2,762 Security Policy Development jobs in the United Kingdom

Security Governance Manager

Newmarket, Eastern £50000 - £60000 annum Beyond

Posted 604 days ago

Job Viewed

Tap Again To Close

Job Description

Permanent

Security Governance Manager 

Reports to: Head of Information Security 

Location: Hybrid (Newmarket) and or Remote

Hours: 32 hours across a 4-day week (no salary sacrifice) 

Salary: £50,000 - £60,000 

Product: Group level - Wonde, Evouchers & Secure Schools 

Who we are and what is important to us:

Beyond unifies three technology-driven brands, Wonde, Evouchers and Secure Schools. 

Each brand shares a vision to reduce the friction of adapting technology, to help customers navigate an often overwhelming area and provide powerful solutions that make their everyday life easier. 

The three brands run independently with the autonomy to continue to prosper although as part of the Beyond team, you’ll join a wider, supportive environment where you’ll be able to pull on the expertise and capabilities of the group. 

We do not limit ourselves to standing still. We look ahead and strive to disrupt the sector we operate in. We believe technology should not be complicated or overwhelming. It should do what it says - quickly, safely and efficiently.

Job snapshot:

As Security Governance Manager, you will be responsible for ensuring the effectiveness of security policies and control frameworks. You will support the group in adopting a security mindset using a combination of coaching, supporting and leading by example. 

This is a newly created position where you will be provided with a genuine opportunity to create impact and drive the best security practices across the group. 

What you’ll be doing:

  • Management and maintenance of the central Information Security Management System
  • Maintain and certify new products to ISO  
  • Create, consult and operationalise security policies 
  • Organise, lead and manage all security-related audit activity 
  • Track and manage audit findings from conception through to delivery 
  • Coordinate, monitor and measure activities to ensure the ISMS continues to operate as expected  
  • Support and manage the supplier security assurance process 
  • Manage the security awareness and training programme 
  • Manage the continuous improvement process to ensure improvements and efficiencies within Security are achieved

Requirements

What we’re hoping you’ll bring:

  • Previous experience in a security-focused role, particularly focusing on the implementation and management of an information security management system supporting ISO
  • A qualified ISO 27001 Lead Implementer or auditor (a nice to have)
  • Excellent written and oral communication skills
  • Natural capabilities to communicate with a diverse range of stakeholders
  • Ability to influence and coach technical and non-technical stakeholders 
  • Ambition and initiative to drive change in an evolving sector
  • Self-motivation with the confidence and enthusiasm to take the initiative and get things done 
  • Ability to prioritise workflow and ensure deadlines are met
  • The willingness to learn and adapt in an ever-changing environment

Benefits

What you’ll get:

Beyond is much more than just a place to work. It is a place to grow, innovate, excel and learn. We have tech people, creative people and people people, all focused on providing a superior customer experience. 

We value, support and champion those we work with - promoting personal growth and happiness. We get that our success is dependent on the collective energy, intelligence and contributions of all our team members and we are committed to ensuring our work environment is the best it can be. 

We value your commitment and have worked hard to create adaptable and comprehensive benefits packages to suit individual needs, although you can expect the below as standard:

  • 4-day working week 
  • Flexible working schedule/work-from-home opportunities
  • Onsite gym and well-being (quiet room) facilities 
  • Buying and selling holiday scheme
  • Additional holiday for length of service 
  • Annual allowance for volunteering days 
  • Onsite trained mental health and well-being champions 
  • Monthly lunch club (on us) 
  • Comprehensive wellness programmes (think meditation retreats and continuous access to well-being apps/initiatives) 
  • Enhanced maternity, paternity and adoption benefits 
  • Electric car scheme 
  • Cycle to Work Scheme 
  • Eye examination scheme 
  • Financial contribution to the set up of work-from-home environments 
  • Use of new and leading technology in the form of apple products 
  • Frequent company-funded social events
  • Office closure between Christmas & New Year 
  • Access to continuous learning and development opportunities
  • Comprehensive employee referral scheme 
  • Casual Dress Code

In addition to the above, you’ll have access to our ‘take your pick’ benefits scheme which is tailored specifically to you! 

Beyond is an equal-opportunity employer. We encourage interest from all candidates and do not discriminate against any non-merit factors. If you require any adjustments to the application or selection process please call or email us so we can ensure you have the correct support: careers@wonde.com/ .

This advertiser has chosen not to accept applicants from your region.

Information Security Governance, Risk, and Compliance (GRC) Specialist

London, London Janus Henderson Investors

Posted 21 days ago

Job Viewed

Tap Again To Close

Job Description

Why work for us?
A career at Janus Henderson is more than a job, it's about investing in a brighter future together.
Our Mission at Janus Henderson is to help clients define and achieve superior financial outcomes through differentiated insights, disciplined investments, and world-class service. We will do this by protecting and growing our core business, amplifying our strengths and diversifying where we have the right.
Our Values are key to driving our success, and are at the heart of everything we do:
Clients Come First - Always | Execution Supersedes Intention | Together We Win | Diversity Improves Results | Truth Builds Trust
If our mission, values, and purpose align with your own, we would love to hear from you!
Your opportunity
Policy Development and Management :
+ Develop and maintain comprehensive cybersecurity policies and procedures.
+ Ensure these policies align with industry standards and regulatory requirements.
+ Assist in the integration of security practices and control across various technical and non-technical departments, enhancing workflow and operational processes.
Risk Management:
+ Conduct regular risk assessments to help identify vulnerabilities and threats.
+ Collaborate and oversee the implementation of risk mitigation strategies.
+ Monitor emerging threats and evolving technologies to continuously refine risk assessment protocols.
+ Ability to design and evaluate control metrics for assessing the effectiveness of cybersecurity measures.
+ Collaborate with Enterprise risk management to embed cyber risk into broader risk registers and board-level reporting.
Compliance Management:
+ Monitor and ensure compliance with internal policies, industry standards, and regulatory requirement.
+ Engage with required stakeholders in Technology, Legal, Compliance and Internal Audit as required
+ Compile and deliver detailed compliance reports to senior management
+ Monitor upcoming regulations and prepare compliance roadmaps.
Training and Awareness:
+ Support and enhance engaging cybersecurity awareness training programs.
+ Foster a company-wide culture of cybersecurity awareness.
+ Keep current with the latest cybersecurity trends and best practices to inform training content and security measures
+ Train and guide wider Tech team members on best practices in cybersecurity risk management.
Incident Management:
+ Actively participate in the response to security incidents.
+ Support post-incident evaluations and reporting.
+ Collaborate with relevant stakeholders to devise and enforce corrective measures aimed at bolstering defences against future incidents.
Stakeholder Engagement:
+ Maintain clear and effective communication with stakeholders at all levels.
+ Provide expert guidance on cybersecurity best practices.
+ Work collaboratively with Technology and other departments to achieve comprehensive security objective
Must have skills
+ Bachelor's Degree in Information Technology, Cybersecurity, or a related field; equivalent work experience also considered.
+ 3 to 5 years of professional experience in information security.
+ Certification such as Certified Information Systems Security Professional (CISSP) strongly preferred.
+ Deep understanding of cybersecurity principles, frameworks (such as NIST, ISO/IEC 27001), and compliance standards.
+ Experience with financial service regulations and regulations such as FCA, SEC, MAS, DORA.
+ Proficient knowledge of network security principles and controls such as Firewalls, IPS/IPD, TCP/IP, DHCP, and DNS
+ Extensive experience in securing Operating Systems such as Windows, UNIX/Linux and Mac systems. This includes security access rights, implementing configuration best practices
+ Knowledge of cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, community) and experience in implementing and managing cloud security best practices.
+ In-depth knowledge of IAM principles and technologies to manage digital identities and control user access and experience with Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access control (RBAC) systems to enhance security and operational efficiency.
+ Understanding of Secure DevOps / CI/CD pipeline governance
Supervisory responsibilities
+ No
You will be expected to understand the regulatory obligations of the firm, and abide by the regulated entity requirements and JHI policies applicable for your role.
At Janus Henderson Investors we're committed to an inclusive and supportive environment. We believe diversity improves results and we welcome applications from candidates from all backgrounds. Don't worry if you don't think you tick every box, we still want to hear from you! We understand everyone has different commitments and while we can't accommodate every flexible working request we're happy to be asked about work flexibility and our hybrid working environment. If you need any reasonable accommodations during our recruitment process, please get in touch and let us know at
#LI-LN2 #LI-HYBRID
Janus Henderson (including its subsidiaries) will not maintain existing or sponsor new industry registrations or licenses where not supported by an employee's job functions (as determined by Janus Henderson at its sole discretion).
All applicants must be willing to comply with the provisions of Janus Henderson Investment Advisory Code of Ethics related to personal securities activities and other disclosure and certification requirements, including past political contributions and political activities. Applicants' past political contributions or activity may impact applicants' eligibility for this position. Janus Henderson is an equal opportunity /Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. All applications are subject to background checks.
This advertiser has chosen not to accept applicants from your region.

Information Security Manager - Compliance & Governance

EC2M 1BN London, London £70000 Annually WhatJobs

Posted 4 days ago

Job Viewed

Tap Again To Close

Job Description

full-time
Our client is seeking an experienced Information Security Manager to oversee their compliance and governance initiatives. This critical hybrid role, based in the heart of **London, England**, will ensure the organization adheres to relevant security standards, regulations, and best practices. The successful candidate will play a pivotal role in shaping and maintaining a robust security posture.

Responsibilities:
  • Develop, implement, and manage information security policies, procedures, and standards.
  • Oversee compliance with relevant regulations such as GDPR, ISO 27001, SOC 2, and other industry-specific mandates.
  • Conduct regular security risk assessments and vulnerability management activities.
  • Manage internal and external security audits, ensuring timely remediation of findings.
  • Develop and maintain the organization's business continuity and disaster recovery plans.
  • Oversee the security awareness training program for all employees.
  • Manage third-party risk by assessing the security posture of vendors and partners.
  • Liaise with legal, compliance, and internal audit teams to ensure integrated security governance.
  • Lead incident response planning and coordination efforts.
  • Stay informed about evolving security threats and regulatory landscapes.
  • Provide expert advice on security best practices and risk mitigation strategies to senior management and business units.
  • Manage and develop a team of security professionals focused on governance and compliance.
Qualifications:
  • Bachelor's degree in Information Security, Computer Science, or a related field. Master's degree or advanced certifications are a plus.
  • Minimum of 7 years of progressive experience in information security, with a strong focus on governance, risk, and compliance (GRC).
  • Proven experience in implementing and managing security frameworks like ISO 27001, NIST CSF, or similar.
  • In-depth knowledge of data privacy regulations (e.g., GDPR).
  • Experience with security audit processes and vulnerability management tools.
  • Strong understanding of risk assessment methodologies and business continuity planning.
  • Excellent leadership, communication, and stakeholder management skills.
  • Ability to work effectively in a hybrid work environment, balancing remote work with essential office presence.
  • Relevant certifications such as CISSP, CISM, CISA, or CRISC are highly desirable.
  • Ability to translate complex technical security concepts into business terms.
This hybrid role in **London, England**, offers a dynamic work environment where you can lead crucial security governance functions. Our client is committed to fostering a culture of security excellence and provides ample opportunities for professional growth.
This advertiser has chosen not to accept applicants from your region.

Information Security Manager - Compliance & Governance

M1 2WD Manchester, North West £65000 Annually WhatJobs

Posted 18 days ago

Job Viewed

Tap Again To Close

Job Description

full-time
Our client is seeking an experienced Information Security Manager to lead their compliance and governance efforts. This role offers a hybrid working model, combining the flexibility of remote work with the collaborative benefits of an office environment. You will be responsible for developing, implementing, and maintaining the organization's information security policies, standards, and procedures to ensure compliance with relevant regulations and industry best practices. The ideal candidate will have a strong understanding of information security frameworks (e.g., ISO 27001, NIST, GDPR) and experience conducting risk assessments, vulnerability management, and security audits. Your responsibilities will include managing security awareness training programs, overseeing third-party risk assessments, and ensuring that security controls are effectively implemented and monitored. You will collaborate with various departments to foster a security-conscious culture and address potential risks. This position requires excellent leadership, communication, and project management skills. A proactive approach to identifying and mitigating security risks is essential. We are looking for a detail-oriented and strategic individual committed to upholding the highest standards of information security.This is a hybrid role based in Manchester, Greater Manchester, UK.

Key Responsibilities:
  • Develop, implement, and maintain information security policies, standards, and procedures.
  • Oversee compliance with relevant regulatory requirements (e.g., GDPR, PCI DSS).
  • Conduct information security risk assessments and develop mitigation strategies.
  • Manage vulnerability management programs and security testing initiatives.
  • Develop and deliver security awareness training programs for employees.
  • Perform internal and external security audits and assessments.
  • Manage third-party risk assessment processes.
  • Ensure the effectiveness of security controls through continuous monitoring.
  • Act as a point of contact for security-related inquiries and incidents.
  • Collaborate with IT and business units to integrate security into operational processes.

Qualifications:
  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • 5+ years of experience in information security, with a focus on governance, risk, and compliance (GRC).
  • In-depth knowledge of information security frameworks (ISO 27001, NIST, CIS Controls).
  • Experience with conducting risk assessments and audits.
  • Strong understanding of data privacy regulations.
  • Excellent communication, leadership, and interpersonal skills.
  • Proficiency in security GRC tools is a plus.
  • Relevant security certifications (e.g., CISSP, CISM, CRISC) are highly desirable.
  • Ability to manage projects and work effectively in a hybrid environment.
This advertiser has chosen not to accept applicants from your region.

Head of Information Security Governance, Risk and Compliance & Awareness - Doxford, SR3 3XP

SR3 3XP Doxford, North East Arriva

Posted 1 day ago

Job Viewed

Tap Again To Close

Job Description

Head of Information Security Governance, Risk and Compliance & Awareness - Doxford, SR3 3XP

Arriva is a leading European passenger transport partner, operating in 11 countries across the UK and Europe.  The company employs around 35,000 people, delivering more than 1.5 billion passenger journeys connecting people and communities safely, reliably and sustainably.

We have strong roots dating back to 1938, an ambitious growth and sustainability agenda, and a continuously developing relationship with I Squared Capital – a global infrastructure investment fund manager - who acquired Arriva in 2024.

We are looking for a Head of Information Security Governance, Risk, Compliance (GRC) & Awareness to join our Information Security Team on a full time, permanent basis, based from either our Doxford office, Sunderland or Lacon House, London.

Reporting to the Group Chief Information Security Officer, the Head of InfoSec GRC & Awareness is responsible for leading the governance, risk, and compliance functions within the Information Security domain. This role ensures that the organisation maintains a robust security posture through the development and enforcement of policies, standards, and awareness initiatives. The role is pivotal in aligning security practices with business objectives and regulatory requirements.

This position oversees the continuous improvement of security policies and standards, including technical standards, ensuring adherence across the enterprise. The role is accountable for measuring cyber maturity and driving compliance with internal and external requirements. It also includes oversight of the development and implementation of a comprehensive Operational Technology (OT) compliance framework, ensuring alignment with broader Arriva and industry recognised cyber security standards.

The Head of InfoSec GRC & Awareness manages the enterprise-wide information security risk management process, including the maintenance of the InfoSec Risk Register, oversight of residual risk declarations, and escalation of serious risks in accordance with the Arriva Risk Management framework. The role also includes risk reporting and the execution of risk assessments across business units and third-party engagements.  The role also supports internal and external audit activities and contributes to audit readiness and response efforts across IT functions.

The role is responsible for leading assurance activities across key security domains such as HR security, physical security, system security, malware protection, network security, end-user device security, cloud security, and secure applications.

The Head of InfoSec GRC & Awareness also owns the organisation’s security awareness programme, including designing and executing awareness campaigns, planning tailored training for high-risk users, and coordinating education roadshows.

Direct responsibilities:

  • Leads the improvement and enforcement of enterprise-wide Information Security Policies and Standards, including technical standards.
  • Manages the UK Business Information Security Officer to support GRC and awareness activities across the UK businesses, as well as the governance of the wider European teams in the Netherlands and Mainland Europe business units.
  • Maintains and develops Information Security Management System in line with ISO27001.
  • Drives organisation-wide security governance and cyber maturity through standards compliance, assurance reviews, and gap analysis, be that Arriva policies and standards or industry recognised certifications such as ISO/IEC 27001, Cyber Essentials, NIS CAF, NIST CSF, CIS Controls.
  • Oversees the development of a scalable Operational Technology (OT) Security Assurance Framework, including the management of day to day activities of the Operational Technology Compliance Manager.
  • Develops and implements the enterprise Information Security Risk Methodology, including owning the Information Security, ensuring residual risk declarations are completed, prioritised, reviewed, and remediated with accountable stakeholders.
  • Manages the third party due diligence process, including subject matter expertise in technical security requirements, supporting the on boarding of new suppliers, as well as the ongoing assessment of existing suppliers, including contract reviews with support from the data protection team.
  • Leads key technical assurance activities such as the Arriva UK annual penetration test and red teaming exercises, working with Technology and Systems and the business, where appropriate, to ensure critical, high and medium risk findings are remediated.
  • Provides IT audit support, including evidence coordination, control validation, and remediation planning.
  • Leads assurance and compliance monitoring across information technology systems to include system security, malware Protection, network and endpoint security, cloud security and identity and access management activities.
  • Improves and manages the Group-level Information Security Awareness Programme, including training strategy, annual compliance training content, communications plan, roadshows, and ongoing engagement.

Knowledge, skills & experience:

  • Practitioner qualifications e.g. CISSP certification, CESG Listed Advisor (CLAS), ISO27001 Lead Auditor, Certified Information Security Manager (CISM) Knowledge of all areas of Cyber Security
  • Evidencable extensive experience in information security or IT governance roles, including proven experience working in large, federated, and complex enterprise environments.
  • Experience developing and maintaining security policies, standards, and risk management frameworks, including experience in managing third-party risk.
  • Track record of successful security awareness campaigns, measurable cultural change, and increased risk literacy across organisations.
  • Familiarity with audit lifecycles, regulatory compliance, control assurance, and data protection including a deep understanding of security control frameworks (e.g., ISO/IEC 27001, Cyber Essentials, NIS CAF, NIST CSF, CIS Controls, PCI-DSS).
  • Knowledge of all areas of IT Security, including cyber security for digital technologies, identity and access management, authentication and single sign-on, authorisation, logging and monitoring, audit, secure communications and cryptographic services, network and endpoint protection, hosting and cloud, vulnerability management, platform security, and systems development lifecycle.
  • Provides clear vision and direction, inspiring and engaging individuals and the wider team to deliver excellence.
  • Written and verbal communication and presentation skills. Influencing and negotiating skills.
  • Possesses a proactive and solution-focused attitude, being capable of analysing business problems and delivering real solutions.
  • Experience supporting IT audits and regulatory inspections.

Success criteria & indicators:

Delivery and enforcement of updated information security policies and standards across all business units, with measurable adherence tracked through assurance reviews and compliance audits.

Maintenance of a comprehensive InfoSec Risk Register, with timely execution of risk assessments, accurate residual risk declarations, and escalation of high-impact risks in line with the Arriva Risk Management framework.

Implementation of a scalable OT security assurance framework, with demonstrable alignment to industry standards and effective oversight of OT compliance activities.

Successful coordination of internal and external audit activities, including evidence gathering, control validation, and remediation planning, with reduced audit findings and improved audit readiness scores.

Execution of a Group-wide security awareness programme, including tailored training, annual campaigns, and engagement initiatives, with measurable improvements in user risk literacy and training completion rates.

Stakeholder relationships:

  • Group, divisional, and country business colleagues in Arriva
  • Group, divisional, and country technology colleagues in Arriva
  • External industry and security experts
  • External consultants and suppliers
  • Data Protection Authorities (UK and Europe)
  • Internal and external risk, compliance, and audit teams
  • Third party training providers and internal communications teams

This job description sets out the main duties and responsibilities of the job-holder. It does not constitute an exhaustive or comprehensive description of duties and the job holder will be required to carry out any additional tasks as and when requested to do so by their manager.  Responsibilities and duties may also change in light of future business needs and personal development.

The closing date for applications is Tuesday 28th  October 2025 . Arriva Group reserves the right to close this vacancy early.

This advertiser has chosen not to accept applicants from your region.

Head of Information Security Governance, Risk and Compliance & Awareness - Doxford, SR3 3XP

Oxford, South East Arriva

Posted today

Job Viewed

Tap Again To Close

Job Description

Job Description

Head of Information Security Governance, Risk and Compliance & Awareness - Doxford, SR3 3XP

Arriva is a leading European passenger transport partner, operating in 11 countries across the UK and Europe.  The company employs around 35,000 people, delivering more than 1.5 billion passenger journeys connecting people and communities safely, reliably and sustainably.

We have strong roots dating back to 1938, an ambitious growth and sustainability agenda, and a continuously developing relationship with I Squared Capital – a global infrastructure investment fund manager - who acquired Arriva in 2024.

We are looking for a Head of Information Security Governance, Risk, Compliance (GRC) & Awareness to join our Information Security Team on a full time, permanent basis, based from either our Doxford office, Sunderland or Lacon House, London.

Reporting to the Group Chief Information Security Officer, the Head of InfoSec GRC & Awareness is responsible for leading the governance, risk, and compliance functions within the Information Security domain. This role ensures that the organisation maintains a robust security posture through the development and enforcement of policies, standards, and awareness initiatives. The role is pivotal in aligning security practices with business objectives and regulatory requirements.

This position oversees the continuous improvement of security policies and standards, including technical standards, ensuring adherence across the enterprise. The role is accountable for measuring cyber maturity and driving compliance with internal and external requirements. It also includes oversight of the development and implementation of a comprehensive Operational Technology (OT) compliance framework, ensuring alignment with broader Arriva and industry recognised cyber security standards.

The Head of InfoSec GRC & Awareness manages the enterprise-wide information security risk management process, including the maintenance of the InfoSec Risk Register, oversight of residual risk declarations, and escalation of serious risks in accordance with the Arriva Risk Management framework. The role also includes risk reporting and the execution of risk assessments across business units and third-party engagements.  The role also supports internal and external audit activities and contributes to audit readiness and response efforts across IT functions.

The role is responsible for leading assurance activities across key security domains such as HR security, physical security, system security, malware protection, network security, end-user device security, cloud security, and secure applications.

The Head of InfoSec GRC & Awareness also owns the organisation’s security awareness programme, including designing and executing awareness campaigns, planning tailored training for high-risk users, and coordinating education roadshows.

Direct responsibilities:

  • Leads the improvement and enforcement of enterprise-wide Information Security Policies and Standards, including technical standards.
  • Manages the UK Business Information Security Officer to support GRC and awareness activities across the UK businesses, as well as the governance of the wider European teams in the Netherlands and Mainland Europe business units.
  • Maintains and develops Information Security Management System in line with ISO27001.
  • Drives organisation-wide security governance and cyber maturity through standards compliance, assurance reviews, and gap analysis, be that Arriva policies and standards or industry recognised certifications such as ISO/IEC 27001, Cyber Essentials, NIS CAF, NIST CSF, CIS Controls.
  • Oversees the development of a scalable Operational Technology (OT) Security Assurance Framework, including the management of day to day activities of the Operational Technology Compliance Manager.
  • Develops and implements the enterprise Information Security Risk Methodology, including owning the Information Security, ensuring residual risk declarations are completed, prioritised, reviewed, and remediated with accountable stakeholders.
  • Manages the third party due diligence process, including subject matter expertise in technical security requirements, supporting the on boarding of new suppliers, as well as the ongoing assessment of existing suppliers, including contract reviews with support from the data protection team.
  • Leads key technical assurance activities such as the Arriva UK annual penetration test and red teaming exercises, working with Technology and Systems and the business, where appropriate, to ensure critical, high and medium risk findings are remediated.
  • Provides IT audit support, including evidence coordination, control validation, and remediation planning.
  • Leads assurance and compliance monitoring across information technology systems to include system security, malware Protection, network and endpoint security, cloud security and identity and access management activities.
  • Improves and manages the Group-level Information Security Awareness Programme, including training strategy, annual compliance training content, communications plan, roadshows, and ongoing engagement.

Knowledge, skills & experience:

  • Practitioner qualifications e.g. CISSP certification, CESG Listed Advisor (CLAS), ISO27001 Lead Auditor, Certified Information Security Manager (CISM) Knowledge of all areas of Cyber Security
  • Evidencable extensive experience in information security or IT governance roles, including proven experience working in large, federated, and complex enterprise environments.
  • Experience developing and maintaining security policies, standards, and risk management frameworks, including experience in managing third-party risk.
  • Track record of successful security awareness campaigns, measurable cultural change, and increased risk literacy across organisations.
  • Familiarity with audit lifecycles, regulatory compliance, control assurance, and data protection including a deep understanding of security control frameworks (e.g., ISO/IEC 27001, Cyber Essentials, NIS CAF, NIST CSF, CIS Controls, PCI-DSS).
  • Knowledge of all areas of IT Security, including cyber security for digital technologies, identity and access management, authentication and single sign-on, authorisation, logging and monitoring, audit, secure communications and cryptographic services, network and endpoint protection, hosting and cloud, vulnerability management, platform security, and systems development lifecycle.
  • Provides clear vision and direction, inspiring and engaging individuals and the wider team to deliver excellence.
  • Written and verbal communication and presentation skills. Influencing and negotiating skills.
  • Possesses a proactive and solution-focused attitude, being capable of analysing business problems and delivering real solutions.
  • Experience supporting IT audits and regulatory inspections.

Success criteria & indicators:

Delivery and enforcement of updated information security policies and standards across all business units, with measurable adherence tracked through assurance reviews and compliance audits.

Maintenance of a comprehensive InfoSec Risk Register, with timely execution of risk assessments, accurate residual risk declarations, and escalation of high-impact risks in line with the Arriva Risk Management framework.

Implementation of a scalable OT security assurance framework, with demonstrable alignment to industry standards and effective oversight of OT compliance activities.

Successful coordination of internal and external audit activities, including evidence gathering, control validation, and remediation planning, with reduced audit findings and improved audit readiness scores.

Execution of a Group-wide security awareness programme, including tailored training, annual campaigns, and engagement initiatives, with measurable improvements in user risk literacy and training completion rates.

Stakeholder relationships:

  • Group, divisional, and country business colleagues in Arriva
  • Group, divisional, and country technology colleagues in Arriva
  • External industry and security experts
  • External consultants and suppliers
  • Data Protection Authorities (UK and Europe)
  • Internal and external risk, compliance, and audit teams
  • Third party training providers and internal communications teams

This job description sets out the main duties and responsibilities of the job-holder. It does not constitute an exhaustive or comprehensive description of duties and the job holder will be required to carry out any additional tasks as and when requested to do so by their manager.  Responsibilities and duties may also change in light of future business needs and personal development.

The closing date for applications is Tuesday 28th  October 2025 . Arriva Group reserves the right to close this vacancy early.

This advertiser has chosen not to accept applicants from your region.

Security and Governance Consultant

Birmingham, West Midlands £65000 - £80000 annum Focus Group

Posted 21 days ago

Job Viewed

Tap Again To Close

Job Description

Permanent

Job Title: Security and Governance Consultant 

Salary: £65,000 - £80,000 

Location: Remote UK with regular client site visits and travel requirements 

Join Our Team as a Security and Governance Consultant at Focus Group .

Who We Are: 

At Focus Group, we know our people are our greatest asset. We are a growing company that thrives on collaboration, energy and creativity, where every individual plays a key role in shaping our success. Our security practice delivers innovative governance and strategic security solutions to enterprise clients through our bespoke Fractional CxO and IT Strategy frameworks. We are looking for a highly skilled and experienced security leader to join our team and help shape the future of our security consulting services. 

If you're looking for an exciting, senior-level role where you can make a real strategic impact while working with diverse, high-profile clients, this could be the perfect opportunity for you. 

What We're Looking For: 

The ideal person for this role will be someone who thrives in a dynamic consulting environment, has exceptional strategic thinking capabilities, and can seamlessly transition between tactical board-level discussions and operational technical security work. You'll need to be a natural leader, an outstanding communicator, and someone comfortable working both independently as a trusted advisor and as part of our collaborative security team. 

Most importantly, you'll have the senior security expertise and consulting experience to drive meaningful change for our clients. 

What's in It for You? 

  • A strategic, high-impact role: Lead security transformation across multiple enterprise clients while serving as the dedicated Security Manager for a flagship client contract 
  • Executive-level exposure: Work directly with C-suite leaders, boards, and senior stakeholders on critical security initiatives 
  • Diverse client portfolio: Experience different industries, challenges, and security maturity levels through our Fractional CxO service models 
  • Growth and development opportunities: We're committed to helping you develop your skills and advance your career. You'll learn from a team of experienced professionals who are passionate about security excellence 
  • Industry recognition: Represent Focus Group at security forums and contribute to thought leadership in the security consulting space 
  • A supportive, inclusive culture: At Focus Group, we pride ourselves on maintaining a positive and collaborative work environment. We care about each individual's well-being and work-life balance, and we make sure everyone feels valued

What Will You Do? 

Client-focused Security Manager (50% allocation):  
You'll serve as the dedicated Security Manager for a new strategic client contract, owning their defined Information Security requirements and ensuring world-class security governance across all managed services. You'll coordinate with the client’s security partner, lead incident response activities, and provide monthly security reporting to executive stakeholders. In addition, you’ll work closely with our internal teams to ensure all designs, projects, and services are delivered to agreed security standards. 

Fractional CxO Security Services (50% allocation):  
You'll deliver virtual CISO services across our client portfolio, conducting security strategy assessments, developing comprehensive security roadmaps, and providing executive-level security guidance. You'll lead complex engagements including security posture assessments, governance framework development, and digital transformation security initiatives. 

Requirements

Technical Skills:  

  • Professional Security Certifications: CISSP, CISM, or equivalent senior security qualifications 
  • Security Frameworks: Deep expertise in ISO27001, SOC 2, CE+, NIST, and other governance frameworks 
  • Cloud Security: Advanced knowledge of Azure, Microsoft 365, and cloud security architecture 
  • Risk Management: Proven experience developing risk management frameworks and compliance programs 
  • Incident Response: Hands-on experience leading security incident response and forensic investigations 
  • Enterprise Security: Understanding of managed security services, SIEM/SOC operations, and security tooling integration 
  • Compliance: Knowledge of regulatory requirements, including PCI DSS and industry-specific standards 

Soft Skills:  

  • Executive Communication: Outstanding written and verbal communication skills with the ability to present to board-level audiences 
  • Strategic Thinking: Ability to translate business objectives into comprehensive security strategies 
  • Consulting Excellence: Proven track record building client relationships and delivering complex security consulting engagements 
  • Leadership: Experience mentoring teams and driving organizational change through security initiatives 
  • Problem-Solving: Exceptional analytical skills to resolve complex security challenges across diverse environments 
  • Continuous Learning: Commitment to staying current with evolving security threats, technologies, and best practices 

You must be willing to travel regularly to client sites and hold a full valid UK driving license. 

Nice to Have:  

  • Advanced certifications such as SABSA, TOGAF, or CISSP 
  • Background in hospitality, retail, or regulated industries 
  • Project management certification (PMP, PRINCE2) 
  • Experience with security automation and orchestration platforms 
  • Knowledge of DevSecOps and secure software development lifecycles 

Benefits

Why Join Focus Group? 

At Focus Group, we're all about creating an environment where our security professionals can thrive and make a genuine impact on client organizations. Joining us means being part of a supportive, inclusive culture where we celebrate achievements, big and small. We value every individual's contribution and believe that together, we can help our clients build truly resilient security programs. 

If you're ready to take on a challenging and rewarding role that allows you to shape security strategy at the highest levels, we'd love to hear from you. Let's build something special together. 

Benefits: 

At Focus Group, you can be proud of what you do, how you do it and feel a true part of the team. We work hard to create an inclusive, collaborative, and rewarding environment where you are inspired to achieve brilliant things and make a real difference to the future of our business. 

We're proud to have built an outstanding place to work where people thrive and are recognised for their achievements. We're delighted to have been named one of the UK's Best 100 Companies to Work for 2021 and a British Private Equity & Venture Capital Association (BVCA) 2023 Vision Award Winner for London and the South East, recognising our commitment to culture and ESG. 

This advertiser has chosen not to accept applicants from your region.
Be The First To Know

About the latest Security policy development Jobs in United Kingdom !

Security and Governance Consultant

£65000 - £80000 annum Focus Group

Posted 21 days ago

Job Viewed

Tap Again To Close

Job Description

Permanent

Job Title: Security and Governance Consultant 

Salary: £65,000 - £80,000 

Location: Remote UK with regular client site visits and travel requirements 

Join Our Team as a Security and Governance Consultant at Focus Group .

Who We Are: 

At Focus Group, we know our people are our greatest asset. We are a growing company that thrives on collaboration, energy and creativity, where every individual plays a key role in shaping our success. Our security practice delivers innovative governance and strategic security solutions to enterprise clients through our bespoke Fractional CxO and IT Strategy frameworks. We are looking for a highly skilled and experienced security leader to join our team and help shape the future of our security consulting services. 

If you're looking for an exciting, senior-level role where you can make a real strategic impact while working with diverse, high-profile clients, this could be the perfect opportunity for you. 

What We're Looking For: 

The ideal person for this role will be someone who thrives in a dynamic consulting environment, has exceptional strategic thinking capabilities, and can seamlessly transition between tactical board-level discussions and operational technical security work. You'll need to be a natural leader, an outstanding communicator, and someone comfortable working both independently as a trusted advisor and as part of our collaborative security team. 

Most importantly, you'll have the senior security expertise and consulting experience to drive meaningful change for our clients. 

What's in It for You? 

  • A strategic, high-impact role: Lead security transformation across multiple enterprise clients while serving as the dedicated Security Manager for a flagship client contract 
  • Executive-level exposure: Work directly with C-suite leaders, boards, and senior stakeholders on critical security initiatives 
  • Diverse client portfolio: Experience different industries, challenges, and security maturity levels through our Fractional CxO service models 
  • Growth and development opportunities: We're committed to helping you develop your skills and advance your career. You'll learn from a team of experienced professionals who are passionate about security excellence 
  • Industry recognition: Represent Focus Group at security forums and contribute to thought leadership in the security consulting space 
  • A supportive, inclusive culture: At Focus Group, we pride ourselves on maintaining a positive and collaborative work environment. We care about each individual's well-being and work-life balance, and we make sure everyone feels valued

What Will You Do? 

Client-focused Security Manager (50% allocation):  
You'll serve as the dedicated Security Manager for a new strategic client contract, owning their defined Information Security requirements and ensuring world-class security governance across all managed services. You'll coordinate with the client’s security partner, lead incident response activities, and provide monthly security reporting to executive stakeholders. In addition, you’ll work closely with our internal teams to ensure all designs, projects, and services are delivered to agreed security standards. 

Fractional CxO Security Services (50% allocation):  
You'll deliver virtual CISO services across our client portfolio, conducting security strategy assessments, developing comprehensive security roadmaps, and providing executive-level security guidance. You'll lead complex engagements including security posture assessments, governance framework development, and digital transformation security initiatives. 

Requirements

Technical Skills:  

  • Professional Security Certifications: CISSP, CISM, or equivalent senior security qualifications 
  • Security Frameworks: Deep expertise in ISO27001, SOC 2, CE+, NIST, and other governance frameworks 
  • Cloud Security: Advanced knowledge of Azure, Microsoft 365, and cloud security architecture 
  • Risk Management: Proven experience developing risk management frameworks and compliance programs 
  • Incident Response: Hands-on experience leading security incident response and forensic investigations 
  • Enterprise Security: Understanding of managed security services, SIEM/SOC operations, and security tooling integration 
  • Compliance: Knowledge of regulatory requirements, including PCI DSS and industry-specific standards 

Soft Skills:  

  • Executive Communication: Outstanding written and verbal communication skills with the ability to present to board-level audiences 
  • Strategic Thinking: Ability to translate business objectives into comprehensive security strategies 
  • Consulting Excellence: Proven track record building client relationships and delivering complex security consulting engagements 
  • Leadership: Experience mentoring teams and driving organizational change through security initiatives 
  • Problem-Solving: Exceptional analytical skills to resolve complex security challenges across diverse environments 
  • Continuous Learning: Commitment to staying current with evolving security threats, technologies, and best practices 

You must be willing to travel regularly to client sites and hold a full valid UK driving license. 

Nice to Have:  

  • Advanced certifications such as SABSA, TOGAF, or CISSP 
  • Background in hospitality, retail, or regulated industries 
  • Project management certification (PMP, PRINCE2) 
  • Experience with security automation and orchestration platforms 
  • Knowledge of DevSecOps and secure software development lifecycles 

Benefits

Why Join Focus Group? 

At Focus Group, we're all about creating an environment where our security professionals can thrive and make a genuine impact on client organizations. Joining us means being part of a supportive, inclusive culture where we celebrate achievements, big and small. We value every individual's contribution and believe that together, we can help our clients build truly resilient security programs. 

If you're ready to take on a challenging and rewarding role that allows you to shape security strategy at the highest levels, we'd love to hear from you. Let's build something special together. 

Benefits: 

At Focus Group, you can be proud of what you do, how you do it and feel a true part of the team. We work hard to create an inclusive, collaborative, and rewarding environment where you are inspired to achieve brilliant things and make a real difference to the future of our business. 

We're proud to have built an outstanding place to work where people thrive and are recognised for their achievements. We're delighted to have been named one of the UK's Best 100 Companies to Work for 2021 and a British Private Equity & Venture Capital Association (BVCA) 2023 Vision Award Winner for London and the South East, recognising our commitment to culture and ESG. 

This advertiser has chosen not to accept applicants from your region.

Information Security Analyst

Prism Digital

Posted 1 day ago

Job Viewed

Tap Again To Close

Job Description

Information Security Analyst | Security+, Microsoft Purview, Defender | Global Trading Platform


  • £60–70k base + 10% bonus
  • Hybrid in Coventry with monthly travel to London
  • Security certification support & career development built-in


Join a growing InfoSec team at the heart of a global financial institution’s expansion. As an Analyst, you’ll work hands-on with data governance, security tooling, and access management — helping to shape how a modern SME approaches cybersecurity. You’ll bring technical curiosity, the ability to interrogate data, and the confidence to advise IT teams on the practical steps that keep the business secure.


What you’ll bring:

  • 3+ years’ experience in an InfoSec, IT security, or analyst role
  • Security certifications: Security+ and ideally Microsoft security certifications (e.g. SC-200/SC-400)
  • Experience with security tools (Microsoft Defender, web proxy, email security, CrowdStrike or equivalents)
  • Knowledge of single sign-on and zero trust networks (beyond just segregation)
  • Exposure to data management / governance tools (e.g. Microsoft Purview, or similar)
  • Strong communicator: able to translate technical concepts into practical advice for IT and stakeholders


What you’ll be doing:

  • Recertification of accounts : Pulling and interrogating data through bespoke platforms
  • Security tooling : Working with Defender, web proxy, CrowdStrike-equivalent tools
  • Data management : Supporting data labelling & retention projects using Purview or similar
  • Governance support : Involved in data loss prevention, labelling, and stakeholder engagement (including DPO)
  • Practical incident response input : Advising IT on immediate steps during incidents, converting theory into quick, actionable responses
  • Ongoing InfoSec operations : Metrics, monitoring, and security projects across applications and users


Tech & tools you’ll use:

  • Microsoft Purview – Data governance and policy enforcement
  • Microsoft Defender – Endpoint & email protection
  • CrowdStrike / equivalents – Endpoint detection & response
  • Web proxy & email security tools
  • Azure (beneficial) – IAM, monitoring, and security logging


Why this role?

  • Be central to shaping data governance and security operations in a dynamic SME environment
  • Hands-on exposure to a wide range of security tools and concepts (not siloed to audit work)
  • Opportunity to advise and influence IT directly on practical security decisions
  • Work alongside experienced InfoSec leadership who value mentoring and professional growth


If this sounds like something you would be interested in, please apply!


Information Security Analyst | Security+, Microsoft Purview, Defender | Global Trading Platform

This advertiser has chosen not to accept applicants from your region.

Information Security Consultant

Digital Waffle

Posted 1 day ago

Job Viewed

Tap Again To Close

Job Description

Information Security Consultant - Virtual CISO (vCISO)

Up to £80,000 | Fully Remote (with occasional client travel)


My client is seeking an experienced cyber security professional to step into a Virtual CISO (vCISO) role, acting as a trusted advisor to a diverse portfolio of organisations. This is an opportunity to directly influence and shape cyber security strategies at board level while embedding yourself as a valued extension of your clients’ security teams.


Key Responsibilities

  • Serve as a strategic security partner, helping clients to define, develop, and mature their cyber security roadmap.
  • Build strong, long-term relationships with stakeholders and establish yourself as a core member of their security function.
  • Take ownership of client-specific Security Improvement Plans, ensuring risks are reduced and resilience is increased.
  • Lead governance and oversight activities, including risk reviews, board-level reporting, and mentoring client teams.
  • Carry out security reviews across cloud, hybrid, and on-premises environments, identifying vulnerabilities and improvement areas.
  • Work closely with SOC teams to review threat hunting outcomes and ensure remediation of poor practices.
  • Provide guidance on compliance and frameworks such as ISO 27001, Cyber Assessment Framework (CAF), and Cyber Essentials.
  • Contribute to incident readiness and response as part of the Cyber Security Incident Response Team (CSIRT).
  • Actively contribute to the internal growth and knowledge-sharing within the wider team, suggesting improvements and supporting colleagues.
  • Ensure compliance with internal security and governance standards.


About You:

  • Proven experience as a CISO, vCISO, or senior cyber security advisor.
  • Strong knowledge of security frameworks, governance, risk management, and compliance.
  • Excellent communication and stakeholder engagement skills, with the ability to influence at board level.
  • Hands-on experience with cloud and hybrid architectures, audits, and security assessments.
  • Incident response and crisis management experience is a plus.
  • Holding CISSP/CISM
  • ISO27001 Lead implementer


What’s on Offer

  • Salary up to £80,000
  • Fully remote role with flexibility to travel to client sites when required
  • Opportunity to work across varied industries, influencing security at the highest levels


If you’re looking for a role where you can combine strategic influence with hands-on expertise, and you thrive on building trusted client relationships, this could be your next career move.

This advertiser has chosen not to accept applicants from your region.
 

Nearby Locations

Other Jobs Near Me

Industry

  1. request_quote Accounting
  2. work Administrative
  3. eco Agriculture Forestry
  4. smart_toy AI & Emerging Technologies
  5. school Apprenticeships & Trainee
  6. apartment Architecture
  7. palette Arts & Entertainment
  8. directions_car Automotive
  9. flight_takeoff Aviation
  10. account_balance Banking & Finance
  11. local_florist Beauty & Wellness
  12. restaurant Catering
  13. volunteer_activism Charity & Voluntary
  14. science Chemical Engineering
  15. child_friendly Childcare
  16. foundation Civil Engineering
  17. clean_hands Cleaning & Sanitation
  18. diversity_3 Community & Social Care
  19. construction Construction
  20. brush Creative & Digital
  21. currency_bitcoin Crypto & Blockchain
  22. support_agent Customer Service & Helpdesk
  23. medical_services Dental
  24. medical_services Driving & Transport
  25. medical_services E Commerce & Social Media
  26. school Education & Teaching
  27. electrical_services Electrical Engineering
  28. bolt Energy
  29. local_mall Fmcg
  30. gavel Government & Non Profit
  31. emoji_events Graduate
  32. health_and_safety Healthcare
  33. beach_access Hospitality & Tourism
  34. groups Human Resources
  35. precision_manufacturing Industrial Engineering
  36. security Information Security
  37. handyman Installation & Maintenance
  38. policy Insurance
  39. code IT & Software
  40. gavel Legal
  41. sports_soccer Leisure & Sports
  42. inventory_2 Logistics & Warehousing
  43. supervisor_account Management
  44. supervisor_account Management Consultancy
  45. supervisor_account Manufacturing & Production
  46. campaign Marketing
  47. build Mechanical Engineering
  48. perm_media Media & PR
  49. local_hospital Medical
  50. local_hospital Military & Public Safety
  51. local_hospital Mining
  52. medical_services Nursing
  53. local_gas_station Oil & Gas
  54. biotech Pharmaceutical
  55. checklist_rtl Project Management
  56. shopping_bag Purchasing
  57. home_work Real Estate
  58. person_search Recruitment Consultancy
  59. store Retail
  60. point_of_sale Sales
  61. science Scientific Research & Development
  62. wifi Telecoms
  63. psychology Therapy
  64. pets Veterinary
View All Security Policy Development Jobs