2,762 Security Policy Development jobs in the United Kingdom

• Develop, implement, and manage information security policies, procedures, and standards.
• Oversee compliance with relevant regulations such as GDPR, ISO 27001, SOC 2, and other industry-specific mandates.
• Conduct regular security risk assessments and vulnerability management activities.
• Manage internal and external security audits, ensuring timely remediation of findings.
• Develop and maintain the organization's business continuity and disaster recovery plans.
• Oversee the security awareness training program for all employees.
• Manage third-party risk by assessing the security posture of vendors and partners.
• Liaise with legal, compliance, and internal audit teams to ensure integrated security governance.
• Lead incident response planning and coordination efforts.
• Stay informed about evolving security threats and regulatory landscapes.
• Provide expert advice on security best practices and risk mitigation strategies to senior management and business units.
• Manage and develop a team of security professionals focused on governance and compliance.

• Bachelor's degree in Information Security, Computer Science, or a related field. Master's degree or advanced certifications are a plus.
• Minimum of 7 years of progressive experience in information security, with a strong focus on governance, risk, and compliance (GRC).
• Proven experience in implementing and managing security frameworks like ISO 27001, NIST CSF, or similar.
• In-depth knowledge of data privacy regulations (e.g., GDPR).
• Experience with security audit processes and vulnerability management tools.
• Strong understanding of risk assessment methodologies and business continuity planning.
• Excellent leadership, communication, and stakeholder management skills.
• Ability to work effectively in a hybrid work environment, balancing remote work with essential office presence.
• Relevant certifications such as CISSP, CISM, CISA, or CRISC are highly desirable.
• Ability to translate complex technical security concepts into business terms.

• Develop, implement, and maintain information security policies, standards, and procedures.
• Oversee compliance with relevant regulatory requirements (e.g., GDPR, PCI DSS).
• Conduct information security risk assessments and develop mitigation strategies.
• Manage vulnerability management programs and security testing initiatives.
• Develop and deliver security awareness training programs for employees.
• Perform internal and external security audits and assessments.
• Manage third-party risk assessment processes.
• Ensure the effectiveness of security controls through continuous monitoring.
• Act as a point of contact for security-related inquiries and incidents.
• Collaborate with IT and business units to integrate security into operational processes.

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in information security, with a focus on governance, risk, and compliance (GRC).
• In-depth knowledge of information security frameworks (ISO 27001, NIST, CIS Controls).
• Experience with conducting risk assessments and audits.
• Strong understanding of data privacy regulations.
• Excellent communication, leadership, and interpersonal skills.
• Proficiency in security GRC tools is a plus.
• Relevant security certifications (e.g., CISSP, CISM, CRISC) are highly desirable.
• Ability to manage projects and work effectively in a hybrid environment.

Arriva is a leading European passenger transport partner, operating in 11 countries across the UK and Europe.  The company employs around 35,000 people, delivering more than 1.5 billion passenger journeys connecting people and communities safely, reliably and sustainably.

We have strong roots dating back to 1938, an ambitious growth and sustainability agenda, and a continuously developing relationship with I Squared Capital – a global infrastructure investment fund manager - who acquired Arriva in 2024.

We are looking for a Head of Information Security Governance, Risk, Compliance (GRC) & Awareness to join our Information Security Team on a full time, permanent basis, based from either our Doxford office, Sunderland or Lacon House, London.

Reporting to the Group Chief Information Security Officer, the Head of InfoSec GRC & Awareness is responsible for leading the governance, risk, and compliance functions within the Information Security domain. This role ensures that the organisation maintains a robust security posture through the development and enforcement of policies, standards, and awareness initiatives. The role is pivotal in aligning security practices with business objectives and regulatory requirements.

This position oversees the continuous improvement of security policies and standards, including technical standards, ensuring adherence across the enterprise. The role is accountable for measuring cyber maturity and driving compliance with internal and external requirements. It also includes oversight of the development and implementation of a comprehensive Operational Technology (OT) compliance framework, ensuring alignment with broader Arriva and industry recognised cyber security standards.

The Head of InfoSec GRC & Awareness manages the enterprise-wide information security risk management process, including the maintenance of the InfoSec Risk Register, oversight of residual risk declarations, and escalation of serious risks in accordance with the Arriva Risk Management framework. The role also includes risk reporting and the execution of risk assessments across business units and third-party engagements.  The role also supports internal and external audit activities and contributes to audit readiness and response efforts across IT functions.

The role is responsible for leading assurance activities across key security domains such as HR security, physical security, system security, malware protection, network security, end-user device security, cloud security, and secure applications.

The Head of InfoSec GRC & Awareness also owns the organisation’s security awareness programme, including designing and executing awareness campaigns, planning tailored training for high-risk users, and coordinating education roadshows.

Direct responsibilities:

• Leads the improvement and enforcement of enterprise-wide Information Security Policies and Standards, including technical standards.
• Manages the UK Business Information Security Officer to support GRC and awareness activities across the UK businesses, as well as the governance of the wider European teams in the Netherlands and Mainland Europe business units.
• Maintains and develops Information Security Management System in line with ISO27001.
• Drives organisation-wide security governance and cyber maturity through standards compliance, assurance reviews, and gap analysis, be that Arriva policies and standards or industry recognised certifications such as ISO/IEC 27001, Cyber Essentials, NIS CAF, NIST CSF, CIS Controls.
• Oversees the development of a scalable Operational Technology (OT) Security Assurance Framework, including the management of day to day activities of the Operational Technology Compliance Manager.
• Develops and implements the enterprise Information Security Risk Methodology, including owning the Information Security, ensuring residual risk declarations are completed, prioritised, reviewed, and remediated with accountable stakeholders.
• Manages the third party due diligence process, including subject matter expertise in technical security requirements, supporting the on boarding of new suppliers, as well as the ongoing assessment of existing suppliers, including contract reviews with support from the data protection team.
• Leads key technical assurance activities such as the Arriva UK annual penetration test and red teaming exercises, working with Technology and Systems and the business, where appropriate, to ensure critical, high and medium risk findings are remediated.
• Provides IT audit support, including evidence coordination, control validation, and remediation planning.
• Leads assurance and compliance monitoring across information technology systems to include system security, malware Protection, network and endpoint security, cloud security and identity and access management activities.
• Improves and manages the Group-level Information Security Awareness Programme, including training strategy, annual compliance training content, communications plan, roadshows, and ongoing engagement.

Knowledge, skills & experience:

• Practitioner qualifications e.g. CISSP certification, CESG Listed Advisor (CLAS), ISO27001 Lead Auditor, Certified Information Security Manager (CISM) Knowledge of all areas of Cyber Security
• Evidencable extensive experience in information security or IT governance roles, including proven experience working in large, federated, and complex enterprise environments.
• Experience developing and maintaining security policies, standards, and risk management frameworks, including experience in managing third-party risk.
• Track record of successful security awareness campaigns, measurable cultural change, and increased risk literacy across organisations.
• Familiarity with audit lifecycles, regulatory compliance, control assurance, and data protection including a deep understanding of security control frameworks (e.g., ISO/IEC 27001, Cyber Essentials, NIS CAF, NIST CSF, CIS Controls, PCI-DSS).
• Knowledge of all areas of IT Security, including cyber security for digital technologies, identity and access management, authentication and single sign-on, authorisation, logging and monitoring, audit, secure communications and cryptographic services, network and endpoint protection, hosting and cloud, vulnerability management, platform security, and systems development lifecycle.
• Provides clear vision and direction, inspiring and engaging individuals and the wider team to deliver excellence.
• Written and verbal communication and presentation skills. Influencing and negotiating skills.
• Possesses a proactive and solution-focused attitude, being capable of analysing business problems and delivering real solutions.
• Experience supporting IT audits and regulatory inspections.

Success criteria & indicators:

Delivery and enforcement of updated information security policies and standards across all business units, with measurable adherence tracked through assurance reviews and compliance audits.

Maintenance of a comprehensive InfoSec Risk Register, with timely execution of risk assessments, accurate residual risk declarations, and escalation of high-impact risks in line with the Arriva Risk Management framework.

Implementation of a scalable OT security assurance framework, with demonstrable alignment to industry standards and effective oversight of OT compliance activities.

Successful coordination of internal and external audit activities, including evidence gathering, control validation, and remediation planning, with reduced audit findings and improved audit readiness scores.

Execution of a Group-wide security awareness programme, including tailored training, annual campaigns, and engagement initiatives, with measurable improvements in user risk literacy and training completion rates.

Stakeholder relationships:

• Group, divisional, and country business colleagues in Arriva
• Group, divisional, and country technology colleagues in Arriva
• External industry and security experts
• External consultants and suppliers
• Data Protection Authorities (UK and Europe)
• Internal and external risk, compliance, and audit teams
• Third party training providers and internal communications teams

This job description sets out the main duties and responsibilities of the job-holder. It does not constitute an exhaustive or comprehensive description of duties and the job holder will be required to carry out any additional tasks as and when requested to do so by their manager.  Responsibilities and duties may also change in light of future business needs and personal development.

The closing date for applications is Tuesday 28th  October 2025 . Arriva Group reserves the right to close this vacancy early.

Head of Information Security Governance, Risk and Compliance & Awareness - Doxford, SR3 3XP

Arriva is a leading European passenger transport partner, operating in 11 countries across the UK and Europe.  The company employs around 35,000 people, delivering more than 1.5 billion passenger journeys connecting people and communities safely, reliably and sustainably.

We have strong roots dating back to 1938, an ambitious growth and sustainability agenda, and a continuously developing relationship with I Squared Capital – a global infrastructure investment fund manager - who acquired Arriva in 2024.

We are looking for a Head of Information Security Governance, Risk, Compliance (GRC) & Awareness to join our Information Security Team on a full time, permanent basis, based from either our Doxford office, Sunderland or Lacon House, London.

Reporting to the Group Chief Information Security Officer, the Head of InfoSec GRC & Awareness is responsible for leading the governance, risk, and compliance functions within the Information Security domain. This role ensures that the organisation maintains a robust security posture through the development and enforcement of policies, standards, and awareness initiatives. The role is pivotal in aligning security practices with business objectives and regulatory requirements.

This position oversees the continuous improvement of security policies and standards, including technical standards, ensuring adherence across the enterprise. The role is accountable for measuring cyber maturity and driving compliance with internal and external requirements. It also includes oversight of the development and implementation of a comprehensive Operational Technology (OT) compliance framework, ensuring alignment with broader Arriva and industry recognised cyber security standards.

The Head of InfoSec GRC & Awareness manages the enterprise-wide information security risk management process, including the maintenance of the InfoSec Risk Register, oversight of residual risk declarations, and escalation of serious risks in accordance with the Arriva Risk Management framework. The role also includes risk reporting and the execution of risk assessments across business units and third-party engagements.  The role also supports internal and external audit activities and contributes to audit readiness and response efforts across IT functions.

The role is responsible for leading assurance activities across key security domains such as HR security, physical security, system security, malware protection, network security, end-user device security, cloud security, and secure applications.

The Head of InfoSec GRC & Awareness also owns the organisation’s security awareness programme, including designing and executing awareness campaigns, planning tailored training for high-risk users, and coordinating education roadshows.

Direct responsibilities:

• Leads the improvement and enforcement of enterprise-wide Information Security Policies and Standards, including technical standards.
• Manages the UK Business Information Security Officer to support GRC and awareness activities across the UK businesses, as well as the governance of the wider European teams in the Netherlands and Mainland Europe business units.
• Maintains and develops Information Security Management System in line with ISO27001.
• Drives organisation-wide security governance and cyber maturity through standards compliance, assurance reviews, and gap analysis, be that Arriva policies and standards or industry recognised certifications such as ISO/IEC 27001, Cyber Essentials, NIS CAF, NIST CSF, CIS Controls.
• Oversees the development of a scalable Operational Technology (OT) Security Assurance Framework, including the management of day to day activities of the Operational Technology Compliance Manager.
• Develops and implements the enterprise Information Security Risk Methodology, including owning the Information Security, ensuring residual risk declarations are completed, prioritised, reviewed, and remediated with accountable stakeholders.
• Manages the third party due diligence process, including subject matter expertise in technical security requirements, supporting the on boarding of new suppliers, as well as the ongoing assessment of existing suppliers, including contract reviews with support from the data protection team.
• Leads key technical assurance activities such as the Arriva UK annual penetration test and red teaming exercises, working with Technology and Systems and the business, where appropriate, to ensure critical, high and medium risk findings are remediated.
• Provides IT audit support, including evidence coordination, control validation, and remediation planning.
• Leads assurance and compliance monitoring across information technology systems to include system security, malware Protection, network and endpoint security, cloud security and identity and access management activities.
• Improves and manages the Group-level Information Security Awareness Programme, including training strategy, annual compliance training content, communications plan, roadshows, and ongoing engagement.

Knowledge, skills & experience:

• Practitioner qualifications e.g. CISSP certification, CESG Listed Advisor (CLAS), ISO27001 Lead Auditor, Certified Information Security Manager (CISM) Knowledge of all areas of Cyber Security
• Evidencable extensive experience in information security or IT governance roles, including proven experience working in large, federated, and complex enterprise environments.
• Experience developing and maintaining security policies, standards, and risk management frameworks, including experience in managing third-party risk.
• Track record of successful security awareness campaigns, measurable cultural change, and increased risk literacy across organisations.
• Familiarity with audit lifecycles, regulatory compliance, control assurance, and data protection including a deep understanding of security control frameworks (e.g., ISO/IEC 27001, Cyber Essentials, NIS CAF, NIST CSF, CIS Controls, PCI-DSS).
• Knowledge of all areas of IT Security, including cyber security for digital technologies, identity and access management, authentication and single sign-on, authorisation, logging and monitoring, audit, secure communications and cryptographic services, network and endpoint protection, hosting and cloud, vulnerability management, platform security, and systems development lifecycle.
• Provides clear vision and direction, inspiring and engaging individuals and the wider team to deliver excellence.
• Written and verbal communication and presentation skills. Influencing and negotiating skills.
• Possesses a proactive and solution-focused attitude, being capable of analysing business problems and delivering real solutions.
• Experience supporting IT audits and regulatory inspections.

Success criteria & indicators:

Delivery and enforcement of updated information security policies and standards across all business units, with measurable adherence tracked through assurance reviews and compliance audits.

Maintenance of a comprehensive InfoSec Risk Register, with timely execution of risk assessments, accurate residual risk declarations, and escalation of high-impact risks in line with the Arriva Risk Management framework.

Implementation of a scalable OT security assurance framework, with demonstrable alignment to industry standards and effective oversight of OT compliance activities.

Successful coordination of internal and external audit activities, including evidence gathering, control validation, and remediation planning, with reduced audit findings and improved audit readiness scores.

Execution of a Group-wide security awareness programme, including tailored training, annual campaigns, and engagement initiatives, with measurable improvements in user risk literacy and training completion rates.

Stakeholder relationships:

• Group, divisional, and country business colleagues in Arriva
• Group, divisional, and country technology colleagues in Arriva
• External industry and security experts
• External consultants and suppliers
• Data Protection Authorities (UK and Europe)
• Internal and external risk, compliance, and audit teams
• Third party training providers and internal communications teams

This job description sets out the main duties and responsibilities of the job-holder. It does not constitute an exhaustive or comprehensive description of duties and the job holder will be required to carry out any additional tasks as and when requested to do so by their manager.  Responsibilities and duties may also change in light of future business needs and personal development.

The closing date for applications is Tuesday 28th  October 2025 . Arriva Group reserves the right to close this vacancy early.

Job Title: Security and Governance Consultant 

Salary: £65,000 - £80,000 

Location: Remote UK with regular client site visits and travel requirements 

Join Our Team as a Security and Governance Consultant at Focus Group .

Who We Are: 

At Focus Group, we know our people are our greatest asset. We are a growing company that thrives on collaboration, energy and creativity, where every individual plays a key role in shaping our success. Our security practice delivers innovative governance and strategic security solutions to enterprise clients through our bespoke Fractional CxO and IT Strategy frameworks. We are looking for a highly skilled and experienced security leader to join our team and help shape the future of our security consulting services. 

If you're looking for an exciting, senior-level role where you can make a real strategic impact while working with diverse, high-profile clients, this could be the perfect opportunity for you. 

What We're Looking For: 

The ideal person for this role will be someone who thrives in a dynamic consulting environment, has exceptional strategic thinking capabilities, and can seamlessly transition between tactical board-level discussions and operational technical security work. You'll need to be a natural leader, an outstanding communicator, and someone comfortable working both independently as a trusted advisor and as part of our collaborative security team. 

Most importantly, you'll have the senior security expertise and consulting experience to drive meaningful change for our clients. 

What's in It for You? 

• A strategic, high-impact role: Lead security transformation across multiple enterprise clients while serving as the dedicated Security Manager for a flagship client contract 

• Executive-level exposure: Work directly with C-suite leaders, boards, and senior stakeholders on critical security initiatives 

• Diverse client portfolio: Experience different industries, challenges, and security maturity levels through our Fractional CxO service models 

• Growth and development opportunities: We're committed to helping you develop your skills and advance your career. You'll learn from a team of experienced professionals who are passionate about security excellence 

• Industry recognition: Represent Focus Group at security forums and contribute to thought leadership in the security consulting space 

• A supportive, inclusive culture: At Focus Group, we pride ourselves on maintaining a positive and collaborative work environment. We care about each individual's well-being and work-life balance, and we make sure everyone feels valued

What Will You Do? 

Client-focused Security Manager (50% allocation):  
You'll serve as the dedicated Security Manager for a new strategic client contract, owning their defined Information Security requirements and ensuring world-class security governance across all managed services. You'll coordinate with the client’s security partner, lead incident response activities, and provide monthly security reporting to executive stakeholders. In addition, you’ll work closely with our internal teams to ensure all designs, projects, and services are delivered to agreed security standards. 

Fractional CxO Security Services (50% allocation):  
You'll deliver virtual CISO services across our client portfolio, conducting security strategy assessments, developing comprehensive security roadmaps, and providing executive-level security guidance. You'll lead complex engagements including security posture assessments, governance framework development, and digital transformation security initiatives. 

Requirements

Technical Skills:  

• Professional Security Certifications: CISSP, CISM, or equivalent senior security qualifications 

• Security Frameworks: Deep expertise in ISO27001, SOC 2, CE+, NIST, and other governance frameworks 

• Cloud Security: Advanced knowledge of Azure, Microsoft 365, and cloud security architecture 

• Risk Management: Proven experience developing risk management frameworks and compliance programs 

• Incident Response: Hands-on experience leading security incident response and forensic investigations 

• Enterprise Security: Understanding of managed security services, SIEM/SOC operations, and security tooling integration 

• Compliance: Knowledge of regulatory requirements, including PCI DSS and industry-specific standards 

Soft Skills:  

• Executive Communication: Outstanding written and verbal communication skills with the ability to present to board-level audiences 

• Strategic Thinking: Ability to translate business objectives into comprehensive security strategies 

• Consulting Excellence: Proven track record building client relationships and delivering complex security consulting engagements 

• Leadership: Experience mentoring teams and driving organizational change through security initiatives 

• Problem-Solving: Exceptional analytical skills to resolve complex security challenges across diverse environments 

• Continuous Learning: Commitment to staying current with evolving security threats, technologies, and best practices 

You must be willing to travel regularly to client sites and hold a full valid UK driving license. 

Nice to Have:  

• Advanced certifications such as SABSA, TOGAF, or CISSP 

• Background in hospitality, retail, or regulated industries 

• Project management certification (PMP, PRINCE2) 

• Experience with security automation and orchestration platforms 

• Knowledge of DevSecOps and secure software development lifecycles 

Benefits

Why Join Focus Group? 

At Focus Group, we're all about creating an environment where our security professionals can thrive and make a genuine impact on client organizations. Joining us means being part of a supportive, inclusive culture where we celebrate achievements, big and small. We value every individual's contribution and believe that together, we can help our clients build truly resilient security programs. 

If you're ready to take on a challenging and rewarding role that allows you to shape security strategy at the highest levels, we'd love to hear from you. Let's build something special together. 

Benefits: 

At Focus Group, you can be proud of what you do, how you do it and feel a true part of the team. We work hard to create an inclusive, collaborative, and rewarding environment where you are inspired to achieve brilliant things and make a real difference to the future of our business. 

We're proud to have built an outstanding place to work where people thrive and are recognised for their achievements. We're delighted to have been named one of the UK's Best 100 Companies to Work for 2021 and a British Private Equity & Venture Capital Association (BVCA) 2023 Vision Award Winner for London and the South East, recognising our commitment to culture and ESG. 

Job Title: Security and Governance Consultant 

Salary: £65,000 - £80,000 

Location: Remote UK with regular client site visits and travel requirements 

Join Our Team as a Security and Governance Consultant at Focus Group .

Who We Are: 

At Focus Group, we know our people are our greatest asset. We are a growing company that thrives on collaboration, energy and creativity, where every individual plays a key role in shaping our success. Our security practice delivers innovative governance and strategic security solutions to enterprise clients through our bespoke Fractional CxO and IT Strategy frameworks. We are looking for a highly skilled and experienced security leader to join our team and help shape the future of our security consulting services. 

If you're looking for an exciting, senior-level role where you can make a real strategic impact while working with diverse, high-profile clients, this could be the perfect opportunity for you. 

What We're Looking For: 

The ideal person for this role will be someone who thrives in a dynamic consulting environment, has exceptional strategic thinking capabilities, and can seamlessly transition between tactical board-level discussions and operational technical security work. You'll need to be a natural leader, an outstanding communicator, and someone comfortable working both independently as a trusted advisor and as part of our collaborative security team. 

Most importantly, you'll have the senior security expertise and consulting experience to drive meaningful change for our clients. 

What's in It for You? 

• A strategic, high-impact role: Lead security transformation across multiple enterprise clients while serving as the dedicated Security Manager for a flagship client contract 

• Executive-level exposure: Work directly with C-suite leaders, boards, and senior stakeholders on critical security initiatives 

• Diverse client portfolio: Experience different industries, challenges, and security maturity levels through our Fractional CxO service models 

• Growth and development opportunities: We're committed to helping you develop your skills and advance your career. You'll learn from a team of experienced professionals who are passionate about security excellence 

• Industry recognition: Represent Focus Group at security forums and contribute to thought leadership in the security consulting space 

• A supportive, inclusive culture: At Focus Group, we pride ourselves on maintaining a positive and collaborative work environment. We care about each individual's well-being and work-life balance, and we make sure everyone feels valued

What Will You Do? 

Client-focused Security Manager (50% allocation):  
You'll serve as the dedicated Security Manager for a new strategic client contract, owning their defined Information Security requirements and ensuring world-class security governance across all managed services. You'll coordinate with the client’s security partner, lead incident response activities, and provide monthly security reporting to executive stakeholders. In addition, you’ll work closely with our internal teams to ensure all designs, projects, and services are delivered to agreed security standards. 

Fractional CxO Security Services (50% allocation):  
You'll deliver virtual CISO services across our client portfolio, conducting security strategy assessments, developing comprehensive security roadmaps, and providing executive-level security guidance. You'll lead complex engagements including security posture assessments, governance framework development, and digital transformation security initiatives. 

Requirements

Technical Skills:  

• Professional Security Certifications: CISSP, CISM, or equivalent senior security qualifications 

• Security Frameworks: Deep expertise in ISO27001, SOC 2, CE+, NIST, and other governance frameworks 

• Cloud Security: Advanced knowledge of Azure, Microsoft 365, and cloud security architecture 

• Risk Management: Proven experience developing risk management frameworks and compliance programs 

• Incident Response: Hands-on experience leading security incident response and forensic investigations 

• Enterprise Security: Understanding of managed security services, SIEM/SOC operations, and security tooling integration 

• Compliance: Knowledge of regulatory requirements, including PCI DSS and industry-specific standards 

Soft Skills:  

• Executive Communication: Outstanding written and verbal communication skills with the ability to present to board-level audiences 

• Strategic Thinking: Ability to translate business objectives into comprehensive security strategies 

• Consulting Excellence: Proven track record building client relationships and delivering complex security consulting engagements 

• Leadership: Experience mentoring teams and driving organizational change through security initiatives 

• Problem-Solving: Exceptional analytical skills to resolve complex security challenges across diverse environments 

• Continuous Learning: Commitment to staying current with evolving security threats, technologies, and best practices 

You must be willing to travel regularly to client sites and hold a full valid UK driving license. 

Nice to Have:  

• Advanced certifications such as SABSA, TOGAF, or CISSP 

• Background in hospitality, retail, or regulated industries 

• Project management certification (PMP, PRINCE2) 

• Experience with security automation and orchestration platforms 

• Knowledge of DevSecOps and secure software development lifecycles 

Benefits

Why Join Focus Group? 

At Focus Group, we're all about creating an environment where our security professionals can thrive and make a genuine impact on client organizations. Joining us means being part of a supportive, inclusive culture where we celebrate achievements, big and small. We value every individual's contribution and believe that together, we can help our clients build truly resilient security programs. 

If you're ready to take on a challenging and rewarding role that allows you to shape security strategy at the highest levels, we'd love to hear from you. Let's build something special together. 

Benefits: 

At Focus Group, you can be proud of what you do, how you do it and feel a true part of the team. We work hard to create an inclusive, collaborative, and rewarding environment where you are inspired to achieve brilliant things and make a real difference to the future of our business. 

We're proud to have built an outstanding place to work where people thrive and are recognised for their achievements. We're delighted to have been named one of the UK's Best 100 Companies to Work for 2021 and a British Private Equity & Venture Capital Association (BVCA) 2023 Vision Award Winner for London and the South East, recognising our commitment to culture and ESG. 

Information Security Analyst | Security+, Microsoft Purview, Defender | Global Trading Platform

• £60–70k base + 10% bonus
• Hybrid in Coventry with monthly travel to London
• Security certification support & career development built-in

Join a growing InfoSec team at the heart of a global financial institution’s expansion. As an Analyst, you’ll work hands-on with data governance, security tooling, and access management — helping to shape how a modern SME approaches cybersecurity. You’ll bring technical curiosity, the ability to interrogate data, and the confidence to advise IT teams on the practical steps that keep the business secure.

What you’ll bring:

• 3+ years’ experience in an InfoSec, IT security, or analyst role
• Security certifications: Security+ and ideally Microsoft security certifications (e.g. SC-200/SC-400)
• Experience with security tools (Microsoft Defender, web proxy, email security, CrowdStrike or equivalents)
• Knowledge of single sign-on and zero trust networks (beyond just segregation)
• Exposure to data management / governance tools (e.g. Microsoft Purview, or similar)
• Strong communicator: able to translate technical concepts into practical advice for IT and stakeholders

What you’ll be doing:

• Recertification of accounts : Pulling and interrogating data through bespoke platforms
• Security tooling : Working with Defender, web proxy, CrowdStrike-equivalent tools
• Data management : Supporting data labelling & retention projects using Purview or similar
• Governance support : Involved in data loss prevention, labelling, and stakeholder engagement (including DPO)
• Practical incident response input : Advising IT on immediate steps during incidents, converting theory into quick, actionable responses
• Ongoing InfoSec operations : Metrics, monitoring, and security projects across applications and users

Tech & tools you’ll use:

• Microsoft Purview – Data governance and policy enforcement
• Microsoft Defender – Endpoint & email protection
• CrowdStrike / equivalents – Endpoint detection & response
• Web proxy & email security tools
• Azure (beneficial) – IAM, monitoring, and security logging

Why this role?

• Be central to shaping data governance and security operations in a dynamic SME environment
• Hands-on exposure to a wide range of security tools and concepts (not siloed to audit work)
• Opportunity to advise and influence IT directly on practical security decisions
• Work alongside experienced InfoSec leadership who value mentoring and professional growth

If this sounds like something you would be interested in, please apply!

Information Security Analyst | Security+, Microsoft Purview, Defender | Global Trading Platform

Information Security Consultant - Virtual CISO (vCISO)

Up to £80,000 | Fully Remote (with occasional client travel)

My client is seeking an experienced cyber security professional to step into a Virtual CISO (vCISO) role, acting as a trusted advisor to a diverse portfolio of organisations. This is an opportunity to directly influence and shape cyber security strategies at board level while embedding yourself as a valued extension of your clients’ security teams.

Key Responsibilities

• Serve as a strategic security partner, helping clients to define, develop, and mature their cyber security roadmap.
• Build strong, long-term relationships with stakeholders and establish yourself as a core member of their security function.
• Take ownership of client-specific Security Improvement Plans, ensuring risks are reduced and resilience is increased.
• Lead governance and oversight activities, including risk reviews, board-level reporting, and mentoring client teams.
• Carry out security reviews across cloud, hybrid, and on-premises environments, identifying vulnerabilities and improvement areas.
• Work closely with SOC teams to review threat hunting outcomes and ensure remediation of poor practices.
• Provide guidance on compliance and frameworks such as ISO 27001, Cyber Assessment Framework (CAF), and Cyber Essentials.
• Contribute to incident readiness and response as part of the Cyber Security Incident Response Team (CSIRT).
• Actively contribute to the internal growth and knowledge-sharing within the wider team, suggesting improvements and supporting colleagues.
• Ensure compliance with internal security and governance standards.

About You:

• Proven experience as a CISO, vCISO, or senior cyber security advisor.
• Strong knowledge of security frameworks, governance, risk management, and compliance.
• Excellent communication and stakeholder engagement skills, with the ability to influence at board level.
• Hands-on experience with cloud and hybrid architectures, audits, and security assessments.
• Incident response and crisis management experience is a plus.
• Holding CISSP/CISM
• ISO27001 Lead implementer

What’s on Offer

• Salary up to £80,000
• Fully remote role with flexibility to travel to client sites when required
• Opportunity to work across varied industries, influencing security at the highest levels

If you’re looking for a role where you can combine strategic influence with hands-on expertise, and you thrive on building trusted client relationships, this could be your next career move.