Principal Cyber Security Incident Response Analyst 60,000 - 70,000 Full Time / Permanent West Midlands / Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network, endpoint, cloud environments, and threat intelligence feeds. Perform in-depth trend analysis to identify patterns and inform improvements in organisational controls and threat detection capabilities. Develop, maintain, and continuously improve documentation and reporting frameworks to support transparency, consistency, and strategic decision-making. Experience required: Previous experience in a similar Cyber Incident Response Analyst role, preferably in a senior or lead capacity. Strong experience in security monitoring across diverse systems and environments, including cloud and on-premises. Proven leadership in incident response within SOC settings. Deep understanding of the cyber threat landscape, attack vectors, and detection techniques. Proficient in cybersecurity tools, regulations, and compliance standards. Excellent communication and stakeholder engagement skills, with the ability to convey technical insights to varied audiences. Please apply via the link or contact (url removed) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Sep 06, 2025
Full time
Principal Cyber Security Incident Response Analyst 60,000 - 70,000 Full Time / Permanent West Midlands / Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network, endpoint, cloud environments, and threat intelligence feeds. Perform in-depth trend analysis to identify patterns and inform improvements in organisational controls and threat detection capabilities. Develop, maintain, and continuously improve documentation and reporting frameworks to support transparency, consistency, and strategic decision-making. Experience required: Previous experience in a similar Cyber Incident Response Analyst role, preferably in a senior or lead capacity. Strong experience in security monitoring across diverse systems and environments, including cloud and on-premises. Proven leadership in incident response within SOC settings. Deep understanding of the cyber threat landscape, attack vectors, and detection techniques. Proficient in cybersecurity tools, regulations, and compliance standards. Excellent communication and stakeholder engagement skills, with the ability to convey technical insights to varied audiences. Please apply via the link or contact (url removed) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Locations : London Atlanta Boston Who We Are Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact. To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures-and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive. What You'll Do The Global Platform Team Lead and Senior Director - IT Security is responsible for leading the design, delivery, and continuous evolution of BCG's security platforms across identity, device, and data protection domains. This role ensures end-to-end security engineering across all technology environments, including cloud, on-prem, and hybrid systems. The leader will drive strategic planning, execution, and operations of scalable, automated, and resilient security controls that protect BCG's global operations and users, while enabling innovation and agility across BCG Core, BCG X, and CT worldwide. This role is also accountable for embedding security within DevSecOps practices, enforcing automation at scale, and applying Site Reliability Engineering (SRE) principles across all security services. The role requires strong partnership with ISRM, with a focus on balancing and prioritizing security requirements, automation opportunities, user experience needs, and broader business outcomes. Key Responsibilities: Strategic Leadership & Transformation: Define and execute a unified security engineering strategy that addresses identity, endpoint, and data protection across all environments. Lead the design and implementation of scalable, automated security solutions that integrate seamlessly into enterprise platforms and user experiences. Establish a global security architecture and engineering roadmap focused on prevention, detection, and rapid response. Drive continuous improvement of security posture while aligning with business needs, regulatory requirements, and user experience expectations. Champion DevSecOps practices to embed security early into development and delivery workflows. Security Platform Engineering: Lead end-to-end engineering for identity and access management (IAM), including authentication, authorization, and privileged access controls. Oversee endpoint security architecture and enforcement, ensuring comprehensive coverage for threat detection, malware prevention, and device compliance. Build and operate scalable data protection solutions, including data loss prevention (DLP), secrets management, encryption, and classification. Integrate security controls into CI/CD pipelines, cloud-native services, and on-prem platforms to enforce security-by-design principles. Deliver security capabilities that support modern work scenarios, remote access, zero-trust networking, and AI/ML workloads. Leverage automation frameworks and IaC to improve scalability and reduce manual intervention. Operational Security, SRE & Assurance: Ensure security platforms are resilient, continuously monitored, and designed for 24x7 support and incident response readiness. Embed security telemetry and observability to enable proactive threat detection and automated response. Apply SRE principles to improve reliability, performance, and maintainability of security services. Lead platform health, patching automation, and vulnerability remediation workflows. Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Operationalize policy enforcement through automated controls and continuous compliance checks. Lead risk mitigation efforts with technical solutions that scale across diverse user and system profiles. Financial & Vendor Management: Manage security platform budgets and investments with a focus on cost optimization and long-term value. Evaluate and manage third-party vendors and partners, ensuring they meet technical, contractual, and security expectations. Lead procurement and renewal cycles in alignment with operational and architectural strategies. Leadership & Talent Development: Build and mentor a global team of security engineers, fostering a high-performance, collaborative, and forward-thinking culture. Drive internal knowledge sharing and upskilling programs across security architecture, automation, and secure software engineering. Collaborate cross-functionally with platform, product, and enterprise architecture teams to embed security early and often. What You'll Bring Required Qualifications: 10+ years of experience in cybersecurity, security engineering, or platform security roles. 5+ years in a senior leadership position with accountability for enterprise-scale security platforms. Deep expertise in IAM, endpoint security, and data protection technologies, with proven ability to design and scale global solutions. Experience with security engineering in hybrid and cloud-native environments (AWS, Azure, GCP). Proven track record in automating security controls, implementing zero-trust models, and supporting 24x7 security operations. Strong understanding of compliance frameworks and risk management strategies. Preferred Qualifications: Certifications such as CISSP, CCSP, CISM, AWS/Azure Security Specialty, or equivalent. Experience with tools like Okta, Azure AD, CrowdStrike, Tanium, Zscaler, Vault, and other modern security platforms. Familiarity with DevSecOps principles, Infrastructure as Code, and secure software development practices. Who You'll Work With Work Environment & Additional Information: Hybrid or on-site work model. Occasional travel may be required for business, vendor, or team engagement. Ability to operate in a fast-paced, complex environment, balancing long-term strategy with operational agility. Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws. BCG is an E - Verify Employer. Click here for more information on E-Verify.
Sep 05, 2025
Full time
Locations : London Atlanta Boston Who We Are Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact. To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures-and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive. What You'll Do The Global Platform Team Lead and Senior Director - IT Security is responsible for leading the design, delivery, and continuous evolution of BCG's security platforms across identity, device, and data protection domains. This role ensures end-to-end security engineering across all technology environments, including cloud, on-prem, and hybrid systems. The leader will drive strategic planning, execution, and operations of scalable, automated, and resilient security controls that protect BCG's global operations and users, while enabling innovation and agility across BCG Core, BCG X, and CT worldwide. This role is also accountable for embedding security within DevSecOps practices, enforcing automation at scale, and applying Site Reliability Engineering (SRE) principles across all security services. The role requires strong partnership with ISRM, with a focus on balancing and prioritizing security requirements, automation opportunities, user experience needs, and broader business outcomes. Key Responsibilities: Strategic Leadership & Transformation: Define and execute a unified security engineering strategy that addresses identity, endpoint, and data protection across all environments. Lead the design and implementation of scalable, automated security solutions that integrate seamlessly into enterprise platforms and user experiences. Establish a global security architecture and engineering roadmap focused on prevention, detection, and rapid response. Drive continuous improvement of security posture while aligning with business needs, regulatory requirements, and user experience expectations. Champion DevSecOps practices to embed security early into development and delivery workflows. Security Platform Engineering: Lead end-to-end engineering for identity and access management (IAM), including authentication, authorization, and privileged access controls. Oversee endpoint security architecture and enforcement, ensuring comprehensive coverage for threat detection, malware prevention, and device compliance. Build and operate scalable data protection solutions, including data loss prevention (DLP), secrets management, encryption, and classification. Integrate security controls into CI/CD pipelines, cloud-native services, and on-prem platforms to enforce security-by-design principles. Deliver security capabilities that support modern work scenarios, remote access, zero-trust networking, and AI/ML workloads. Leverage automation frameworks and IaC to improve scalability and reduce manual intervention. Operational Security, SRE & Assurance: Ensure security platforms are resilient, continuously monitored, and designed for 24x7 support and incident response readiness. Embed security telemetry and observability to enable proactive threat detection and automated response. Apply SRE principles to improve reliability, performance, and maintainability of security services. Lead platform health, patching automation, and vulnerability remediation workflows. Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Operationalize policy enforcement through automated controls and continuous compliance checks. Lead risk mitigation efforts with technical solutions that scale across diverse user and system profiles. Financial & Vendor Management: Manage security platform budgets and investments with a focus on cost optimization and long-term value. Evaluate and manage third-party vendors and partners, ensuring they meet technical, contractual, and security expectations. Lead procurement and renewal cycles in alignment with operational and architectural strategies. Leadership & Talent Development: Build and mentor a global team of security engineers, fostering a high-performance, collaborative, and forward-thinking culture. Drive internal knowledge sharing and upskilling programs across security architecture, automation, and secure software engineering. Collaborate cross-functionally with platform, product, and enterprise architecture teams to embed security early and often. What You'll Bring Required Qualifications: 10+ years of experience in cybersecurity, security engineering, or platform security roles. 5+ years in a senior leadership position with accountability for enterprise-scale security platforms. Deep expertise in IAM, endpoint security, and data protection technologies, with proven ability to design and scale global solutions. Experience with security engineering in hybrid and cloud-native environments (AWS, Azure, GCP). Proven track record in automating security controls, implementing zero-trust models, and supporting 24x7 security operations. Strong understanding of compliance frameworks and risk management strategies. Preferred Qualifications: Certifications such as CISSP, CCSP, CISM, AWS/Azure Security Specialty, or equivalent. Experience with tools like Okta, Azure AD, CrowdStrike, Tanium, Zscaler, Vault, and other modern security platforms. Familiarity with DevSecOps principles, Infrastructure as Code, and secure software development practices. Who You'll Work With Work Environment & Additional Information: Hybrid or on-site work model. Occasional travel may be required for business, vendor, or team engagement. Ability to operate in a fast-paced, complex environment, balancing long-term strategy with operational agility. Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws. BCG is an E - Verify Employer. Click here for more information on E-Verify.
Network Infrastructure Security Manager - HYBRID WORKING Position Summary: We are seeking an experienced Infrastructure/Security Manager to lead our IT operations and cybersecurity initiatives. The ideal candidate will have a strong technical background, with the ability to combine hands-on technical expertise with leadership capabilities. Responsible for driving company IT security, and stability of all IT systems and services. Key Responsibilities: Implement and enforce cybersecurity best practices (ISO 27001,CE+, CIS benchmarks), including endpoint protection, vulnerability scanning, penetration testing, and incident response planning. Ensure compliance with regulatory standards such as GDPR Ensure best security practice for Office 365, Exchange Online, and SharePoint administration. Administer Firewalls, VPNs, and endpoint security solutions, ensuring zero-trust security models. Lead security aspects of IT projects, network upgrades, and enterprise application deployments. Lead in deployment and management of backups, disaster recovery (DR) plans, and business continuity strategies. Evaluate, propose, and implement tools and automation solutions to streamline security related operations. Prepare detailed technical documentation for systems (both proposed and implemented), security processes, and user training. Technical Skills and Experience: 10+ years of hands-on IT infrastructure and security management. Long held experience of working within an enterprise scale organisation. Hand on experience of regular systems troubleshooting, patching, and updating. Must be skilled at investigating and remediating reported vulnerabilities, and a have proactive approach to solutions. Deep understanding of cybersecurity frameworks and tools (EDR, SIEM, MFA, PKI, DLP). Nessus VAPT reporting and remediation Strong expertise in: Microsoft technologies (Windows Server, Azure Active Directory) Virtualization platforms (VMware ESXi, Proxmox) Networking including Layer 2/3 switching, routing, VLANs, VPNs. Cloud environments (IBM Cloud,AWS, Azure) - deployments and architecture. Proficient in backup and disaster recovery technologies. Supporting end users Certifications (Preferred): Microsoft Certified Professional AWS Certified Solutions Architect - Associate/Professional VMware Certified Professional (VCP) Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Sep 05, 2025
Full time
Network Infrastructure Security Manager - HYBRID WORKING Position Summary: We are seeking an experienced Infrastructure/Security Manager to lead our IT operations and cybersecurity initiatives. The ideal candidate will have a strong technical background, with the ability to combine hands-on technical expertise with leadership capabilities. Responsible for driving company IT security, and stability of all IT systems and services. Key Responsibilities: Implement and enforce cybersecurity best practices (ISO 27001,CE+, CIS benchmarks), including endpoint protection, vulnerability scanning, penetration testing, and incident response planning. Ensure compliance with regulatory standards such as GDPR Ensure best security practice for Office 365, Exchange Online, and SharePoint administration. Administer Firewalls, VPNs, and endpoint security solutions, ensuring zero-trust security models. Lead security aspects of IT projects, network upgrades, and enterprise application deployments. Lead in deployment and management of backups, disaster recovery (DR) plans, and business continuity strategies. Evaluate, propose, and implement tools and automation solutions to streamline security related operations. Prepare detailed technical documentation for systems (both proposed and implemented), security processes, and user training. Technical Skills and Experience: 10+ years of hands-on IT infrastructure and security management. Long held experience of working within an enterprise scale organisation. Hand on experience of regular systems troubleshooting, patching, and updating. Must be skilled at investigating and remediating reported vulnerabilities, and a have proactive approach to solutions. Deep understanding of cybersecurity frameworks and tools (EDR, SIEM, MFA, PKI, DLP). Nessus VAPT reporting and remediation Strong expertise in: Microsoft technologies (Windows Server, Azure Active Directory) Virtualization platforms (VMware ESXi, Proxmox) Networking including Layer 2/3 switching, routing, VLANs, VPNs. Cloud environments (IBM Cloud,AWS, Azure) - deployments and architecture. Proficient in backup and disaster recovery technologies. Supporting end users Certifications (Preferred): Microsoft Certified Professional AWS Certified Solutions Architect - Associate/Professional VMware Certified Professional (VCP) Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Principal Cyber Security Incident Response Analyst £60,000 - £70,000 Full Time/Permanent West Midlands/Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network, endpoint, cloud environments, and threat intelligence feeds. Perform in-depth trend analysis to identify patterns and inform improvements in organisational controls and threat detection capabilities. Develop, maintain, and continuously improve documentation and reporting frameworks to support transparency, consistency, and strategic decision-making. Experience required: Previous experience in a similar Cyber Incident Response Analyst role, preferably in a senior or lead capacity. Strong experience in security monitoring across diverse systems and environments, including cloud and on-premises. Proven leadership in incident response within SOC settings. Deep understanding of the cyber threat landscape, attack vectors, and detection techniques. Proficient in cybersecurity tools, regulations, and compliance standards. Excellent communication and stakeholder engagement skills, with the ability to convey technical insights to varied audiences. Please apply via the link or contact (see below) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Sep 05, 2025
Full time
Principal Cyber Security Incident Response Analyst £60,000 - £70,000 Full Time/Permanent West Midlands/Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network, endpoint, cloud environments, and threat intelligence feeds. Perform in-depth trend analysis to identify patterns and inform improvements in organisational controls and threat detection capabilities. Develop, maintain, and continuously improve documentation and reporting frameworks to support transparency, consistency, and strategic decision-making. Experience required: Previous experience in a similar Cyber Incident Response Analyst role, preferably in a senior or lead capacity. Strong experience in security monitoring across diverse systems and environments, including cloud and on-premises. Proven leadership in incident response within SOC settings. Deep understanding of the cyber threat landscape, attack vectors, and detection techniques. Proficient in cybersecurity tools, regulations, and compliance standards. Excellent communication and stakeholder engagement skills, with the ability to convey technical insights to varied audiences. Please apply via the link or contact (see below) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Locations : London Atlanta Boston Who We Are Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact. To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures-and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive. What You'll Do The Global Platform Team Lead and Senior Director - IT Security is responsible for leading the design, delivery, and continuous evolution of BCG's security platforms across identity, device, and data protection domains. This role ensures end-to-end security engineering across all technology environments, including cloud, on-prem, and hybrid systems. The leader will drive strategic planning, execution, and operations of scalable, automated, and resilient security controls that protect BCG's global operations and users, while enabling innovation and agility across BCG Core, BCG X, and CT worldwide. This role is also accountable for embedding security within DevSecOps practices, enforcing automation at scale, and applying Site Reliability Engineering (SRE) principles across all security services. The role requires strong partnership with ISRM, with a focus on balancing and prioritizing security requirements, automation opportunities, user experience needs, and broader business outcomes. Key Responsibilities: Strategic Leadership & Transformation: Define and execute a unified security engineering strategy that addresses identity, endpoint, and data protection across all environments. Lead the design and implementation of scalable, automated security solutions that integrate seamlessly into enterprise platforms and user experiences. Establish a global security architecture and engineering roadmap focused on prevention, detection, and rapid response. Drive continuous improvement of security posture while aligning with business needs, regulatory requirements, and user experience expectations. Champion DevSecOps practices to embed security early into development and delivery workflows. Security Platform Engineering: Lead end-to-end engineering for identity and access management (IAM), including authentication, authorization, and privileged access controls. Oversee endpoint security architecture and enforcement, ensuring comprehensive coverage for threat detection, malware prevention, and device compliance. Build and operate scalable data protection solutions, including data loss prevention (DLP), secrets management, encryption, and classification. Integrate security controls into CI/CD pipelines, cloud-native services, and on-prem platforms to enforce security-by-design principles. Deliver security capabilities that support modern work scenarios, remote access, zero-trust networking, and AI/ML workloads. Leverage automation frameworks and IaC to improve scalability and reduce manual intervention. Operational Security, SRE & Assurance: Ensure security platforms are resilient, continuously monitored, and designed for 24x7 support and incident response readiness. Embed security telemetry and observability to enable proactive threat detection and automated response. Apply SRE principles to improve reliability, performance, and maintainability of security services. Lead platform health, patching automation, and vulnerability remediation workflows. Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Operationalize policy enforcement through automated controls and continuous compliance checks. Lead risk mitigation efforts with technical solutions that scale across diverse user and system profiles. Financial & Vendor Management: Manage security platform budgets and investments with a focus on cost optimization and long-term value. Evaluate and manage third-party vendors and partners, ensuring they meet technical, contractual, and security expectations. Lead procurement and renewal cycles in alignment with operational and architectural strategies. Leadership & Talent Development: Build and mentor a global team of security engineers, fostering a high-performance, collaborative, and forward-thinking culture. Drive internal knowledge sharing and upskilling programs across security architecture, automation, and secure software engineering. Collaborate cross-functionally with platform, product, and enterprise architecture teams to embed security early and often. What You'll Bring Required Qualifications: 10+ years of experience in cybersecurity, security engineering, or platform security roles. 5+ years in a senior leadership position with accountability for enterprise-scale security platforms. Deep expertise in IAM, endpoint security, and data protection technologies, with proven ability to design and scale global solutions. Experience with security engineering in hybrid and cloud-native environments (AWS, Azure, GCP). Proven track record in automating security controls, implementing zero-trust models, and supporting 24x7 security operations. Strong understanding of compliance frameworks and risk management strategies. Preferred Qualifications: Certifications such as CISSP, CCSP, CISM, AWS/Azure Security Specialty, or equivalent. Experience with tools like Okta, Azure AD, CrowdStrike, Tanium, Zscaler, Vault, and other modern security platforms. Familiarity with DevSecOps principles, Infrastructure as Code, and secure software development practices. Who You'll Work With Work Environment & Additional Information: Hybrid or on-site work model. Occasional travel may be required for business, vendor, or team engagement. Ability to operate in a fast-paced, complex environment, balancing long-term strategy with operational agility. Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws. BCG is an E - Verify Employer. Click here for more information on E-Verify.
Sep 05, 2025
Full time
Locations : London Atlanta Boston Who We Are Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact. To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures-and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive. What You'll Do The Global Platform Team Lead and Senior Director - IT Security is responsible for leading the design, delivery, and continuous evolution of BCG's security platforms across identity, device, and data protection domains. This role ensures end-to-end security engineering across all technology environments, including cloud, on-prem, and hybrid systems. The leader will drive strategic planning, execution, and operations of scalable, automated, and resilient security controls that protect BCG's global operations and users, while enabling innovation and agility across BCG Core, BCG X, and CT worldwide. This role is also accountable for embedding security within DevSecOps practices, enforcing automation at scale, and applying Site Reliability Engineering (SRE) principles across all security services. The role requires strong partnership with ISRM, with a focus on balancing and prioritizing security requirements, automation opportunities, user experience needs, and broader business outcomes. Key Responsibilities: Strategic Leadership & Transformation: Define and execute a unified security engineering strategy that addresses identity, endpoint, and data protection across all environments. Lead the design and implementation of scalable, automated security solutions that integrate seamlessly into enterprise platforms and user experiences. Establish a global security architecture and engineering roadmap focused on prevention, detection, and rapid response. Drive continuous improvement of security posture while aligning with business needs, regulatory requirements, and user experience expectations. Champion DevSecOps practices to embed security early into development and delivery workflows. Security Platform Engineering: Lead end-to-end engineering for identity and access management (IAM), including authentication, authorization, and privileged access controls. Oversee endpoint security architecture and enforcement, ensuring comprehensive coverage for threat detection, malware prevention, and device compliance. Build and operate scalable data protection solutions, including data loss prevention (DLP), secrets management, encryption, and classification. Integrate security controls into CI/CD pipelines, cloud-native services, and on-prem platforms to enforce security-by-design principles. Deliver security capabilities that support modern work scenarios, remote access, zero-trust networking, and AI/ML workloads. Leverage automation frameworks and IaC to improve scalability and reduce manual intervention. Operational Security, SRE & Assurance: Ensure security platforms are resilient, continuously monitored, and designed for 24x7 support and incident response readiness. Embed security telemetry and observability to enable proactive threat detection and automated response. Apply SRE principles to improve reliability, performance, and maintainability of security services. Lead platform health, patching automation, and vulnerability remediation workflows. Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services. Compliance, Governance & Risk Management: Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others. Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains. Operationalize policy enforcement through automated controls and continuous compliance checks. Lead risk mitigation efforts with technical solutions that scale across diverse user and system profiles. Financial & Vendor Management: Manage security platform budgets and investments with a focus on cost optimization and long-term value. Evaluate and manage third-party vendors and partners, ensuring they meet technical, contractual, and security expectations. Lead procurement and renewal cycles in alignment with operational and architectural strategies. Leadership & Talent Development: Build and mentor a global team of security engineers, fostering a high-performance, collaborative, and forward-thinking culture. Drive internal knowledge sharing and upskilling programs across security architecture, automation, and secure software engineering. Collaborate cross-functionally with platform, product, and enterprise architecture teams to embed security early and often. What You'll Bring Required Qualifications: 10+ years of experience in cybersecurity, security engineering, or platform security roles. 5+ years in a senior leadership position with accountability for enterprise-scale security platforms. Deep expertise in IAM, endpoint security, and data protection technologies, with proven ability to design and scale global solutions. Experience with security engineering in hybrid and cloud-native environments (AWS, Azure, GCP). Proven track record in automating security controls, implementing zero-trust models, and supporting 24x7 security operations. Strong understanding of compliance frameworks and risk management strategies. Preferred Qualifications: Certifications such as CISSP, CCSP, CISM, AWS/Azure Security Specialty, or equivalent. Experience with tools like Okta, Azure AD, CrowdStrike, Tanium, Zscaler, Vault, and other modern security platforms. Familiarity with DevSecOps principles, Infrastructure as Code, and secure software development practices. Who You'll Work With Work Environment & Additional Information: Hybrid or on-site work model. Occasional travel may be required for business, vendor, or team engagement. Ability to operate in a fast-paced, complex environment, balancing long-term strategy with operational agility. Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws. BCG is an E - Verify Employer. Click here for more information on E-Verify.
Cyber Security Lead Location : Knowsley, Liverpool (Hybrid, with occasional client visits Salary : £40k £50k + Performance Bonus up to 50% of salary+ Bupa Medical Employment Type : Full-time, Permanent About Curveball Solutions At Curveball Solutions, we re proud to be more than an IT provider we strive to become an extension of your business: a trusted partner. From our early days in 1998 as a mobile services start-up, we ve grown into a full-service MSP offering cloud, communications, cybersecurity, and IT support always with a tailored approach, unwavering reliability, and exceptional customer service at our core. Our values centre on customer-centricity, innovation, transparency, and trust. We actively prevent security risks and deliver solutions designed for each client s unique challenges never one size fits all . We re seeking a passionate Cyber Security Lead to shape, elevate, and deliver Curveball s cybersecurity offering. You ll be the cornerstone of our proactive protection and compliance framework driving strategy, policy, and client-focused solutions. Your Mission in a Nutshell : Build security strategy, negotiate with clients, drive policy and compliance, manage M365 security, run workshops, produce tender responses. Elevate our cyber posture across all MSP services and build strong relationships with our marketing, customer experience and service partners to enhance our proposition. In addition to this, as our Cyber Security Lead you will be responsible for: Serving as a trusted advisor to clients, running workshops and guiding warm-lead negotiations toward tailored security solutions. Developing and executing IT security strategies that align with evolving business objectives. Drafting, maintaining and implementing information security policies and Standard Operating Procedures (SOPs). Configuring and overseeing mobile security MDM (MAM/BYOD) to protect business continuity. Leading vulnerability assessments, penetration tests, firewall policy enforcement, and remediation efforts. Authoring compelling tender responses, clearly demonstrating technical capability and strategic value. Enhancing Microsoft 365 security leveraging Purview, Conditional Access, MFA to safeguard modern workplaces. Ensuring compliance with GDPR (DPA 2018), Cyber Essentials (Basic & Plus), and ISO 27001, supported by frameworks like NCSC and NIST. Operating around cybersecurity fundamentals: CIA (Confidentiality, Integrity, Availability), proactive threat prevention, and rapid incident response About You You re naturally aligned with MSP-style work, deeply familiar with security frameworks, and thrive at the intersection of strategy and execution. In addition to this, you must have experience in / exposure to: Background in MSP/MSSP environments. Proven history of facilitating workshops and supporting sales from warm leads through closure. Strong understanding of ITIL, CAB, and structured change management. Skilled in crafting and updating security policies, SOPs, and managing tender documentation. Hands-on expertise with MDM tools, penetration testing, and policy-based firewalls. Experience designing and delivering compliance aligned services across GDPR, Cyber Essentials, ISO 27001. Proficient in using Microsoft 365 security stack: Purview, Defender, Conditional Access, MFA. Fluent in cybersecurity frameworks (CIA, NCSC, NIST) and modern threat prevention approaches. Why Curveball Make a real impact: You ll lead the cybersecurity footprint across clients and services. True partnership: We treat clients like collaborators, not just transactions. Innovation-driven: We anticipate threats and empower businesses to stay ahead. Growth opportunity: Join a 25-year-strong, community-rooted MSP that s continuously expanding. Outstanding service culture: Backed by exceptional client satisfaction and real-world reviews. If you feel you have the necessary skills and experience to be successful in this role click on APPLY today! No agencies please.
Sep 05, 2025
Full time
Cyber Security Lead Location : Knowsley, Liverpool (Hybrid, with occasional client visits Salary : £40k £50k + Performance Bonus up to 50% of salary+ Bupa Medical Employment Type : Full-time, Permanent About Curveball Solutions At Curveball Solutions, we re proud to be more than an IT provider we strive to become an extension of your business: a trusted partner. From our early days in 1998 as a mobile services start-up, we ve grown into a full-service MSP offering cloud, communications, cybersecurity, and IT support always with a tailored approach, unwavering reliability, and exceptional customer service at our core. Our values centre on customer-centricity, innovation, transparency, and trust. We actively prevent security risks and deliver solutions designed for each client s unique challenges never one size fits all . We re seeking a passionate Cyber Security Lead to shape, elevate, and deliver Curveball s cybersecurity offering. You ll be the cornerstone of our proactive protection and compliance framework driving strategy, policy, and client-focused solutions. Your Mission in a Nutshell : Build security strategy, negotiate with clients, drive policy and compliance, manage M365 security, run workshops, produce tender responses. Elevate our cyber posture across all MSP services and build strong relationships with our marketing, customer experience and service partners to enhance our proposition. In addition to this, as our Cyber Security Lead you will be responsible for: Serving as a trusted advisor to clients, running workshops and guiding warm-lead negotiations toward tailored security solutions. Developing and executing IT security strategies that align with evolving business objectives. Drafting, maintaining and implementing information security policies and Standard Operating Procedures (SOPs). Configuring and overseeing mobile security MDM (MAM/BYOD) to protect business continuity. Leading vulnerability assessments, penetration tests, firewall policy enforcement, and remediation efforts. Authoring compelling tender responses, clearly demonstrating technical capability and strategic value. Enhancing Microsoft 365 security leveraging Purview, Conditional Access, MFA to safeguard modern workplaces. Ensuring compliance with GDPR (DPA 2018), Cyber Essentials (Basic & Plus), and ISO 27001, supported by frameworks like NCSC and NIST. Operating around cybersecurity fundamentals: CIA (Confidentiality, Integrity, Availability), proactive threat prevention, and rapid incident response About You You re naturally aligned with MSP-style work, deeply familiar with security frameworks, and thrive at the intersection of strategy and execution. In addition to this, you must have experience in / exposure to: Background in MSP/MSSP environments. Proven history of facilitating workshops and supporting sales from warm leads through closure. Strong understanding of ITIL, CAB, and structured change management. Skilled in crafting and updating security policies, SOPs, and managing tender documentation. Hands-on expertise with MDM tools, penetration testing, and policy-based firewalls. Experience designing and delivering compliance aligned services across GDPR, Cyber Essentials, ISO 27001. Proficient in using Microsoft 365 security stack: Purview, Defender, Conditional Access, MFA. Fluent in cybersecurity frameworks (CIA, NCSC, NIST) and modern threat prevention approaches. Why Curveball Make a real impact: You ll lead the cybersecurity footprint across clients and services. True partnership: We treat clients like collaborators, not just transactions. Innovation-driven: We anticipate threats and empower businesses to stay ahead. Growth opportunity: Join a 25-year-strong, community-rooted MSP that s continuously expanding. Outstanding service culture: Backed by exceptional client satisfaction and real-world reviews. If you feel you have the necessary skills and experience to be successful in this role click on APPLY today! No agencies please.
CTO Lead a Full-Stack Transformation Are you ready to lead the modernisation and AI-driven transformation of an entire technology ecosystem? My client, a high-growth UK business, is looking for an experienced and hands-on Head of IT to take full ownership of their technology evolution - from infrastructure to innovation, CRM performance to AI integration. This is a pivotal leadership role that combines technical depth, strategic oversight, and operational excellence. Based on-site in Manchester, you'll drive tangible change, scalability, and innovation across the organisation. Why This Role Matters: The company s in-house CRM is mission-critical handling everything from leads and payments to communications and workflow automation. With strong foundations in place (PHP 8+, MySQL 8, Redis, AWS), the next step is transformation: AI/ML-powered automation Cybersecurity hardening Platform integration and performance optimisation The successful candidate will help position the business for scale, operational efficiency, and a potential future exit. What You ll Be Doing: AI/Automation & CRM Modernisation Lead rollout of 30+ AI/ML features including voice AI, automation, and predictive tools Overhaul the legacy CRM s UI/UX into a modern, high-performance platform Cybersecurity & Risk Management Own enterprise cybersecurity strategy, audits, and incident response Design post-attack processes and lead quarterly vulnerability assessments Infrastructure & Performance Optimise PHP/MySQL stack for speed, uptime, and stability Resolve CRM bottlenecks and implement diagnostic monitoring tools Systems Integration & Data Strategy Integrate platforms like SpeechIQ and HR tools into a centralised data ecosystem Enable cross-platform data sharing to drive automation and insight Disaster Recovery & Continuity Design and implement a DRP, ensure reliable backups and test failover scenarios Leadership & Delivery Manage the IT, development, infrastructure, and AI functions Run agile projects, prioritise initiatives, and communicate clearly across teams What You ll Need to Succeed Proven leadership as Head of IT, CTO, or senior technical leader in tech-driven or scaling businesses Deep knowledge of: PHP 8+, MySQL 8, Apache 2.4, Redis AI/ML tools (speech/NLP, automation, prediction engines) Cloud infrastructure (preferably AWS) Cybersecurity best practices, disaster recovery, and penetration testing Demonstrated success in modernising platforms, leading performance turnarounds, and delivering new systems Strong communication skills for cross-functional collaboration and business alignment Success Will Be Measured By Delivery of AI roadmap and automation efficiency gains Noticeable improvement in platform speed, uptime, and stability Zero breaches or vulnerabilities post-security audits Seamless integration of tools into unified systems Successful implementation and testing of a disaster recovery plan Positive user feedback on platform improvements Interested? Please Click Apply Now! CTO Lead a Full-Stack Transformation
Sep 05, 2025
Full time
CTO Lead a Full-Stack Transformation Are you ready to lead the modernisation and AI-driven transformation of an entire technology ecosystem? My client, a high-growth UK business, is looking for an experienced and hands-on Head of IT to take full ownership of their technology evolution - from infrastructure to innovation, CRM performance to AI integration. This is a pivotal leadership role that combines technical depth, strategic oversight, and operational excellence. Based on-site in Manchester, you'll drive tangible change, scalability, and innovation across the organisation. Why This Role Matters: The company s in-house CRM is mission-critical handling everything from leads and payments to communications and workflow automation. With strong foundations in place (PHP 8+, MySQL 8, Redis, AWS), the next step is transformation: AI/ML-powered automation Cybersecurity hardening Platform integration and performance optimisation The successful candidate will help position the business for scale, operational efficiency, and a potential future exit. What You ll Be Doing: AI/Automation & CRM Modernisation Lead rollout of 30+ AI/ML features including voice AI, automation, and predictive tools Overhaul the legacy CRM s UI/UX into a modern, high-performance platform Cybersecurity & Risk Management Own enterprise cybersecurity strategy, audits, and incident response Design post-attack processes and lead quarterly vulnerability assessments Infrastructure & Performance Optimise PHP/MySQL stack for speed, uptime, and stability Resolve CRM bottlenecks and implement diagnostic monitoring tools Systems Integration & Data Strategy Integrate platforms like SpeechIQ and HR tools into a centralised data ecosystem Enable cross-platform data sharing to drive automation and insight Disaster Recovery & Continuity Design and implement a DRP, ensure reliable backups and test failover scenarios Leadership & Delivery Manage the IT, development, infrastructure, and AI functions Run agile projects, prioritise initiatives, and communicate clearly across teams What You ll Need to Succeed Proven leadership as Head of IT, CTO, or senior technical leader in tech-driven or scaling businesses Deep knowledge of: PHP 8+, MySQL 8, Apache 2.4, Redis AI/ML tools (speech/NLP, automation, prediction engines) Cloud infrastructure (preferably AWS) Cybersecurity best practices, disaster recovery, and penetration testing Demonstrated success in modernising platforms, leading performance turnarounds, and delivering new systems Strong communication skills for cross-functional collaboration and business alignment Success Will Be Measured By Delivery of AI roadmap and automation efficiency gains Noticeable improvement in platform speed, uptime, and stability Zero breaches or vulnerabilities post-security audits Seamless integration of tools into unified systems Successful implementation and testing of a disaster recovery plan Positive user feedback on platform improvements Interested? Please Click Apply Now! CTO Lead a Full-Stack Transformation
Cyber Security Manager Croydon, South London Hybrid working - 2 days per week in the office Cyber Security Manager needed for a leading organisation based in Croydon, who are looking to employ an experienced Cyber Security Manager with an in-depth knowledge of Cybersecurity frameworks, tools, and technologies, ISO27001 adoption, Incident management and Change management. This role involves the development and implementation of security strategies, policies, and procedures to protect against cybersecurity threats, as well as actively monitoring and responding to security incidents. Salary expectation: Salary: 70,000 per annum 25 day's annual holiday Pension Plan Flexible working Hybrid working - Office 2 days per week Some of the main duties of the Cyber Security Manager will include: Security Strategy & Implementation: Design, implement, and maintain comprehensive cybersecurity policies, procedures, and controls Threat Detection & Response: Continuously monitor the digital environment for potential vulnerabilities and security breaches Incident Management : Lead incident response activities, coordinating with IT teams to mitigate risks and minimise damage. Responsible for writing incident reports, gathering input across the technical and business teams to then share the report and project management of any improvement change actions Security Integration & System Management: Collaborate with IT and development teams to ensure security is embedded in all new and existing applications, systems, and network infrastructure Risk Management & Compliance: Ensure compliance with industry regulations and data protection laws (e.g. GDPR, PCI-DSS) Continuous Improvement: Stay informed of the latest cybersecurity threats, trends, and technologies, recommending and implementing improvements to enhance security defences Change Management: Establish and lead a Change Advisory Board (CAB) to assess and approve changes In order to be the successful Cyber Security Manager and have a chance to gain such an exciting opportunity you will ideally need to have experience in the following : In-depth knowledge of cybersecurity frameworks, tools, and technologies Strong understanding of networking protocols, cloud security, and secure software development principles Experience with incident response, risk management, and vulnerability assessment Familiarity with regulatory compliance and standards (e.g. GDPR, ISO 27001) Experience in an organisation running or being part of an ISO27001 adoption project Incident management & change Management Certifications such as a Certificate in Cyber Security Practices, BCS Professional Certifications, Certificate in Information Security Management Principles (CISMP) or a Government Security Cyber Apprenticeship ITIL certifications Proven experience in a cybersecurity role, with a track record of successfully managing security risks and incidents This really is a fantastic opportunity for a Cyber Security Manager to progress their career. If you are interested please apply as soon as possible as this position will be filled quickly so don't miss out! Services advertised by Gold Group are those of an Agency and/or an Employment Business. We will contact you within the next 14 days if you are selected for interview. For a copy of our privacy policy please visit our website.
Sep 05, 2025
Full time
Cyber Security Manager Croydon, South London Hybrid working - 2 days per week in the office Cyber Security Manager needed for a leading organisation based in Croydon, who are looking to employ an experienced Cyber Security Manager with an in-depth knowledge of Cybersecurity frameworks, tools, and technologies, ISO27001 adoption, Incident management and Change management. This role involves the development and implementation of security strategies, policies, and procedures to protect against cybersecurity threats, as well as actively monitoring and responding to security incidents. Salary expectation: Salary: 70,000 per annum 25 day's annual holiday Pension Plan Flexible working Hybrid working - Office 2 days per week Some of the main duties of the Cyber Security Manager will include: Security Strategy & Implementation: Design, implement, and maintain comprehensive cybersecurity policies, procedures, and controls Threat Detection & Response: Continuously monitor the digital environment for potential vulnerabilities and security breaches Incident Management : Lead incident response activities, coordinating with IT teams to mitigate risks and minimise damage. Responsible for writing incident reports, gathering input across the technical and business teams to then share the report and project management of any improvement change actions Security Integration & System Management: Collaborate with IT and development teams to ensure security is embedded in all new and existing applications, systems, and network infrastructure Risk Management & Compliance: Ensure compliance with industry regulations and data protection laws (e.g. GDPR, PCI-DSS) Continuous Improvement: Stay informed of the latest cybersecurity threats, trends, and technologies, recommending and implementing improvements to enhance security defences Change Management: Establish and lead a Change Advisory Board (CAB) to assess and approve changes In order to be the successful Cyber Security Manager and have a chance to gain such an exciting opportunity you will ideally need to have experience in the following : In-depth knowledge of cybersecurity frameworks, tools, and technologies Strong understanding of networking protocols, cloud security, and secure software development principles Experience with incident response, risk management, and vulnerability assessment Familiarity with regulatory compliance and standards (e.g. GDPR, ISO 27001) Experience in an organisation running or being part of an ISO27001 adoption project Incident management & change Management Certifications such as a Certificate in Cyber Security Practices, BCS Professional Certifications, Certificate in Information Security Management Principles (CISMP) or a Government Security Cyber Apprenticeship ITIL certifications Proven experience in a cybersecurity role, with a track record of successfully managing security risks and incidents This really is a fantastic opportunity for a Cyber Security Manager to progress their career. If you are interested please apply as soon as possible as this position will be filled quickly so don't miss out! Services advertised by Gold Group are those of an Agency and/or an Employment Business. We will contact you within the next 14 days if you are selected for interview. For a copy of our privacy policy please visit our website.
This permanent role is pivotal in developing, implementing, and managing cybersecurity strategies to protect critical national infrastructure systems, ensuring compliance with key regulatory requirements. Key Responsibilities: Lead the design, implementation, and upkeep of the OT Cybersecurity Management System and policies to OG86 and IEC(phone number removed)-1 compliance. Conduct risk assessments and threat modeling for OT environments in accordance with IEC(phone number removed)-2. Manage NIS compliance for OT Networks and produce the NIS annual report. Collaborate withOT Engineers to manage security controls for ICS, SCADA, and other OT systems. Oversee incident response and recovery procedures for OT-related cyber events reported by 24/7 OT SOC. Develop and deliver OT cybersecurity awareness and training programs. Monitor and report on OT cybersecurity posture and KPIs to senior leadership. Represent OT Cybersecurity in the Refinery change control process. Job Requirements: A bachelor's degree in Cybersecurity, Computer Science, Engineering, or a related discipline. Relevant certifications such as GICSP, CISSP, CISM, or ISA/IEC 62443 are preferred. Significant experience working in cybersecurity or operational technology (OT) environments within critical national infrastructure (CNI) sectors such as power, oil & gas, transportation. Strong understanding of industrial control systems (ICS) and communication protocols such as Modbus, OPC, and DNP3. Proven experience with OT network architecture, including network segmentation, firewalls, and secure remote access. Practical knowledge of key regulatory and compliance frameworks, including COMAH, NIS, HSE OG86, and ISO/IEC 62443. Key Competencies: Strategic thinking and leadership Strong communication and stakeholder engagement Analytical and problem-solving skills Ability to work under pressure in high-risk environments Ability to manage OT Cybersecurity projects Collaborative mindset across multidisciplinary teams Desirable Experience: Experience in oil & gas, energy, utilities, or manufacturing sectors. Hands-on experience with OT security tools (e.g., Claroty, Dragos). Participation in cyber incident simulations or red/blue team exercises.
Sep 05, 2025
Full time
This permanent role is pivotal in developing, implementing, and managing cybersecurity strategies to protect critical national infrastructure systems, ensuring compliance with key regulatory requirements. Key Responsibilities: Lead the design, implementation, and upkeep of the OT Cybersecurity Management System and policies to OG86 and IEC(phone number removed)-1 compliance. Conduct risk assessments and threat modeling for OT environments in accordance with IEC(phone number removed)-2. Manage NIS compliance for OT Networks and produce the NIS annual report. Collaborate withOT Engineers to manage security controls for ICS, SCADA, and other OT systems. Oversee incident response and recovery procedures for OT-related cyber events reported by 24/7 OT SOC. Develop and deliver OT cybersecurity awareness and training programs. Monitor and report on OT cybersecurity posture and KPIs to senior leadership. Represent OT Cybersecurity in the Refinery change control process. Job Requirements: A bachelor's degree in Cybersecurity, Computer Science, Engineering, or a related discipline. Relevant certifications such as GICSP, CISSP, CISM, or ISA/IEC 62443 are preferred. Significant experience working in cybersecurity or operational technology (OT) environments within critical national infrastructure (CNI) sectors such as power, oil & gas, transportation. Strong understanding of industrial control systems (ICS) and communication protocols such as Modbus, OPC, and DNP3. Proven experience with OT network architecture, including network segmentation, firewalls, and secure remote access. Practical knowledge of key regulatory and compliance frameworks, including COMAH, NIS, HSE OG86, and ISO/IEC 62443. Key Competencies: Strategic thinking and leadership Strong communication and stakeholder engagement Analytical and problem-solving skills Ability to work under pressure in high-risk environments Ability to manage OT Cybersecurity projects Collaborative mindset across multidisciplinary teams Desirable Experience: Experience in oil & gas, energy, utilities, or manufacturing sectors. Hands-on experience with OT security tools (e.g., Claroty, Dragos). Participation in cyber incident simulations or red/blue team exercises.
Cyber Incident Response Lead 60,000 - 70,000 + bonus + extensive benefits Full Time / Permanent Hybrid / West Midlands - 1 day a week in the office The Role and Company: I am looking for a driven Cyber Incident Response Lead to join a large nationally recognised brand head quartered in the West Midlands. As the Cyber Incident Response Lead you will be responsible for protection of system assets and people from Cyber Security threats. You will work as part of a world class Cyber Security Incident Response Team ensuring that the business is prepared to respond in a coordinated manner to any Cyber Security incidents the organisation may face. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1 day a week on average. Key Responsibilities: Lead and mentor a small but growing team of Incident Responders. Lead the coordination of incident response efforts related to Cyber Security incidents. Plan and deliver incident readiness activities such as exercises. Facilitate and manage relationships with required stakeholders. Lead in-depth post incident reviews to understand root cause and identify improvement opportunities. Work with the appropriate stakeholders to ensure all improvement opportunities identified during incident response are remediated accordingly. Own Incident Response documentation ensuring its regularly reviewed and updated where required. Prepare and deliver incident reports to required stakeholders. Experience required: Proven experience coordinating complex Cyber Security Incident Response in an enterprise organisation. Extensive experience leading post incident review and root cause analysis efforts. Experience leading a small team is preferred but are open to developing the right person looking to move into leadership. Experience implementing ITIL best practices within an enterprise organisation is preferred. Please apply via the link or contact (url removed) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Sep 05, 2025
Full time
Cyber Incident Response Lead 60,000 - 70,000 + bonus + extensive benefits Full Time / Permanent Hybrid / West Midlands - 1 day a week in the office The Role and Company: I am looking for a driven Cyber Incident Response Lead to join a large nationally recognised brand head quartered in the West Midlands. As the Cyber Incident Response Lead you will be responsible for protection of system assets and people from Cyber Security threats. You will work as part of a world class Cyber Security Incident Response Team ensuring that the business is prepared to respond in a coordinated manner to any Cyber Security incidents the organisation may face. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1 day a week on average. Key Responsibilities: Lead and mentor a small but growing team of Incident Responders. Lead the coordination of incident response efforts related to Cyber Security incidents. Plan and deliver incident readiness activities such as exercises. Facilitate and manage relationships with required stakeholders. Lead in-depth post incident reviews to understand root cause and identify improvement opportunities. Work with the appropriate stakeholders to ensure all improvement opportunities identified during incident response are remediated accordingly. Own Incident Response documentation ensuring its regularly reviewed and updated where required. Prepare and deliver incident reports to required stakeholders. Experience required: Proven experience coordinating complex Cyber Security Incident Response in an enterprise organisation. Extensive experience leading post incident review and root cause analysis efforts. Experience leading a small team is preferred but are open to developing the right person looking to move into leadership. Experience implementing ITIL best practices within an enterprise organisation is preferred. Please apply via the link or contact (url removed) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
IT Security Analyst Stevenage (Hybrid - 3 to 4 days on-site per week) £38,000 - £42,000 + Benefits Osiris Recruitment is working with a leading, member-focused organisation to find an IT Security Analyst to join their growing IT function. This is an excellent opportunity for a technically capable security professional to work in a collaborative environment where security is taken seriously and investment is ongoing. The Role As IT Security Analyst, you'll play a key role in protecting systems, data, and users from cyber threats. You'll work closely with infrastructure and support teams to monitor vulnerabilities, respond to incidents, and continuously improve the organisation's security posture. This is a hands-on role with scope to influence tools, processes, and training across the business. Key Responsibilities Monitor, triage, and remediate security vulnerabilities across infrastructure and applications. Manage and optimise security tools including endpoint protection, email security, and SOC services. Respond to security alerts and incidents, ensuring timely resolution and clear documentation. Develop and maintain security playbooks and incident response procedures. Work with IT teams and third parties to embed security best practice into projects and daily operations. Support security awareness initiatives to improve cyber hygiene across the organisation. Skills & Experience Experience in IT security or infrastructure roles with exposure to vulnerability management and incident response. Working knowledge of common attack vectors such as phishing, ransomware, and lateral movement. Familiarity with security tools such as SIEM, vulnerability scanners, endpoint protection, and patch management. Understanding of frameworks and standards such as NIST CSF, CIS Controls, Cyber Essentials, or ISO 27001. Strong communication skills and ability to work with technical and non-technical stakeholders. What's on Offer Salary of £38,000 - £42,000 per annum. Hybrid working: 3 days in the Stevenage office each week. Well-structured two-stage interview process: Experience, skills, and role fit interview with the hiring team. Technical interview including scenario-based security questions and a short presentation/discussion. Please note: this role does not offer visa sponsorship. If you're a proactive security professional looking for a role where you can make an impact, apply now to be considered.
Sep 05, 2025
Full time
IT Security Analyst Stevenage (Hybrid - 3 to 4 days on-site per week) £38,000 - £42,000 + Benefits Osiris Recruitment is working with a leading, member-focused organisation to find an IT Security Analyst to join their growing IT function. This is an excellent opportunity for a technically capable security professional to work in a collaborative environment where security is taken seriously and investment is ongoing. The Role As IT Security Analyst, you'll play a key role in protecting systems, data, and users from cyber threats. You'll work closely with infrastructure and support teams to monitor vulnerabilities, respond to incidents, and continuously improve the organisation's security posture. This is a hands-on role with scope to influence tools, processes, and training across the business. Key Responsibilities Monitor, triage, and remediate security vulnerabilities across infrastructure and applications. Manage and optimise security tools including endpoint protection, email security, and SOC services. Respond to security alerts and incidents, ensuring timely resolution and clear documentation. Develop and maintain security playbooks and incident response procedures. Work with IT teams and third parties to embed security best practice into projects and daily operations. Support security awareness initiatives to improve cyber hygiene across the organisation. Skills & Experience Experience in IT security or infrastructure roles with exposure to vulnerability management and incident response. Working knowledge of common attack vectors such as phishing, ransomware, and lateral movement. Familiarity with security tools such as SIEM, vulnerability scanners, endpoint protection, and patch management. Understanding of frameworks and standards such as NIST CSF, CIS Controls, Cyber Essentials, or ISO 27001. Strong communication skills and ability to work with technical and non-technical stakeholders. What's on Offer Salary of £38,000 - £42,000 per annum. Hybrid working: 3 days in the Stevenage office each week. Well-structured two-stage interview process: Experience, skills, and role fit interview with the hiring team. Technical interview including scenario-based security questions and a short presentation/discussion. Please note: this role does not offer visa sponsorship. If you're a proactive security professional looking for a role where you can make an impact, apply now to be considered.
Role: Cyber Security Engineer Location: Leeds, West Yorkshire Salary: £55,000 - £70,000 PLUS 25 Days Holiday, Vendor Certifications, International Travel, Private Pension About the Company: Our client, a global leader in Sustainability Consulting, is looking for a Cyber Security Engineer to join their growing Information Security Team. This exciting role provides an opportunity to shape and strengthen security practices across the organization. If you are passionate about cybersecurity, have a strong technical background, and thrive in a fast-paced environment, we want to hear from you. Position Overview: As a Cyber Security Engineer, you will collaborate with the IT Security Team to advise, develop, and maintain security processes and policies. Your expertise will guide the organization in enhancing security capabilities across its global infrastructure. This role offers a chance to make a real impact by ensuring the integrity and resilience of the company s IT environment against evolving cyber threats. Key Responsibilities: Support incident management and security response efforts, providing expertise to address and resolve security incidents quickly and effectively. Perform regular security checks, including daily, weekly, and monthly monitoring of systems and resolving any identified vulnerabilities. Assist with compliance checks, ensure security standards are adhered to, and investigate exceptions to ensure adherence to policies. Contribute to the development and enhancement of security policies, processes, and procedures to maintain robust security across all systems. Identify and evaluate security risks, providing proactive solutions to strengthen the organization s security posture. Participate in testing and improving disaster recovery (DR) plans to ensure system resilience and continuity in the event of an attack or failure. Essential Skills & Experience: At least 2 years of hands-on experience in information security or IT infrastructure within an enterprise environment. Familiarity with security standards such as ISO 27001, Cyber Essentials, GDPR, and Data Protection Act. Experience with Microsoft O365 Security solutions and network security operations. Understanding of security testing principles, including vulnerability scanning, risk identification, and mitigation. Knowledge of security auditing and security incident response processes. Experience with event and log analysis to monitor and assess security risks. Solid understanding of Disaster Recovery (DR) and Business Continuity principles. Excellent communication skills, with the ability to explain complex security concepts to non-technical stakeholders in a clear, accessible manner. How to Apply: If you're an experienced Cyber Security Engineer looking to make an impact in a global organisation, apply now.
Sep 04, 2025
Full time
Role: Cyber Security Engineer Location: Leeds, West Yorkshire Salary: £55,000 - £70,000 PLUS 25 Days Holiday, Vendor Certifications, International Travel, Private Pension About the Company: Our client, a global leader in Sustainability Consulting, is looking for a Cyber Security Engineer to join their growing Information Security Team. This exciting role provides an opportunity to shape and strengthen security practices across the organization. If you are passionate about cybersecurity, have a strong technical background, and thrive in a fast-paced environment, we want to hear from you. Position Overview: As a Cyber Security Engineer, you will collaborate with the IT Security Team to advise, develop, and maintain security processes and policies. Your expertise will guide the organization in enhancing security capabilities across its global infrastructure. This role offers a chance to make a real impact by ensuring the integrity and resilience of the company s IT environment against evolving cyber threats. Key Responsibilities: Support incident management and security response efforts, providing expertise to address and resolve security incidents quickly and effectively. Perform regular security checks, including daily, weekly, and monthly monitoring of systems and resolving any identified vulnerabilities. Assist with compliance checks, ensure security standards are adhered to, and investigate exceptions to ensure adherence to policies. Contribute to the development and enhancement of security policies, processes, and procedures to maintain robust security across all systems. Identify and evaluate security risks, providing proactive solutions to strengthen the organization s security posture. Participate in testing and improving disaster recovery (DR) plans to ensure system resilience and continuity in the event of an attack or failure. Essential Skills & Experience: At least 2 years of hands-on experience in information security or IT infrastructure within an enterprise environment. Familiarity with security standards such as ISO 27001, Cyber Essentials, GDPR, and Data Protection Act. Experience with Microsoft O365 Security solutions and network security operations. Understanding of security testing principles, including vulnerability scanning, risk identification, and mitigation. Knowledge of security auditing and security incident response processes. Experience with event and log analysis to monitor and assess security risks. Solid understanding of Disaster Recovery (DR) and Business Continuity principles. Excellent communication skills, with the ability to explain complex security concepts to non-technical stakeholders in a clear, accessible manner. How to Apply: If you're an experienced Cyber Security Engineer looking to make an impact in a global organisation, apply now.
NET Recruit are partnering with a consumer goods business to recruit an IT & E-Commerce Operations Manager in Andover. Your Role: While in this position your duties may include but will not be limited to: Managing company hardware inventory and lifecycle (laptops, desktops, mobile devices), while leading procurement and vendor management for hardware and software sourcing and renewals Overseeing employee IT support and acting as the primary liaison with external providers, coordinating activities, monitoring SLAs and contract performance, and managing IT onboarding/offboarding to ensure secure access and device deployment Ensuring systems security and compliance with company policies, contracts, and renewals, while maintaining documentation of systems access, architecture, policies, and procedures, and overseeing GDPR and policy compliance across all platforms Acting as a second-line responder for internal IT queries, troubleshooting escalated issues effectively Supporting IT budgeting, forecasting, and cost tracking to maintain financial control and transparency Participating in cybersecurity strategy and incident response planning, while contributing to disaster recovery and business continuity initiatives Overseeing company e-commerce platforms by managing product listings, pricing, and inventory accuracy, ensuring smooth integration of new applications, and administering domains, renewals, and IP strategy Informing and managing web development roadmaps with internal teams and agencies, ensuring security, access, and business continuity, while implementing health checks to safeguard against system failure during peak periods Assisting in the planning, execution, and implementation of infrastructure projects, providing IT input and support to cross-functional teams Proposing new platforms and IT solutions to enhance efficiency and performance, while driving process optimisation through automation tools and AI-enabled solutions Overseeing development roadmaps for new platforms and leading project management to deliver successful end-to-end systems integration You MUST Have: Please apply ONLY if you meet the following criteria: At least 3 years of experience within an IT administration focussed role, with exposure to leadership positions (a project management qualification would be advantageous) Hands-on experience with e-commerce operations , online retail or digital trading Excellent IT skills and knowledge, including Microsoft 365 (such as licence management) and a sound understanding of digital and IT infrastructure ( networks, servers etc) and e-commerce platforms The above knowledge should be underpinned by a strong technical aptitude for IT systems, cybersecurity (including key principles), cloud technologies, AI and IT systems , as well as CRM and ERP systems and ideally compliance knowledge ( GDPR/ISO ) Good analytical abilities, as well as an organised and detail-oriented approach Strong communication skills Your Opportunity: This is a business that has operated within the consumer goods sector for over a decade and now partners with large scale clients, to deliver excellent customer service and delivery to a large and constantly growing consumer base. This role will be closely supporting the operations and IT functions within the business to maintain and develop the hardware and e-commerce platforms used by the business, to enable a strong potential for growth in the coming years. This company are offering a starting salary up to around £45,000 which will also accompany a peripheral package that will include a good holiday allocation and pension, as well as plenty of other rewards and incentives. There will also be excellent opportunities for development and progression too, with full support provided by the wider team and management to work towards goals. The company have also said this role can be worked in a hybrid capacity, with 2 days per week in the office.If this fantastic opportunity appeals to you then please don't hesitate to contact: Phoebe Jones - Recruitment Partner M: E:
Sep 04, 2025
Full time
NET Recruit are partnering with a consumer goods business to recruit an IT & E-Commerce Operations Manager in Andover. Your Role: While in this position your duties may include but will not be limited to: Managing company hardware inventory and lifecycle (laptops, desktops, mobile devices), while leading procurement and vendor management for hardware and software sourcing and renewals Overseeing employee IT support and acting as the primary liaison with external providers, coordinating activities, monitoring SLAs and contract performance, and managing IT onboarding/offboarding to ensure secure access and device deployment Ensuring systems security and compliance with company policies, contracts, and renewals, while maintaining documentation of systems access, architecture, policies, and procedures, and overseeing GDPR and policy compliance across all platforms Acting as a second-line responder for internal IT queries, troubleshooting escalated issues effectively Supporting IT budgeting, forecasting, and cost tracking to maintain financial control and transparency Participating in cybersecurity strategy and incident response planning, while contributing to disaster recovery and business continuity initiatives Overseeing company e-commerce platforms by managing product listings, pricing, and inventory accuracy, ensuring smooth integration of new applications, and administering domains, renewals, and IP strategy Informing and managing web development roadmaps with internal teams and agencies, ensuring security, access, and business continuity, while implementing health checks to safeguard against system failure during peak periods Assisting in the planning, execution, and implementation of infrastructure projects, providing IT input and support to cross-functional teams Proposing new platforms and IT solutions to enhance efficiency and performance, while driving process optimisation through automation tools and AI-enabled solutions Overseeing development roadmaps for new platforms and leading project management to deliver successful end-to-end systems integration You MUST Have: Please apply ONLY if you meet the following criteria: At least 3 years of experience within an IT administration focussed role, with exposure to leadership positions (a project management qualification would be advantageous) Hands-on experience with e-commerce operations , online retail or digital trading Excellent IT skills and knowledge, including Microsoft 365 (such as licence management) and a sound understanding of digital and IT infrastructure ( networks, servers etc) and e-commerce platforms The above knowledge should be underpinned by a strong technical aptitude for IT systems, cybersecurity (including key principles), cloud technologies, AI and IT systems , as well as CRM and ERP systems and ideally compliance knowledge ( GDPR/ISO ) Good analytical abilities, as well as an organised and detail-oriented approach Strong communication skills Your Opportunity: This is a business that has operated within the consumer goods sector for over a decade and now partners with large scale clients, to deliver excellent customer service and delivery to a large and constantly growing consumer base. This role will be closely supporting the operations and IT functions within the business to maintain and develop the hardware and e-commerce platforms used by the business, to enable a strong potential for growth in the coming years. This company are offering a starting salary up to around £45,000 which will also accompany a peripheral package that will include a good holiday allocation and pension, as well as plenty of other rewards and incentives. There will also be excellent opportunities for development and progression too, with full support provided by the wider team and management to work towards goals. The company have also said this role can be worked in a hybrid capacity, with 2 days per week in the office.If this fantastic opportunity appeals to you then please don't hesitate to contact: Phoebe Jones - Recruitment Partner M: E:
Our client, a leading entity in the Defence & Security sector, is looking for a highly skilled Cyber Security Engineer to join their team on a contractual basis. This role is essential for maintaining and enhancing IT cyber security across various projects, with a specific focus on MoD SbD/risk management and Operational Technology (OT). Key Responsibilities: Implementing and managing cyber security policies and procedures in line with MoD SbD principles Conducting risk assessments and ensuring compliance with OT security standards, including ISO 62443 Providing security guidance and support across various projects, ensuring alignment with industry best practices Collaborating with stakeholders to enhance security measures and address vulnerabilities Maintaining up-to-date knowledge of cyber threats and implementing proactive measures to mitigate risks Part-time onsite presence at AWE Aldermaston (1-2 days per week) with potential for reduced onsite requirements as the role progresses Preparing detailed reports and documentation on security measures and incident responses Job Requirements: Proficiency in IT cyber security practices and methodologies In-depth understanding of MoD SbD/risk management and OT security Experience with ISO 62443 standards Strong analytical and problem-solving skills Excellent communication and stakeholder management abilities Flexibility to work onsite at AWE Aldermaston as needed Relevant certifications in cyber security are favourable Benefits: Opportunity to work on high-impact projects in the Defence & Security sector Exposure to cutting-edge cyber security practices and protocols Potential for contract extension beyond the initial 2-year term Collaborative and dynamic work environment If you are a skilled Cyber Security Engineer with expertise in MoD SbD and OT security principles, and are looking for a challenging contract role, we encourage you to apply now. Join our client in making a significant impact in the realm of Defence & Security.
Sep 04, 2025
Contractor
Our client, a leading entity in the Defence & Security sector, is looking for a highly skilled Cyber Security Engineer to join their team on a contractual basis. This role is essential for maintaining and enhancing IT cyber security across various projects, with a specific focus on MoD SbD/risk management and Operational Technology (OT). Key Responsibilities: Implementing and managing cyber security policies and procedures in line with MoD SbD principles Conducting risk assessments and ensuring compliance with OT security standards, including ISO 62443 Providing security guidance and support across various projects, ensuring alignment with industry best practices Collaborating with stakeholders to enhance security measures and address vulnerabilities Maintaining up-to-date knowledge of cyber threats and implementing proactive measures to mitigate risks Part-time onsite presence at AWE Aldermaston (1-2 days per week) with potential for reduced onsite requirements as the role progresses Preparing detailed reports and documentation on security measures and incident responses Job Requirements: Proficiency in IT cyber security practices and methodologies In-depth understanding of MoD SbD/risk management and OT security Experience with ISO 62443 standards Strong analytical and problem-solving skills Excellent communication and stakeholder management abilities Flexibility to work onsite at AWE Aldermaston as needed Relevant certifications in cyber security are favourable Benefits: Opportunity to work on high-impact projects in the Defence & Security sector Exposure to cutting-edge cyber security practices and protocols Potential for contract extension beyond the initial 2-year term Collaborative and dynamic work environment If you are a skilled Cyber Security Engineer with expertise in MoD SbD and OT security principles, and are looking for a challenging contract role, we encourage you to apply now. Join our client in making a significant impact in the realm of Defence & Security.
Incident Response Analyst Permanent - 52k - 57k + strong benefits Location: Hybrid - South Wales Your new company I am looking to recruit an Incident Response Analyst to join a leader in the utilities space. The business have been investing in their cyber security and IT estate and are continuing to grow and enhance their security posture. The company has a strong reputation, and we have placed numerous people into careers there, with strong feedback. Your new role This is an interesting opportunity to help deliver strategy which will enhance the organisation's security resilience, proactively contributing to mitigating threats, at a good time when the company is expanding and investing in its IT and cyber security estate. Working alongside the SOC, the primary responsibility of an incident responder is to rapidly investigate and document cybersecurity incidents within the organisation. Key parts of the role: Monitor and analyse network traffic, system logs, and other data sources to identify potential security incidents. Investigate alerts and suspicious activity to determine if an incident has occurred. Contain affected systems and networks to prevent the incident from spreading. Implement temporary measures to mitigate the impact of the incident. Work with other teams, such as IT and security operations, to develop and implement a containment strategy. Analyse incident data to determine the root cause of the incident and identify recommendations for improvement. Document and report incidents to the incident response team and other relevant stakeholders. Stay informed about emerging cyber threats and vulnerabilities. What you'll need to succeed Experience in a similar role, ideally around CNI and OT, with exposure to cyber plans. Proven experience operating in a SOC or a related cyber security role. In-depth knowledge of cyber threats, threat intelligence frameworks and cyber security best practice. Strong analytical and problem-solving skills. Ability to work independently and as part of a team. Excellent communication and interpersonal skills. Ability to obtain UK Security Clearance What you'll get in return Salary of between 52k- 57k Hybrid working 2/3 days in South Wales per week Possible bonus 5% pension contribution from you, the company pays 10% Enhanced pay for parental leave And more! What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Sep 04, 2025
Full time
Incident Response Analyst Permanent - 52k - 57k + strong benefits Location: Hybrid - South Wales Your new company I am looking to recruit an Incident Response Analyst to join a leader in the utilities space. The business have been investing in their cyber security and IT estate and are continuing to grow and enhance their security posture. The company has a strong reputation, and we have placed numerous people into careers there, with strong feedback. Your new role This is an interesting opportunity to help deliver strategy which will enhance the organisation's security resilience, proactively contributing to mitigating threats, at a good time when the company is expanding and investing in its IT and cyber security estate. Working alongside the SOC, the primary responsibility of an incident responder is to rapidly investigate and document cybersecurity incidents within the organisation. Key parts of the role: Monitor and analyse network traffic, system logs, and other data sources to identify potential security incidents. Investigate alerts and suspicious activity to determine if an incident has occurred. Contain affected systems and networks to prevent the incident from spreading. Implement temporary measures to mitigate the impact of the incident. Work with other teams, such as IT and security operations, to develop and implement a containment strategy. Analyse incident data to determine the root cause of the incident and identify recommendations for improvement. Document and report incidents to the incident response team and other relevant stakeholders. Stay informed about emerging cyber threats and vulnerabilities. What you'll need to succeed Experience in a similar role, ideally around CNI and OT, with exposure to cyber plans. Proven experience operating in a SOC or a related cyber security role. In-depth knowledge of cyber threats, threat intelligence frameworks and cyber security best practice. Strong analytical and problem-solving skills. Ability to work independently and as part of a team. Excellent communication and interpersonal skills. Ability to obtain UK Security Clearance What you'll get in return Salary of between 52k- 57k Hybrid working 2/3 days in South Wales per week Possible bonus 5% pension contribution from you, the company pays 10% Enhanced pay for parental leave And more! What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Cyber Security - Secure by Design Consultant (Contract) London 680 per day 6-month initial contract (with strong potential to go permanent) Deerfoot Recruitment is working with a leading financial services organisation to recruit a Secure by Design Consultant to join their IT Risk, Security & Control function in London. This is a 6-month contract paying 680 per day (Inside IR35) , with a high likelihood of converting to a permanent role. The successful candidate will play a key role in delivering secure-by-design assessments across technology projects, ensuring compliance with IT security policies and industry standards. You will work closely with senior stakeholders, providing assurance on cybersecurity controls, identifying risks, and recommending actions to strengthen the organisation's security posture. Key responsibilities include: Conducting IT security assessments across infrastructure, cloud, applications, and service operations projects. Reviewing and testing security controls to ensure operating effectiveness. Documenting risks, gaps, and recommendations for remediation. Supporting project teams to embed security requirements from the outset. Engaging with senior stakeholders and providing clear, actionable reporting. Skills & experience sought: Strong background in IT Security, Cyber Assurance, or IT Audit. Hands-on knowledge across areas such as governance, IAM, threat management, vulnerability management, and incident response. Good understanding of security frameworks (e.g. ISO27001, NIST, PCI-DSS, SOX). Experience engaging with senior stakeholders within complex environments. Relevant certifications (CISSP, CISM, CISA, CRISC) desirable. This is an exciting opportunity to join a high-performing cyber security team within a global financial services organisation, with genuine long-term career potential. Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate 1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd acts as an Employment Business in relation to this vacancy.
Sep 04, 2025
Contractor
Cyber Security - Secure by Design Consultant (Contract) London 680 per day 6-month initial contract (with strong potential to go permanent) Deerfoot Recruitment is working with a leading financial services organisation to recruit a Secure by Design Consultant to join their IT Risk, Security & Control function in London. This is a 6-month contract paying 680 per day (Inside IR35) , with a high likelihood of converting to a permanent role. The successful candidate will play a key role in delivering secure-by-design assessments across technology projects, ensuring compliance with IT security policies and industry standards. You will work closely with senior stakeholders, providing assurance on cybersecurity controls, identifying risks, and recommending actions to strengthen the organisation's security posture. Key responsibilities include: Conducting IT security assessments across infrastructure, cloud, applications, and service operations projects. Reviewing and testing security controls to ensure operating effectiveness. Documenting risks, gaps, and recommendations for remediation. Supporting project teams to embed security requirements from the outset. Engaging with senior stakeholders and providing clear, actionable reporting. Skills & experience sought: Strong background in IT Security, Cyber Assurance, or IT Audit. Hands-on knowledge across areas such as governance, IAM, threat management, vulnerability management, and incident response. Good understanding of security frameworks (e.g. ISO27001, NIST, PCI-DSS, SOX). Experience engaging with senior stakeholders within complex environments. Relevant certifications (CISSP, CISM, CISA, CRISC) desirable. This is an exciting opportunity to join a high-performing cyber security team within a global financial services organisation, with genuine long-term career potential. Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate 1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd acts as an Employment Business in relation to this vacancy.
Head of IT Security Incident and Threat Management - Solihull Crimson and IMI have joined forces to build IMI's new security team, and we are looking for talented individuals to join us on this exciting journey. If you are passionate about IT security and want to be part of a dynamic team that is shaping the future of security within a successful global company, we want to hear from you! We are seeking a highly skilled and experienced Head of IT Security Incident and Threat Management to join our team. In this role, you will be responsible for leading the strategic efforts to safeguard the company's digital assets against potential threats and incidents. This role requires a seasoned professional with a deep understanding of cybersecurity, incident response an threat management within a FTSE 100 environment. The salary on offer for this position is between 90,000 and 110,000 per annum plus benefits. Please note this role is based on site for the first 3 months followed by a hybrid working arrangement. Key Responsibilities Develop and implement comprehensive incident response strategies to address security threats swiftly and effectively Lead the threat and intelligence program, ensuring timely detection and mitigation of cyber risks. Ensure compliance with relevant security standards and regulations. Conduct regular security assessments and audits to identify vulnerabilities and enhance defences. Provide day-to-day leadership and support to three direct reports, helping to develop their skills and ensure consistent delivery. Enable the growth of individuals through effective performance management. Stay current with industry trends and emerging threats, adapting strategies accordingly. Represent the company at industry events and conferences, promoting our commitment to cybersecurity excellence. Interface to SOC (external supplier) - make sure they are proactively taking action and when we see new and emerging threats recommendations are made to enhance our security posture. Critical Skills for Success Bachelor's or Master's degree in Cybersecurity, Information Technology, or a related field. Extensive experience in incident response, threat management, and cybersecurity within a large organization. Proven track record of leading and managing IT security teams. Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Ability to work in a dynamic and fast-paced environment. Willingness to travel occasionally to company locations and industry events. Interested?! Send your up-to-date CV to Claire Ingram at Crimson for review Not interested?! Do you know anyone that might be? Refer a friend for this role to earn 250 worth of vouchers.
Sep 03, 2025
Full time
Head of IT Security Incident and Threat Management - Solihull Crimson and IMI have joined forces to build IMI's new security team, and we are looking for talented individuals to join us on this exciting journey. If you are passionate about IT security and want to be part of a dynamic team that is shaping the future of security within a successful global company, we want to hear from you! We are seeking a highly skilled and experienced Head of IT Security Incident and Threat Management to join our team. In this role, you will be responsible for leading the strategic efforts to safeguard the company's digital assets against potential threats and incidents. This role requires a seasoned professional with a deep understanding of cybersecurity, incident response an threat management within a FTSE 100 environment. The salary on offer for this position is between 90,000 and 110,000 per annum plus benefits. Please note this role is based on site for the first 3 months followed by a hybrid working arrangement. Key Responsibilities Develop and implement comprehensive incident response strategies to address security threats swiftly and effectively Lead the threat and intelligence program, ensuring timely detection and mitigation of cyber risks. Ensure compliance with relevant security standards and regulations. Conduct regular security assessments and audits to identify vulnerabilities and enhance defences. Provide day-to-day leadership and support to three direct reports, helping to develop their skills and ensure consistent delivery. Enable the growth of individuals through effective performance management. Stay current with industry trends and emerging threats, adapting strategies accordingly. Represent the company at industry events and conferences, promoting our commitment to cybersecurity excellence. Interface to SOC (external supplier) - make sure they are proactively taking action and when we see new and emerging threats recommendations are made to enhance our security posture. Critical Skills for Success Bachelor's or Master's degree in Cybersecurity, Information Technology, or a related field. Extensive experience in incident response, threat management, and cybersecurity within a large organization. Proven track record of leading and managing IT security teams. Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Ability to work in a dynamic and fast-paced environment. Willingness to travel occasionally to company locations and industry events. Interested?! Send your up-to-date CV to Claire Ingram at Crimson for review Not interested?! Do you know anyone that might be? Refer a friend for this role to earn 250 worth of vouchers.
Opus Recruitment Solutions
Gloucester, Gloucestershire
Im looking for an experienced SIEM Engineer for my client who is a consultancy is required for a contract role focused on the design, configuration, and assurance of SIEM and SOC platforms. The successful candidate will support the development of protective monitoring capabilities and contribute to the effectiveness of security operations. Inside IR35 - 450 to 550 P/D Key Responsibilities: Configure and maintain a managed SIEM platform with appropriate data sources. Develop and refine alerting rules to support SOC analysts in identifying events of interest. Assure SIEM services operated by partners and ensure seamless integration with internal systems. Collaborate with security operations leads to shape the tactical roadmap for SIEM products and services. Work with IT teams to optimise logging and ensure sufficient event data for detection. Align SIEM use cases with frameworks such as MITRE ATT&CK to demonstrate coverage. Required Skills and Experience: Proven experience designing and configuring SIEM platforms. Strong skills in log collection, analysis, and alerting rule development. Familiarity with integrating EDR, IPS, Firewalls, and audit systems with SIEM/SOC. Understanding of incident response processes and supporting toolsets. Knowledge of the NIST Cybersecurity Framework. Ability to communicate technical insights to both technical and non-technical stakeholders. Comfortable working in a fast-paced environment with multiple priorities. Security Clearance: Candidates must hold or be eligible to obtain Security Check (SC) clearance.
Sep 03, 2025
Contractor
Im looking for an experienced SIEM Engineer for my client who is a consultancy is required for a contract role focused on the design, configuration, and assurance of SIEM and SOC platforms. The successful candidate will support the development of protective monitoring capabilities and contribute to the effectiveness of security operations. Inside IR35 - 450 to 550 P/D Key Responsibilities: Configure and maintain a managed SIEM platform with appropriate data sources. Develop and refine alerting rules to support SOC analysts in identifying events of interest. Assure SIEM services operated by partners and ensure seamless integration with internal systems. Collaborate with security operations leads to shape the tactical roadmap for SIEM products and services. Work with IT teams to optimise logging and ensure sufficient event data for detection. Align SIEM use cases with frameworks such as MITRE ATT&CK to demonstrate coverage. Required Skills and Experience: Proven experience designing and configuring SIEM platforms. Strong skills in log collection, analysis, and alerting rule development. Familiarity with integrating EDR, IPS, Firewalls, and audit systems with SIEM/SOC. Understanding of incident response processes and supporting toolsets. Knowledge of the NIST Cybersecurity Framework. Ability to communicate technical insights to both technical and non-technical stakeholders. Comfortable working in a fast-paced environment with multiple priorities. Security Clearance: Candidates must hold or be eligible to obtain Security Check (SC) clearance.
Cyber and Information Security Lead Bath 75,000 - 85,000 Our client is looking for an ambitious Cyber and Information Security Lead to join their growing SaaS Business. They are seeking a conscientious, personable, and knowledgeable leader, ideally with commercial experience in the public sector. You may already be operating at the CISO level in a small company or have ambitions to reach the next level in your career. Key Responsibilities: Strategy and Compliance: Design and implement a comprehensive security strategy and roadmap, ensuring our security posture meets the requirements of the NHS Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus, ISO 27001:2022, and other relevant frameworks. Risk Management: Lead the information security risk management program, including the identification, assessment, mitigation, and monitoring of risks across all systems and operations. Policy and Governance: Support and oversee the creation and enforcement of security policies, standards, and procedures. Incident Response: Develop, implement, and manage the security incident response plan. Leadership: Provide strong leadership and mentorship to the governance, risk, and compliance team. Essential Requirements: Extensive security leadership: Proven experience (10+ years) in a senior information security role, with significant experience in a CISO or equivalent position within a software development or health technology environment UK health sector experience: In-depth knowledge and practical experience with UK healthcare security standards and regulations, including demonstrable expertise with the NHS Data Security and Protection Toolkit (DSPT), Digital Technology Assessment Criteria (DTAC) and NCSC CAF. ISO 27001:2022 implementation & maintenance: Hands-on experience with the successful implementation, certification, and ongoing maintenance of an ISO 27001 Information Security Management System (ISMS), ideally to the 2022 standard. Security architecture & Secure by Design: Strong understanding and experience of secure software development lifecycles (SDLC) and embedding security by design into product development processes, along with secure system architecture principles. Risk management: Demonstrated expertise in developing, implementing, and managing information security risk management frameworks, including risk assessment methodologies (eg OCTAVE, FAIR). Incident response: Proven track record in developing, leading, and managing security incident response plans, including experience with major incident handling and communication with regulatory bodies (eg NCSC, ICO, NHS England). Policy & governance: Extensive experience in developing, implementing, and enforcing comprehensive information security policies, standards, and procedures. Regulatory compliance: Solid understanding of UK and EU data protection laws (eg GDPR, Data Protection Act 2018), NIS Directive, and their practical application within a health tech context. Stakeholder management: Excellent communication, influencing, and negotiation skills with the ability to articulate complex security concepts to technical and non-technical stakeholders, including senior leadership, product teams, and external partners. Team leadership & mentoring: Proven ability to lead, mentor, and develop a high-performing governance, risk, and compliance (GRC) team. Vulnerability management: Experience scoping, overseeing and interpreting the results of vulnerability scanning, penetration testing, and security audits. Please apply for more details
Sep 03, 2025
Full time
Cyber and Information Security Lead Bath 75,000 - 85,000 Our client is looking for an ambitious Cyber and Information Security Lead to join their growing SaaS Business. They are seeking a conscientious, personable, and knowledgeable leader, ideally with commercial experience in the public sector. You may already be operating at the CISO level in a small company or have ambitions to reach the next level in your career. Key Responsibilities: Strategy and Compliance: Design and implement a comprehensive security strategy and roadmap, ensuring our security posture meets the requirements of the NHS Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus, ISO 27001:2022, and other relevant frameworks. Risk Management: Lead the information security risk management program, including the identification, assessment, mitigation, and monitoring of risks across all systems and operations. Policy and Governance: Support and oversee the creation and enforcement of security policies, standards, and procedures. Incident Response: Develop, implement, and manage the security incident response plan. Leadership: Provide strong leadership and mentorship to the governance, risk, and compliance team. Essential Requirements: Extensive security leadership: Proven experience (10+ years) in a senior information security role, with significant experience in a CISO or equivalent position within a software development or health technology environment UK health sector experience: In-depth knowledge and practical experience with UK healthcare security standards and regulations, including demonstrable expertise with the NHS Data Security and Protection Toolkit (DSPT), Digital Technology Assessment Criteria (DTAC) and NCSC CAF. ISO 27001:2022 implementation & maintenance: Hands-on experience with the successful implementation, certification, and ongoing maintenance of an ISO 27001 Information Security Management System (ISMS), ideally to the 2022 standard. Security architecture & Secure by Design: Strong understanding and experience of secure software development lifecycles (SDLC) and embedding security by design into product development processes, along with secure system architecture principles. Risk management: Demonstrated expertise in developing, implementing, and managing information security risk management frameworks, including risk assessment methodologies (eg OCTAVE, FAIR). Incident response: Proven track record in developing, leading, and managing security incident response plans, including experience with major incident handling and communication with regulatory bodies (eg NCSC, ICO, NHS England). Policy & governance: Extensive experience in developing, implementing, and enforcing comprehensive information security policies, standards, and procedures. Regulatory compliance: Solid understanding of UK and EU data protection laws (eg GDPR, Data Protection Act 2018), NIS Directive, and their practical application within a health tech context. Stakeholder management: Excellent communication, influencing, and negotiation skills with the ability to articulate complex security concepts to technical and non-technical stakeholders, including senior leadership, product teams, and external partners. Team leadership & mentoring: Proven ability to lead, mentor, and develop a high-performing governance, risk, and compliance (GRC) team. Vulnerability management: Experience scoping, overseeing and interpreting the results of vulnerability scanning, penetration testing, and security audits. Please apply for more details
Lead Incident Response Specialist Salary - £110,000 + Discretionary Bonus (Depending on Experience) Hybrid working - x2 days per week in office (London based) Spencer Rose are currently partnered with a leading Financial Services organisation who are currently on the lookout for a Lead Incident Response Specialist on a Full time basis. Within this role, the Lead Incident Response Specialist will be responsible for proactively investigating and responding to security incidents that have been escalated from the SOC. The Lead Incident Response Specialist will have the following responsibilities - Develop and refine incident response standard operating procedures and playbooks Operate and maintain controls related to SIEM, DLP, Vulnerability Management, Cyber Threat Intelligence, Endpoint Protection To ensure incident response efforts and documentation comply with industry standards and best practices like GDPR, SOC, NIST & ISO The LeadIncident Response Specialist will need to have the following skills/experience - 5+ years experience working within Incident Response or similar Previous experience operating and maintaining IT security controls related to SIEM, DLP, Vulnerability Management and Cyber Threat Intelligence Must have practical commercial experience of IT Security analysis and engineering experience including securing systems, networks and infrastructure; operational support Previous working within either Financial Services, Banking or Insurance
Sep 03, 2025
Full time
Lead Incident Response Specialist Salary - £110,000 + Discretionary Bonus (Depending on Experience) Hybrid working - x2 days per week in office (London based) Spencer Rose are currently partnered with a leading Financial Services organisation who are currently on the lookout for a Lead Incident Response Specialist on a Full time basis. Within this role, the Lead Incident Response Specialist will be responsible for proactively investigating and responding to security incidents that have been escalated from the SOC. The Lead Incident Response Specialist will have the following responsibilities - Develop and refine incident response standard operating procedures and playbooks Operate and maintain controls related to SIEM, DLP, Vulnerability Management, Cyber Threat Intelligence, Endpoint Protection To ensure incident response efforts and documentation comply with industry standards and best practices like GDPR, SOC, NIST & ISO The LeadIncident Response Specialist will need to have the following skills/experience - 5+ years experience working within Incident Response or similar Previous experience operating and maintaining IT security controls related to SIEM, DLP, Vulnerability Management and Cyber Threat Intelligence Must have practical commercial experience of IT Security analysis and engineering experience including securing systems, networks and infrastructure; operational support Previous working within either Financial Services, Banking or Insurance
