158 Security Compliance jobs in London
Security Compliance Manager
Posted today
Job Viewed
Job Description
Security Compliance Manager
Posted 2 days ago
Job Viewed
Job Description
An excellent opportunity to join a leading global law firm as a Security Compliance Manager. This is a key role within the Information Technology and Security function, responsible for coordinating and managing external and internal security audits, client assessments and maintaining the firm’s ISO 27001 Information Security Management System (ISMS).
The position offers significant exposure across international offices and requires collaboration with senior stakeholders, clients, and external certification bodies.
Responsibilities
- Serve as the primary liaison for client and internal security and compliance audits
- Manage and maintain the firm’s ISO 27001 ISMS and related deliverables
- Coordinate internal and external security assessments and certification schedules
- Lead ISO 27001 audits and manage relationships with certification agencies
- Manage client security assessments and responses to security questionnaires and RFPs
- Collaborate with technical, risk and business teams to identify and remediate control gaps
- Maintain documentation and reporting to ensure compliance with regulatory standards
- Develop recommendations for control enhancements and process improvements
- Represent the firm’s security posture to clients and partners
- Occasional international travel may be required
Candidate Requirements
- ISO 27001 Lead Auditor certification and/or extensive experience with ISO 27001 standards
- 5+ years’ experience in IT or Security audits, assessments or compliance management
- Strong understanding of Cyber Essentials Plus, risk management, and security controls
- Sound technical understanding of systems, networks, and security architecture best practices
- Excellent written and verbal communication skills, with the ability to engage senior stakeholders
- High attention to detail, analytical capability and strong organisational skills
- Ability to work cross-functionally and influence internal and external stakeholders
- Familiarity with control design, vulnerability management, and third-party risk management
This is a fantastic opportunity to join a globally recognised firm at the forefront of professional services technology and cybersecurity. The role offers a blend of strategic oversight and hands-on delivery within a collaborative, international environment.
Hybrid working and salary up to £95,000
Please attach an MS Word version of your CV. If you do not hear back within one week, please assume you have been unsuccessful. Unfortunately, due to the high volume of applications, individual feedback cannot be provided.
Keywords: ISO 27001 | Information Security | Compliance Manager | Cyber Security | Risk Management | Professional Services | Security Audit
Security Compliance Manager
Posted today
Job Viewed
Job Description
Security Compliance Engineer
Posted 616 days ago
Job Viewed
Job Description
The Security Compliance Engineer is a crucial member of our security team, responsible for ensuring our organisation's adherence to PCI standards and other relevant security regulations. This role involves implementing and maintaining secure payment environments, managing key encryption and decryption processes, and providing technical guidance for security compliance projects. The ideal candidate will have a strong understanding of PCI-DSS, PCI-PTS, PCI Software Security Framework, Secure Software Standard, Secure SLC Standard, and Amazon Web Services (AWS). They will also have excellent problem-solving skills, a hands-on approach to work, and the ability to communicate complex security concepts to a non-technical audience. Relevant certifications in information security and AWS are a plus.
We are a fast-growing SaaS company with offices in the UK, France, South Africa, Italy and the US. We believe that efficient public transport is key to delivering positive, sustainable change.
Kuba is in the transport sector, but we are a technology provider that enables Ticketing-as-a-Service (TaaS). We offer cutting-edge ticketing technology coupled with broad practical sector experience.
It's an exciting time to work at Kuba as we are accelerating into an incredible period of growth, and you'll have a chance to grow with us.
- Implement and maintain secure payment environments, including data encryption, secure networks, and secure transaction systems in compliance with PCI-DSS, PCI-PTS, PCI Software Security Framework, Secure Software Standard, Secure SLC Standard, and AWS best practices.
- Conduct regular audits to ensure secure handling of cardholder data and compliance with PCI, AWS, and other relevant security standards.
- Develop and implement security policies and procedures related to data protection, network security, and incident management to ensure compliance with PCI standards, AWS best practices, and other relevant regulations.
- Manage key encryption and decryption processes, ensuring secure key management.
- Provide technical guidance and support for all security compliance projects.
- Collaborate with various teams to ensure security standards are met across all projects.
- Stay updated on the latest security standards, systems, and authentication protocols, including AWS security services and features.
- Participate in the creation and or maintenance of the Information Security Management System.
Requirements
- Proven experience in a technical role managing security compliance, preferably with a focus on PCI standards and AWS. Experience in roles such as Security Analyst, Security Engineer, or similar is preferred.
- Strong knowledge of PCI-DSS, PCI-PTS, PCI Software Security Framework, Secure Software Standard, Secure SLC Standard, and AWS.
- Expertise in key management, encryption/decryption processes, and AWS security services and features.
- Familiarity with various network architectures, cloud services, system management practices, process improvement strategies, and AWS infrastructure.
- Strong problem-solving skills and a hands-on approach to tackling challenges.
- Excellent communication skills, with the ability to explain complex security concepts to non-technical team members.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or AWS Certified Security - Specialty are a plus.
Benefits
Salary and benefits commensurate with position
Information Security Manager - Compliance & Governance
Posted 3 days ago
Job Viewed
Job Description
Responsibilities:
- Develop, implement, and manage information security policies, procedures, and standards.
- Oversee compliance with relevant regulations such as GDPR, ISO 27001, SOC 2, and other industry-specific mandates.
- Conduct regular security risk assessments and vulnerability management activities.
- Manage internal and external security audits, ensuring timely remediation of findings.
- Develop and maintain the organization's business continuity and disaster recovery plans.
- Oversee the security awareness training program for all employees.
- Manage third-party risk by assessing the security posture of vendors and partners.
- Liaise with legal, compliance, and internal audit teams to ensure integrated security governance.
- Lead incident response planning and coordination efforts.
- Stay informed about evolving security threats and regulatory landscapes.
- Provide expert advice on security best practices and risk mitigation strategies to senior management and business units.
- Manage and develop a team of security professionals focused on governance and compliance.
- Bachelor's degree in Information Security, Computer Science, or a related field. Master's degree or advanced certifications are a plus.
- Minimum of 7 years of progressive experience in information security, with a strong focus on governance, risk, and compliance (GRC).
- Proven experience in implementing and managing security frameworks like ISO 27001, NIST CSF, or similar.
- In-depth knowledge of data privacy regulations (e.g., GDPR).
- Experience with security audit processes and vulnerability management tools.
- Strong understanding of risk assessment methodologies and business continuity planning.
- Excellent leadership, communication, and stakeholder management skills.
- Ability to work effectively in a hybrid work environment, balancing remote work with essential office presence.
- Relevant certifications such as CISSP, CISM, CISA, or CRISC are highly desirable.
- Ability to translate complex technical security concepts into business terms.
Security and Compliance Manager (London)
Posted 244 days ago
Job Viewed
Job Description
Deskpro, a leading provider of help desk software, is seeking a Security and Compliance Manager to join our team. As a Security and Compliance Manager at Deskpro, you will be responsible for ensuring the security and compliance of our software and systems, as well as implementing and enforcing policies and procedures to safeguard sensitive data.
We take security seriously, and we work with many enterprise and government clients. In this role, you will have the opportunity to make an impact and contribute to the continued success of Deskpro as a trusted provider of secure help desk solutions.
Responsibilities:
- Manage all existing security and compliance security policies, practices, procedures and systems
- Where required, develop and implement additional security policies, practices and procedures
- Ensure compliance with relevant industry standards and regulations
- Monitor and assess potential security risks and vulnerabilities
- Design and implement security controls, including authentication, encryption, and access controls
- Perform regular security audits and vulnerability assessments
- Engage with customers and prospects regarding custom security and compliance requests
- Conduct security incident response and investigations
- Educate and train employees on security best practices
- Maintain awareness of emerging security threats and solutions
- Collaborate with cross-functional teams to implement security measures
- Stay up-to-date with industry trends and best practices in security and compliance
Requirements
- Proven experience in a similar role, with a focus on security and compliance
- Deep knowledge of relevant industry standards and regulations (e.g., SOC 2, ISO 27001, GDPR, HIPAA)
- Strong understanding of security principles, technologies, and best practices
- Experience in developing and implementing security policies and procedures
- Familiarity with security tools and technologies, such as intrusion detection systems, firewalls, and data encryption
- Ability to assess and mitigate security risks
- Excellent communication and interpersonal skills
- Ability to work independently and collaboratively in a fast-paced environment
- Attention to detail and strong analytical skills
- Relevant certifications (e.g., CISSP, CISM, CRISC) are a plus
Benefits
Competitive benefits package including stock options. Specifics will be dependent on location (either London, UK or Austin, TX, USA).
Information Security Governance, Risk, and Compliance (GRC) Specialist
Posted 19 days ago
Job Viewed
Job Description
A career at Janus Henderson is more than a job, it's about investing in a brighter future together.
Our Mission at Janus Henderson is to help clients define and achieve superior financial outcomes through differentiated insights, disciplined investments, and world-class service. We will do this by protecting and growing our core business, amplifying our strengths and diversifying where we have the right.
Our Values are key to driving our success, and are at the heart of everything we do:
Clients Come First - Always | Execution Supersedes Intention | Together We Win | Diversity Improves Results | Truth Builds Trust
If our mission, values, and purpose align with your own, we would love to hear from you!
Your opportunity
Policy Development and Management :
+ Develop and maintain comprehensive cybersecurity policies and procedures.
+ Ensure these policies align with industry standards and regulatory requirements.
+ Assist in the integration of security practices and control across various technical and non-technical departments, enhancing workflow and operational processes.
Risk Management:
+ Conduct regular risk assessments to help identify vulnerabilities and threats.
+ Collaborate and oversee the implementation of risk mitigation strategies.
+ Monitor emerging threats and evolving technologies to continuously refine risk assessment protocols.
+ Ability to design and evaluate control metrics for assessing the effectiveness of cybersecurity measures.
+ Collaborate with Enterprise risk management to embed cyber risk into broader risk registers and board-level reporting.
Compliance Management:
+ Monitor and ensure compliance with internal policies, industry standards, and regulatory requirement.
+ Engage with required stakeholders in Technology, Legal, Compliance and Internal Audit as required
+ Compile and deliver detailed compliance reports to senior management
+ Monitor upcoming regulations and prepare compliance roadmaps.
Training and Awareness:
+ Support and enhance engaging cybersecurity awareness training programs.
+ Foster a company-wide culture of cybersecurity awareness.
+ Keep current with the latest cybersecurity trends and best practices to inform training content and security measures
+ Train and guide wider Tech team members on best practices in cybersecurity risk management.
Incident Management:
+ Actively participate in the response to security incidents.
+ Support post-incident evaluations and reporting.
+ Collaborate with relevant stakeholders to devise and enforce corrective measures aimed at bolstering defences against future incidents.
Stakeholder Engagement:
+ Maintain clear and effective communication with stakeholders at all levels.
+ Provide expert guidance on cybersecurity best practices.
+ Work collaboratively with Technology and other departments to achieve comprehensive security objective
Must have skills
+ Bachelor's Degree in Information Technology, Cybersecurity, or a related field; equivalent work experience also considered.
+ 3 to 5 years of professional experience in information security.
+ Certification such as Certified Information Systems Security Professional (CISSP) strongly preferred.
+ Deep understanding of cybersecurity principles, frameworks (such as NIST, ISO/IEC 27001), and compliance standards.
+ Experience with financial service regulations and regulations such as FCA, SEC, MAS, DORA.
+ Proficient knowledge of network security principles and controls such as Firewalls, IPS/IPD, TCP/IP, DHCP, and DNS
+ Extensive experience in securing Operating Systems such as Windows, UNIX/Linux and Mac systems. This includes security access rights, implementing configuration best practices
+ Knowledge of cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, community) and experience in implementing and managing cloud security best practices.
+ In-depth knowledge of IAM principles and technologies to manage digital identities and control user access and experience with Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access control (RBAC) systems to enhance security and operational efficiency.
+ Understanding of Secure DevOps / CI/CD pipeline governance
Supervisory responsibilities
+ No
You will be expected to understand the regulatory obligations of the firm, and abide by the regulated entity requirements and JHI policies applicable for your role.
At Janus Henderson Investors we're committed to an inclusive and supportive environment. We believe diversity improves results and we welcome applications from candidates from all backgrounds. Don't worry if you don't think you tick every box, we still want to hear from you! We understand everyone has different commitments and while we can't accommodate every flexible working request we're happy to be asked about work flexibility and our hybrid working environment. If you need any reasonable accommodations during our recruitment process, please get in touch and let us know at
#LI-LN2 #LI-HYBRID
Janus Henderson (including its subsidiaries) will not maintain existing or sponsor new industry registrations or licenses where not supported by an employee's job functions (as determined by Janus Henderson at its sole discretion).
All applicants must be willing to comply with the provisions of Janus Henderson Investment Advisory Code of Ethics related to personal securities activities and other disclosure and certification requirements, including past political contributions and political activities. Applicants' past political contributions or activity may impact applicants' eligibility for this position. Janus Henderson is an equal opportunity /Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. All applications are subject to background checks.
Be The First To Know
About the latest Security compliance Jobs in London !
Information Security Manager
Posted today
Job Viewed
Job Description
Information Security Manager
Posted 2 days ago
Job Viewed
Job Description
Information Security Manager - Rail Sector, URGENT HIRE
Lawrence Harvey is delighted to be exclusively supporting a leading rail client once again to support with the growth of their exceptional technology team for their Information Security Manager.
The Role:
- Leading management of information security which includes ISO27001, PCI-DSS, and vulnerability management.
- Working alongside the DPO and Head of Technology to support on areas of data protection.
- Lead collaboration with key partners for train onboard systems cyber security assessments and risk management
- Establish and maintain appropriate policies, procedures, and practices in relations to cyber, data and governance practices
- Manage the information security incident response program
- Manage implementation and deployment of Information Security Management System (ISMS).
- Line management of the internal InfoSec specialists.
Requirements
- Extensive experience working with PCI-DSS and ISO27001
- Strong understanding on security tools such as IDS/IPS.
- Demonstrable experience of leading Information Security, Governance, Compliance teams.
- Ideally a form of cybersecurity qualification such as CISM or CISSP
Benefits:
- Salary between £55,000 - £70,000
- Hybrid working 3 days on site, 2 days at home.
- Working in Euston or Birmingham office.
- & more.
Sponsorship is not available for this position and the successful candidate will be subject to toxicology screening as standard for the rail industry.
We are looking for this hire ASAP so those will short (1 month or less) notice periods are encouraged to apply.