hyper care activities.
+ Detailed understanding of data protection controls and practices.
+ Knowledge of computer security audit and investigative techniques is desirable.
+ General:
+ Effective written and verbal communication skills with ability to adapt depending on audience; ability to explain technical issues in simple language to non-technical consumers is essential.
+ Ability to contribute to cost, schedule adherence, and technical performance trade-offs.
+ Clear task focus with ability to separate out and communicate key elements from extraneous detail.
+ Team player with a collaborative working mindsets, especially with cross functional teams.
+ An independent self-starter with a proactive mindset.
**Work Authorisation:**
This requisition is for a locally hired position in the UK. Candidates must have current legal authorisation to work immediately in the United Kingdom. Boeing will not attempt to obtain Immigration and labour sponsorship for any applicants.
Benefits and pay are determined at the local level and are not part of Boeing U.S. based payroll.
Applications for this position will be accepted until **Sept. 06, 2025**
**Export Control Requirements:** This is not an Export Control position.
**Relocation**
Relocation assistance is not a negotiable benefit for this position.
**Security Clearance**
This position requires the ability to acquire a UK security Clearance for which the UK Government requires UK residency. The successful candidate will hold, or have the ability to acquire, Security Clearance (SC).
**Visa Sponsorship**
Employer will not sponsor applicants for employment visa status.
**Shift**
Not a Shift Worker (United Kingdom)
**Contingent Upon Program Reward**
The position is contingent upon program award
**Equal Opportunity Employer:**
We are an equal opportunity employer. We do not accept unlawful discrimination in our recruitment or employment practices on any grounds including but not limited to; race, color, ethnicity, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military and veteran status, or other characteristics covered by applicable law.
We have teams in more than 65 countries, and each person plays a role in helping us become one of the world's most innovative, diverse and inclusive companies. We are a Disability Confident Committed employer and welcome applications from candidates with disabilities. Applicants are encouraged to share with our recruitment team any accommodations required during the recruitment process. Accommodations may include but are not limited to: conducting interviews in accessible locations that accommodate mobility needs, encouraging candidates to bring and use any existing assistive technology such as screen readers and offering flexible interview formats such as virtual or phone interviews.
Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.
Information Security Manager
Posted 7 days ago
Job Viewed
Job Description
**Job Title:** Information Security Manager
**Location:** London, UK or Birmingham hybrid Variable
**Department:** Information Security
**About Us:**
NTT Data is a leading Managed Service Provider (MSP) with a global reach empowering local team, undertaking hugely exciting work and is genuinely changing the world.
We specialise in delivering cutting-edge IT and cybersecurity solutions to our diverse client base. We provide expert-managed services to help clients protect their data, comply with regulations, and manage evolving cyber threats. We are looking for a skilled Information Security Manager to join our team and be billed out to a key client to enhance their information security posture.
**What you'll be doing:**
**What you will be doing;**
We are seeking an experienced Information Security Manager to play a critical role in ensuring the security and resilience of our client's IT systems and data. As a client-facing professional, you will act as the pivotal point of contact for all matters relating to information and cybersecurity. You will collaborate closely with multiple teams to develop, implement, and manage robust information security frameworks, policies, and protocols.
This role combines both strategic leadership and technical expertise, enabling you to influence decision-making, advise on best practices, and ensure continuous improvement in the security posture. You will lead efforts in risk management, regulatory compliance, incident response, and security awareness training, while ensuring the client remains aligned with industry standards and legal requirements (e.g., ISO 27001, GDPR, Cyber Essentials). Your expertise will help mitigate risks, defend against cyber threats, and maintain the highest level of security across the client's infrastructure, all while maintaining a clear focus on delivering outstanding service and value.
Key to your success will be your ability to manage complex security challenges, foster strong relationships with teams, and drive a proactive security culture within their organisation.
**Core responsibilities;**
+ Act as the primary information security point of contact for relevant teams, developing a trusted relationship and advising on all aspects of cybersecurity.
+ Develop, implement, and maintain information security policies, procedures, and frameworks, ensuring alignment with industry standards (e.g., ISO 27001, NIST) and legal requirements (e.g., GDPR, Cyber Essentials).
+ Conduct security risk assessments and vulnerability management for the client, providing actionable recommendations to mitigate risks.
+ Lead incident detection, investigation, and response efforts, ensuring minimal impact to the client's business operations.
+ Collaborate with the client's IT and business teams to integrate security solutions and processes that align with their goals.
+ Deliver regular reporting to the client on security status, incidents, risks, and compliance with agreed SLAs and KPIs.
+ Provide guidance and support for the client in meeting their regulatory obligations (e.g., GDPR compliance, data protection).
+ Oversee and lead security audits, penetration testing, and vulnerability assessments for the client.
+ Manage security awareness training programs for the client's staff, fostering a culture of cybersecurity awareness.
+ Provide ongoing advice on emerging threats, vulnerabilities, and security best practices, helping the client stay ahead of the curve.
+ Ensure that the client's information security posture is continuously improved through proactive security measures, monitoring, and reporting.
**What experience you'll bring:**
**What you will bring;**
Proven experience (typically 5+ years) in information security management or a related role, preferably within an MSP or client-facing environment.
+ Strong understanding of UK and international cybersecurity regulations, including GDPR, Cyber Essentials, and ISO 27001.
+ Experience managing and leading security operations, incident response, and risk assessments.
+ Understanding and knowledge of security technologies (SIEM, firewalls, endpoint protection, encryption, etc.) and practices (vulnerability management, penetration testing).
+ Experience working in a service delivery or consultancy capacity with external clients.
+ Excellent communication skills, able to convey technical security information to non-technical stakeholders at all levels.
+ Relevant certifications such as CISSP, CISM, CISA, or equivalent are highly desirable.
**Desirable Attributes:**
+ Strong stakeholder engagement experiences.
+ Ability to work independently, take initiative, and work in a dynamic environment.
+ Proactive approach to identifying and solving problems before they escalate.
+ Strong leadership and mentoring skills to support junior staff and teams.
+ Ability to translate business needs into security solutions.
**Who we are:**
We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA ( we'll offer you:**
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here: are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
Back to search Email to a friend Apply now
Information Security Officer
Posted 5 days ago
Job Viewed
Job Description
Information Security Officer
Hybrid – Home & London | Permanent | Circa £60,000 | 35 hrs/week (flexible)
A rare and brilliant opportunity to join this international development children’s charity, as their new Information Security Officer . You'll be the expert, working closely with the Chief Information Officer and other senior leaders to embed security practices across systems, suppliers, and staff. You’ll be joining a small but impactful Technology team where the culture is collaborative and down-to-earth. You’ll have the autonomy to get stuck in, alongside the backing to develop professionally, whether that’s through security qualifications or broader leadership skills.
What you will be doing
As Information Security Officer , you’ll lead the implementation of the organisation’s cyber security plans.
- Act as subject matter expert on information security across the organisation
- Ensure compliance with standards like Cyber Essentials Plus and CIS .
- Oversee third-party security providers and outsourced ICT services.
- Manage incident response planning, investigations, and reporting.
- Deliver engaging training to build a strong security culture.
- Collaborate with Legal and Data Protection teams to ensure GDPR compliance.
- Stay ahead of evolving threats and technologies to drive continuous improvement.
- Opportunity to influence at board level without people management responsibilities
What we are looking for
What matters most is your hands-on experience navigating real-world security challenges and your ability to see both the technical and human side of data protection.
You should have:
- Proven experience in ICT security management and incident response (CIS and Cyber Essential Plus).
- Strong technical knowledge of Microsoft 365, Azure, and cloud security.
- Familiarity with frameworks like ISO 27001, NIST, and CIS.
- Excellent communication skills and a pragmatic, risk-based mindset.
- Relevant certifications (e.g. AZ-500, CISSP, CISM, CCSP) are highly desirable.
This role offers hyrbid working (1-2 days/week in office) as well as open discussion around different working patterns i.e 9-day fortnight and varied start/finish times. The organisation values professional development and had a learning & development fund for certifications and career growth. A strong emphasis on wellbeing and work-life balance within a supportive, inclusive culture that welcomes applicants from all backgrounds.
To apply, please submit your up-to-date CV by the 7th of August 2025 at 5.00 PM . Cover letters are not required.
Please note, only successful applicants will be contacted with further information.
We want you to have every opportunity to demonstrate your skills, ability and potential; please contact us if you require any assistance or adjustment so that we can help with making the application process work for you.
Information Security Manager
Posted 5 days ago
Job Viewed
Job Description
Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform
- £70–80k base + 10% bonus
- Hybrid in Coventry with monthly travel to London
- Training budget for certifications + conference attendance
- Strong emphasis on professional autonomy and ethical leadership
A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.
This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.
What you’ll bring:
- 5+ years in InfoSec, IT Security or Ops within a regulated environment
- Certification required: CISSP, CISM, CRISC, or equivalent
- Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA
- Confident with security risk assessments, audit responses, and policy governance
- Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model
- Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans
- Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice
What you’ll be doing:
- GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System
- Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays
- Security awareness & training: manage phishing simulations and content using Proofpoint
- Security architecture reviews: support technical assessments of new systems and services
- Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models
- Team leadership: mentor two analysts and deputize for the Head of InfoSec when required
- Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews
Tech & tools you’ll use:
- Protecht – Enterprise risk and audit management
- Panorays – Third-party risk tooling
- Rapid7 / Armis – Vulnerability management and threat detection
- Proofpoint – Phishing and awareness platform
- Microsoft Purview – Data governance and compliance
- Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued)
Why this role?
- High-impact GRC project work tied to new market expansion
- Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
- A clear opportunity to stretch across awareness, compliance, and operational domains
Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform
Be The First To Know
About the latest Database security Jobs in United Kingdom !
Information Security Manager
Posted 5 days ago
Job Viewed
Job Description
Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform
- £70–80k base + 10% bonus
- Hybrid in Coventry with monthly travel to London
- Training budget for certifications + conference attendance
- Strong emphasis on professional autonomy and ethical leadership
A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.
This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.
What you’ll bring:
- 5+ years in InfoSec, IT Security or Ops within a regulated environment
- Certification required: CISSP, CISM, CRISC, or equivalent
- Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA
- Confident with security risk assessments, audit responses, and policy governance
- Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model
- Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans
- Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice
What you’ll be doing:
- GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System
- Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays
- Security awareness & training: manage phishing simulations and content using Proofpoint
- Security architecture reviews: support technical assessments of new systems and services
- Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models
- Team leadership: mentor two analysts and deputize for the Head of InfoSec when required
- Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews
Tech & tools you’ll use:
- Protecht – Enterprise risk and audit management
- Panorays – Third-party risk tooling
- Rapid7 / Armis – Vulnerability management and threat detection
- Proofpoint – Phishing and awareness platform
- Microsoft Purview – Data governance and compliance
- Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued)
Why this role?
- High-impact GRC project work tied to new market expansion
- Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
- A clear opportunity to stretch across awareness, compliance, and operational domains
Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform
Information Security Officer
Posted 5 days ago
Job Viewed
Job Description
Information Security Officer
Hybrid – Home & London | Permanent | Circa £60,000 | 35 hrs/week (flexible)
A rare and brilliant opportunity to join this international development children’s charity, as their new Information Security Officer . You'll be the expert, working closely with the Chief Information Officer and other senior leaders to embed security practices across systems, suppliers, and staff. You’ll be joining a small but impactful Technology team where the culture is collaborative and down-to-earth. You’ll have the autonomy to get stuck in, alongside the backing to develop professionally, whether that’s through security qualifications or broader leadership skills.
What you will be doing
As Information Security Officer , you’ll lead the implementation of the organisation’s cyber security plans.
- Act as subject matter expert on information security across the organisation
- Ensure compliance with standards like Cyber Essentials Plus and CIS .
- Oversee third-party security providers and outsourced ICT services.
- Manage incident response planning, investigations, and reporting.
- Deliver engaging training to build a strong security culture.
- Collaborate with Legal and Data Protection teams to ensure GDPR compliance.
- Stay ahead of evolving threats and technologies to drive continuous improvement.
- Opportunity to influence at board level without people management responsibilities
What we are looking for
What matters most is your hands-on experience navigating real-world security challenges and your ability to see both the technical and human side of data protection.
You should have:
- Proven experience in ICT security management and incident response (CIS and Cyber Essential Plus).
- Strong technical knowledge of Microsoft 365, Azure, and cloud security.
- Familiarity with frameworks like ISO 27001, NIST, and CIS.
- Excellent communication skills and a pragmatic, risk-based mindset.
- Relevant certifications (e.g. AZ-500, CISSP, CISM, CCSP) are highly desirable.
This role offers hyrbid working (1-2 days/week in office) as well as open discussion around different working patterns i.e 9-day fortnight and varied start/finish times. The organisation values professional development and had a learning & development fund for certifications and career growth. A strong emphasis on wellbeing and work-life balance within a supportive, inclusive culture that welcomes applicants from all backgrounds.
To apply, please submit your up-to-date CV by the 7th of August 2025 at 5.00 PM . Cover letters are not required.
Please note, only successful applicants will be contacted with further information.
We want you to have every opportunity to demonstrate your skills, ability and potential; please contact us if you require any assistance or adjustment so that we can help with making the application process work for you.
Information Security Analyst
Posted 5 days ago
Job Viewed
Job Description
Information Security Analyst
North-West based – Hybrid
£40,000 – £55,000 (DOE) + benefits
Full-time | Monday to Friday, 9:00 AM – 5:30 PM
A growing UK-based organisation in the insurance and financial services sector is looking for a Information Security Analyst to join their expanding Information Security team.
This opportunity offers a hybrid working model and the chance to join a forward-thinking business during a period of transformation. The role blends technical security experience with GRC responsibilities and provides visibility across key areas of the business.
Key Responsibilities
- Lead security risk assessments and ensure mitigations are tracked and completed.
- Develop, review, and maintain information security policies and procedures.
- Manage third-party risk processes and contribute to vendor assurance activities.
- Align business functions with regulatory and security requirements.
- Oversee vulnerability management efforts in collaboration with IT and SOC teams.
- Conduct security architecture reviews and evaluate controls for improvement.
- Support deployment of new security tools and technologies.
- Provide oversight and documentation for security incidents.
- Deliver actionable security metrics and insights to stakeholders.
- Lead awareness campaigns and contribute to a culture of security.
- Support internal and external audits, representing the security function as needed.
- Stand in for the Head of Information Security in governance and strategy discussions.
What We’re Looking For
- 3+ years in Information Security roles, with GRC and technical exposure.
- Experience working with ISO 27001, NIST, or equivalent frameworks.
- Understanding of risk assessment and vulnerability management processes.
- Excellent communication and stakeholder engagement skills.
- Strategic mindset and ability to lead and mentor.
- Strong analytical and problem-solving skills.
The Organisation
This is a well-established business in the insurance space with over four decades of experience. The company is known for its supportive working environment and commitment to career development. With national reach and a focus on specialist insurance products, they are undergoing an exciting period of transformation and digital investment.
Benefits Snapshot
- 31–35 days annual leave including bank holidays (depending on tenure and grade)
- Enhanced maternity/paternity pay
- Life assurance and pension scheme
- Access to mental health and wellbeing support, including counselling and CBT
- Recognition programmes and long service awards
- Flexible benefits allowance and salary sacrifice options
- Social and engagement initiatives throughout the year
Ready to take on a role where your input shapes future security strategy?
Let’s have a confidential chat to explore this further.