2,175 Information Security jobs in the United Kingdom

Entity:

Job Family Group:

Job Description:

bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people’s lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future!

To enable the world to reach net zero, bp are looking for the brightest digital specialists to drive innovation as it transitions from an International Oil Company (IOC) to an International Energy Company (IEC).

Passionate about identifying and crafting security solutions that make bp a cyber resilient organisation, the Information Security team partner with business teams to help them understand cyber risk and take personal ownership for cyber security!

We’re looking for curious minds who are driven by opportunities to build value and deliver secure digital products and services to advance the global energy transition.

In the digital era, where data breaches and cyber threats are not just possibilities but realities, the role of an Information Security Lead has never been more critical. Our partnership with the business is essential to ensuring the confidentiality, integrity, and availability of an organisation's data and information systems.

Offering insights that influence the development and deployment of secure, resilient solutions & services. Your expertise enables teams to innovate with confidence, knowing their solutions align with the highest standards of data protection and regulatory compliance.

In this role you will be responsible for the delivery of security activities to ensure swift business value realization. This role focuses on information security and digital security risk activities with the following key accountabilities:

• Relationship and Customer management : Act as the main point of contact for all Digital Security enquiries within the relevant business portfolio. Build strong partnerships and influence positive change that serves the commercial ambitions.
• Security Expertise:  Provide technical expertise, implementing digital security operating processes aligned to security standards across all value stream activities.
• Safety:  Prioritize cyber and operational safety, improve digital security controls through architecture designs and process to maintain our cyber posture and react to new threats.

• Monitor and Assess : Keep a vigilant eye on our digital domains, using innovative tools to detect and assess threats. This includes collaborating on the identification, assessment and management of risk
• Strategize and Protect : Develop and implement robust security measures, crafting a secure environment for our data and systems.
• Respond and Recover : Partner Customers during security incidents with a calm, calculated approach, minimising impact and guiding recovery efforts.
• Educate and Advocate : Champion security awareness across the organisation, encouraging vigilance and responsibility.
• Innovate and Guide : Provide strategic insights to teams, ensuring security is a cornerstone of product development and business operations.
• Protect & Defend: Proactively mitigate cyber risks and coordinate the remediation of findings from vulnerability scans, supplier assurance, compliance reviews, and support the digital Delivery teams in maintaining high levels of cyber hygiene.

• Degree Educated, preferably BSc in Information Security or equivelent.
• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) or working towards certification.
• Knowledge of security frameworks such as ISO 27001/2, NIST, and CIS framework is highly advantageous.

• Previous track record in similar roles in Finance, HR, Trading, Retail, Supply or Oil and Gas companies.
• Strong influencing skills that enable you to communicate technical information to both technical and non-technical audiences, clearly and concisely.
• Deep technical knowledge, and experience delivering security solutions and providing technical advice.
• A track record of delivering business benefits by balancing the need to protect the organizations commercial ambitions and maintain operations of the core value streams.
• Experience working within developing digital ecosystems, with multiple partners and environments, ensuring suitable digital security standards and practices delivered and maintained.
• Good understanding of enterprise and operational risk management, risk governance and compliance requirements.
• Excellent project management skills, with the ability to lead multiple projects simultaneously.
• Able to adapt to shifting priorities, demands, and timelines and keep customers abreast of impact (potential or actual) to defined delivery timescales and/or business impact.
• Ability to use technology, data, and insights to enable decision making.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Travel Requirement

Relocation Assistance:

Remote Type:

Skills:

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please  contact us .

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.

• Help support and develop an internal penetration testing function.
• Conduct network, application penetration testing, code and security reviews.
• Identify and exploit vulnerabilities through proof-of-concept testing.
• Support vulnerability management across the enterprise, ensuring that a framework for identification, categorisation and mitigation exists and is implemented and maintained.
• Responsible for supporting the creation of the operating model for vulnerability management, which is shared, agreed and operates effectively across the business.
• Develop and maintain penetration testing documentation, policies, and procedures.
• Integrate cybersecurity solutions (e.g. vulnerability scanning tools) with existing systems, applications, and infrastructure.
• Evaluate and recommend technologies, tools, and vendors to meet business needs.
• Investigate newly identified cybersecurity vulnerabilities and provide appropriate mitigation actions.
• Liaise and coordinate with technology and business stakeholders in relation to cybersecurity patching and vulnerability management issues/actions.
• Maintain a cyber threat assessment methodology, align with evolving industry standards and integrate into BAU and project-based business processes.
• Support with proactive threat hunting for new and emerging cyber threats.
• Develop and maintain dashboards with cybersecurity threat and vulnerability metrics.
• Support compliance with relevant industry standards, regulations, and best practices, such as GDPR, NIS and ISO 27001.

• Strong knowledge of manual penetration testing techniques and confident with operating systems and tools such as Tenable, Burp Suite, and Kalli Linux.
• Exposure to remediating vulnerabilities and patch management in a complex business environment.
• Experience in remediating cyber risks in the ever-changing digital estate.
• 3 years of experience in a penetration testing enterprise environment.
• Prepare detailed reports and have the ability to present findings to key stakeholders.
• Cyber security industry certification(s) such as CSTM/ CRT/ OSCP/CTL.
• Understanding of different patching management techniques and approaches for different technology stacks. (e.g. SaaS, IaaS, End-User Computing, Server Estate, etc.)
• Knowledge of TVM concepts, technologies, and best practices, including OSINT tools, vulnerability assessment, threat modelling, etc.

• Competitive salary of up to £68,000 per annum, depending on experience.
• Annual Leave - 26 days holiday per year, increasing to 30 with the length of service. (plus

Cyber and Information Security Lead

Bath

75,000 - 85,000

Our client is looking for an ambitious Cyber and Information Security Lead to join their growing SaaS Business. They are seeking a conscientious, personable, and knowledgeable leader, ideally with commercial experience in the public sector. You may already be operating at the CISO level in a small company or have ambitions to reach the next level in your career.

Key Responsibilities:

• Strategy and Compliance: Design and implement a comprehensive security strategy and roadmap, ensuring our security posture meets the requirements of the NHS Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus, ISO 27001:2022, and other relevant frameworks.

• Risk Management: Lead the information security risk management program, including the identification, assessment, mitigation, and monitoring of risks across all systems and operations.

• Policy and Governance: Support and oversee the creation and enforcement of security policies, standards, and procedures.

• Incident Response: Develop, implement, and manage the security incident response plan.

• Leadership: Provide strong leadership and mentorship to the governance, risk, and compliance team.
  

Essential Requirements:

• Extensive security leadership: Proven experience (10+ years) in a senior information security role, with significant experience in a CISO or equivalent position within a software development or health technology environment

• UK health sector experience: In-depth knowledge and practical experience with UK healthcare security standards and regulations, including demonstrable expertise with the NHS Data Security and Protection Toolkit (DSPT), Digital Technology Assessment Criteria (DTAC) and NCSC CAF.

• ISO 27001:2022 implementation & maintenance: Hands-on experience with the successful implementation, certification, and ongoing maintenance of an ISO 27001 Information Security Management System (ISMS), ideally to the 2022 standard.

• Security architecture & Secure by Design: Strong understanding and experience of secure software development lifecycles (SDLC) and embedding security by design into product development processes, along with secure system architecture principles.

• Risk management: Demonstrated expertise in developing, implementing, and managing information security risk management frameworks, including risk assessment methodologies (eg OCTAVE, FAIR).

• Incident response: Proven track record in developing, leading, and managing security incident response plans, including experience with major incident handling and communication with regulatory bodies (eg NCSC, ICO, NHS England).

• Policy & governance: Extensive experience in developing, implementing, and enforcing comprehensive information security policies, standards, and procedures.

• Regulatory compliance: Solid understanding of UK and EU data protection laws (eg GDPR, Data Protection Act 2018), NIS Directive, and their practical application within a health tech context.

• Stakeholder management: Excellent communication, influencing, and negotiation skills with the ability to articulate complex security concepts to technical and non-technical stakeholders, including senior leadership, product teams, and external partners.

• Team leadership & mentoring: Proven ability to lead, mentor, and develop a high-performing governance, risk, and compliance (GRC) team.

• Vulnerability management: Experience scoping, overseeing and interpreting the results of vulnerability scanning, penetration testing, and security audits.

Please apply for more details

Information Security Manager

Location: London, Hybrid
Salary: Up to 75,000

Reports to: Head of Cyber Security

A well regarded Managed Service Provider is seeking an experienced Information Security Manager to join its team on a permanent basis. This role offers the opportunity to lead and deliver strategic security initiatives across a varied client base, with a strong focus on governance, risk, and compliance.

The successful candidate will have a proven background within an MSP or MSSP environment, hold CISSP certification, and demonstrate deep expertise in GRC frameworks, particularly ISO27001. Experience acting as a virtual Chief Information Security Officer (vCISO) is essential.

This business has made significant investment into its SOC-as-a-Service offering, positioning itself at the forefront of managed security solutions and enabling clients to benefit from cutting-edge threat detection and response capabilities.

Key Responsibilities:

• Serve as a vCISO for clients, providing strategic guidance on security posture and compliance
• Lead the development and implementation of security policies, procedures, and controls
• Manage ISO27001 compliance, including internal and external audits
• Conduct risk assessments and oversee incident response planning
• Collaborate with technical teams to ensure security is embedded across services
• Advise on regulatory requirements and emerging threats

Candidate Profile:

• Extensive experience in information security within an MSP or MSSP
• CISSP certified
• Strong working knowledge of GRC frameworks, including ISO27001
• Demonstrated experience in a vCISO capacity
• Excellent stakeholder engagement and communication skills
• Ability to lead complex security programmes across multiple environments

This role offers flexible working arrangements (hybrid), exposure to a wide range of industries and technologies, and the chance to join a collaborative team within a forward-thinking MSP committed to professional development.

Only candidates with the right to work in the UK will be considered .

London - Hybrid

Paying up to 75,000, depending on experience.

Incident Response Analyst

Permanent - 52k - 57k + strong benefits

Location: Hybrid - South Wales

Your new company

I am looking to recruit an Incident Response Analyst to join a leader in the utilities space. The business have been investing in their cyber security and IT estate and are continuing to grow and enhance their security posture. The company has a strong reputation, and we have placed numerous people into careers there, with strong feedback.

Your new role

This is an interesting opportunity to help deliver strategy which will enhance the organisation's security resilience, proactively contributing to mitigating threats, at a good time when the company is expanding and investing in its IT and cyber security estate. Working alongside the SOC, the primary responsibility of an incident responder is to rapidly investigate and document cybersecurity incidents within the organisation. Key parts of the role:

• Monitor and analyse network traffic, system logs, and other data sources to identify potential security incidents.
• Investigate alerts and suspicious activity to determine if an incident has occurred.
• Contain affected systems and networks to prevent the incident from spreading.
• Implement temporary measures to mitigate the impact of the incident.
• Work with other teams, such as IT and security operations, to develop and implement a containment strategy.
• Analyse incident data to determine the root cause of the incident and identify recommendations for improvement.
• Document and report incidents to the incident response team and other relevant stakeholders.
• Stay informed about emerging cyber threats and vulnerabilities.

What you'll need to succeed

• Experience in a similar role, ideally around CNI and OT, with exposure to cyber plans.
• Proven experience operating in a SOC or a related cyber security role.
• In-depth knowledge of cyber threats, threat intelligence frameworks and cyber security best practice.
• Strong analytical and problem-solving skills.
• Ability to work independently and as part of a team.
• Excellent communication and interpersonal skills.
• Ability to obtain UK Security Clearance

What you'll get in return

• Salary of between 52k-57k
• Hybrid working 2/3 days in South Wales per week
• Possible bonus
• 5% pension contribution from you, the company pays 10%
• Enhanced pay for parental leave
• And more!

What you need to do now

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)

Information Security & Compliance Lead

Chesterfield

50,000 to 60,000+ Excellent Benefits

Your new company

Hays Technology are recruiting for an Information Security & Compliance Lead to join a large public sector organisation based in the Chesterfield area. You will be reporting to the Head of Digital, Data & Technology. This is a new role to establish and make your own.

Your new role

In your new role, you will be responsible for ensuring the security and protection of the organisation's information systems, networks, and data, whilst playing a critical role in developing and implementing information security strategies, policies, and procedures to safeguard the organisation's digital assets and mitigating potential risks.
You will oversee information security, compliance, and risk management practices based on industry-accepted information security and risk management frameworks, whilst establishing and maintaining an incident response plan, including incident detection, response, investigation, and resolution, to minimise the impact of security incidents.

What you'll need to succeed

• Demonstrable experience of implementing and maintaining information security frameworks e.g. ISO27001 within a medium/large sized public sector organisation
• Solid stakeholder management and mentoring skills
• Information Security,Cyber Security, Assurance and vulnerability management would be ideal
• Comprehensive knowledge of Information Security Management Systems with the ability to scope, design, and implement such systems
• Strong ICT infrastructure, application, and cloud technical skills would be advantageous
• Evidenced knowledge and understanding of ISO(phone number removed), ITIL, and Prince 2 management practices
• Ability to lead the workforce, increasing their skills and knowledge in relation to information security

What you'll get in return

This exciting position is paying between 50,000 and 60,000 and offers an excellent work life balance including: generous annual leave, hybrid working, a public sector employer contribution pension scheme, flexibility, training, and development opportunities.

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)

IT Infrastructure and Network Security Engineer

45,000 - 50,000 + on-call and benefits

Full Time / Permanent

Tamworth / office-based

The Role and Company:

I am looking for a driven and experienced IT Infrastructure and Network Security Engineer to join well established business as they continue to invest heavily into their IT transformation.

This is an office-based role in Tamworth, West Midlands.

As an IT Infrastructure and Network Security Engineer, you will be working in a medium sized internal IT function alongside some experienced and skilled IT Engineers. Whilst you will be responsible for some 3rd line support work, the role is very much project focussed with an emphasis on cyber security in addition to networking and general infrastructure.

The role would suit an experienced 3rd Line / Infrastructure Engineer who is looking to work on exciting security projects.

Skills and Experience required:

• The successful candidate must have proven infrastructure and network engineering experience at 3rd line level and have a strong track record in project work.
• You will also need to be familiar with Microsoft Defender, InTune, Purview, Entra ID and security Frameworks, GDPR, NIST2, ISO27001,etc.
• You will need firewall implementation and management experience (Fortinet preferred but not essential)
• Previous experience Hyper-V and Windows 11 is also essential.
• Must work well in a small-medium sized team and be keen to continue learning new technologies and skills.

Please apply via the link or contact (url removed) for more information

Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law.

Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers.

By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

Role: Senior Security Architect

Duration: 26/02/2026 - Potential for Extension

Location: Southampton - Hybrid - 2 Days P/Week

Rate: 693 P/Day - Inside IR35 - UMB

Clearance Requirement: Must have 5 years unbroken UK residency. Transferrable/HO clearance is preferred but not required.

Job Description

This role will act as a senior security architect on a large multi-million, multi-year programme into a UK Central Government department.

Required Skills:

• Strong understanding of Public Sector Security
• Understanding of Cabinet Office "Secure by Design"
• Strong understanding of:
  • Enterprise risk
  • Infrastructure Security
  • Identity and Access Management
  • Cloud Security
  • Container Security
  • Palo Alto offerings
  • Data Security
  • DevSecOps
  • PKI
• Ability to communicate and work in a team
• Ability to present to Senior members of the team, Clients and Partners about complex issues in common English.
• A hands-on attitude, will be expected to produce design documents and review the designs of others
• Strong work ethic

Role Title: Cybersecurity IT Audit Consultant

Duration: contract to run until 30/11/2025

Location: Sheffield, Hybrid 3 days in the office is mandatory

Rate: up to 460 p/d Umbrella inside IR35

Role purpose / summary

• Conduct audits of cybersecurity controls across various domains (e.g., identity & access management, data protection, incident response).
• Evaluate the effectiveness of cyber risk management practices.
• Collaborate with internal stakeholders to identify control gaps and recommend remediation.
• Prepare audit reports and present findings to senior management.
• Support regulatory and compliance initiatives related to cybersecurity.

Key Skills/ requirements

• IT Audit Experience: Proven track record in conducting IT audits, especially within large financial institutions.
• Cybersecurity Expertise: Deep understanding of cybersecurity frameworks (e.g., NIST, ISO 27001), controls, and risk management.
• Audit Methodologies: Familiarity with internal audit processes, risk assessments, control testing, and reporting.
• Prior experience working within the client's cybersecurity or audit functions, understanding internal systems, governance structures, and compliance expectations.
• Contractor Profile: Ideally someone who has worked in similar roles on a contract basis and can quickly integrate into the team.

All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!