31 jobs found

Third Party Risk Manager - Cyber (Supplier Assurance Technical Focus) Location Fully Remote (UK-based) Duration - 3 Months but likely to run until October 2026 About the Role At Tesco Insurance and Money Services, we're looking for a technology focused Third Party Risk Manager to help us secure our third-party and supplier ecosystem. This is a hands-on cyber security assurance role, not focused on data protection or operational resilience. You'll assess and challenge the technical security controls of around 80 suppliers, including cloud providers, SaaS platforms, and managed service partners. You'll play a key role in ensuring suppliers meet our cyber security standards, ISO 27001 requirements, and broader technical security expectations. What You'll Be Doing Own and manage cyber security assurance across 80 third-party suppliers Carry out technical security assessments of cloud, SaaS, and infrastructure providers Review supplier controls including: Cloud security Identity & access management Network security Application security Assess supplier evidence such as penetration tests, SOC reports, and ISO 27001 audits Lead ISO 27001-aligned supplier audits with a focus on technical control effectiveness Identify, track, and drive closure of supplier security risks Work closely with Cyber Security Engineering and Technology teams Provide clear, risk-based reporting on supplier security posture What We're Looking For Essential Experience Strong background in cyber security, infrastructure security, cloud security, or security engineering Proven experience in Third Party Risk Management (TPRM) or supplier assurance Experience performing technical security assessments of suppliers or systems Strong understanding of: Cloud security (AWS / Azure / GCP) IAM, network, and application security Hands-on experience with ISO 27001 audits and technical control assessment Ability to review and challenge security evidence (e.g. pen tests, SOC reports) Experience working in complex environments with multiple suppliers (50-100+) Desirable ISO 27001 Lead Auditor certification CISSP, CISM, CRISC or similar Background in security engineering, cloud security, or infrastructure security Financial services or regulated environment experience What You'll Bring A strong technical mindset and attention to detail Confidence challenging suppliers on security design and controls Ability to translate technical risk into clear outcomes Strong communication with both engineers and senior stakeholders Ownership of your supplier portfolio in a remote environment Candidates will ideally show evidence of the above in their CV to be considered. Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.

Information Security Manager Permanent - 60k - 65k + strong benefits Location: Hybrid - Salisbury Your new company: I am looking for an Information Security Manager to join a great defence organisation based in Wiltshire. You'll be walking into a strong position, being that there's already a good setup in place with ongoing upgrades and transformation across the business, especially within IT. The role responsibilities: Own and manage the Information Security requirements and compliance obligations. Develop, maintain and deliver the Information Security strategy, plans, policies, processes and best practices. Act as subject-matter expert for all Information Security matters, engaging with internal and external stakeholders (including SIRO, MoD security representatives and accreditors). Ensure compliance with Security Operating Procedures (SyOps) across all environments, escalating non-compliance where appropriate. Manage and maintain appropriate Information Security controls and tooling. Define Information Security awareness and training requirements, working with Learning & Development to ensure suitable content and completion. Line manage and develop the IT Security Officer, providing guidance, coaching and performance support. You will need: Strong demonstrable experience of IT and cyber governance, compliance, risk, and security within enterprise IT environments. Strong, in-depth understanding of information and cyber security. Proven experience defining and delivering Information Security best practice. Experience leading Information Security initiatives, including awareness programmes, training and phishing simulations. Good technical understanding of information security, including network architecture, SDLC, penetration testing, DLP tools, patching and vulnerability management. Working knowledge of National Cyber Security Centre (NCSC) guidance and best practice. Understanding of data governance, cyber security and data protection principles. Experience working with security audits and assurance activities. Strong Microsoft Office skills. Full UK driving licence Desirable: At least one of the following, ideally 2 - CISM / CISA / CIPT / ISO27001 Lead Auditor Experience working in a MoD restricted environment and knowledge of MoD security standards. Familiarity with the NIST/ CSM V4 framework. What you'll get in return: Salary of between 60k- 65k 25 days annual leave + bank holidays - additional gained with service Hybrid working 2 days just outside of Salisbury per week, ideally Up to 8% employer pension contribution And more! Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)

Information Security Analyst - Audit & Compliance We're working with a global leader in CX and workforce management solutions to find a certified Security Auditor. This is a fantastic opportunity to join a company that's setting the highest standards in cybersecurity and security compliance. You'll play a key role in ensuring compliance with leading security frameworks, preparing for and conducting audits, and contributing to security operations. You'll be joining a collaborative, ambitious team where there are genuine long-term career prospects and endless opportunities to develop. The Role Lead and conduct internal audits across ISO 27001, GDPR, DORA, Cyber Essentials & more. Prepare teams for external audits and manage the audit process end-to-end. Monitor changes in compliance frameworks and maintain alignment. Support the Cyber Security Operations Centre (CSOC) in incident monitoring and response. Develop and maintain policies, procedures, and security documentation. Collaborate with IT & Security teams to identify and remediate vulnerabilities. What We're Looking For Strong knowledge of audit & compliance frameworks (ISO 27001, Cyber Essentials, GDPR, DORA). Experience with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions. Hands-on experience with internal/external audits and compliance assessments. Relevant security/audit certifications (CISA, CISM, CISSP, ISO 27001 Lead Auditor, Cyber Essentials Assessor, or equivalent). Eligible for UK Security Clearance. What's In It For You? Salary approx 90,000 + Bonus, Pension, Healthcare, Flexi-Working and much more. Hybrid working (2 days in the London office). Excellent long-term career growth with a global organisation. Work alongside some of the best minds in the industry. This is a unique chance to be part of a company that's innovating in cybersecurity and compliance at a global scale. Hit apply to upload your CV Spectrum IT Recruitment (South) Limited is acting as an Employment Agency in relation to this vacancy.

Principal Security Consultant - Defence & National Security Hybrid / Remote with client travel Up to 80,000 + Bonus + Excellent Benefits SC or DV Clearance Required A growing cyber security consultancy delivering high-impact work across Defence, Government and National Security is looking to hire a Principal Security Consultant to join its expanding consulting team. This is a senior, client-facing role suited to an experienced cyber and information assurance professional who can lead complex GRC and security assurance engagements while acting as a trusted advisor to stakeholders across the Defence sector. You'll work across a varied portfolio of programmes, supporting clients with governance, risk and compliance activities aligned to frameworks and standards including ISO 27001, NIST, CAF, Secure by Design, JSP440 and JSP604. The environment is fast-moving, collaborative and highly consultative. Beyond delivery, you'll also contribute to pre-sales activity, support bids and tenders, and help shape the continued growth of the practice. We're particularly interested in consultants who are highly certified, commercially aware and genuinely passionate about cyber security. Candidates with Security Assurance Co-ordinator (SAC) or Delivery Team Security Lead experience within MOD environments will be especially well suited. Key Experience: Security assurance and accreditation within Defence environments JSP440 / JSP604 ISO 27001, NIST, CAF and Secure by Design Cyber risk assessments and gap analysis Working across cloud, SaaS and traditional infrastructure Stakeholder engagement and consultancy delivery MOD Security Assurance Co-ordinator experience Desirable Certifications: CISSP CISM CRISC ISO 27001 Lead Implementer / Lead Auditor Chartered Cyber Security Professional status In return, you'll join a highly respected consultancy with a strong reputation in the Defence sector, a genuine investment in training and certifications, and the opportunity to work alongside some exceptionally strong cyber professionals. If you receive suspicious outreach claiming to be from us, please contact us via the ManpowerGroup website.

National Audit Office Chief Digital and Information Officer (CDIO) Remuneration: £165,000 - £185,000 plus civil service pension and benefits Location: Central London (minimum two days on site) Closing date: Monday 8 June 2026 The National Audit Office (NAO) is the UK's independent public spending watchdog. We support Parliament in holding government to account and we help improve public services through our high quality audits. Through this work, we provide Parliament, government and the public with trusted assurance, authoritative insight and practical recommendations that support transparency, accountability and better outcomes for citizens. In 2024 we identified financial impacts totalling £5.3 billion. As governments today face an era of unprecedented complexity, striving to provide modern and affordable public services that meet the needs and expectations of today's society, our ability to operate with impact has never been more important. The appointment of our first Executive level CDIO is an exciting development that will be central to the delivery of our strategy, which places digital at the heart of our mission. Reporting to the Comptroller & Auditor General and regularly liaising with the Board, you will set a compelling vision for digital, data, AI and technology innovation at the NAO. You will drive strategy and deliver excellence as a highly visible and active member of the Executive Team. Working in partnership with the executive leads for audit you will catalyse change and provide challenge and insight to enable us to continuously evolve our use of technology in audit delivery to strengthen quality, insight, efficiency and resilience. Success in doing so will result in the provision of user centred, interoperable platforms, products and services, underpinned by modern engineering practices, a robust information and cyber security stance and strong governance. We are seeking an exceptional leader with the credibility and track record to lead digital, data, AI and technology innovation at scale in a complex, data-rich setting. With breadth of expertise across modern digital and engineering disciplines, including architecture, cyber security, data and AI, you will be an inspiring, inclusive leader, able to build high performing teams, elicit strong performance from partners, and influence confidently at Board and executive level. Strategic, resilient and politically astute, you will combine intellectual rigour with pragmatism, challenge constructively when needed, and operate with integrity, humility and strong commitment to public service values and the NAO's mission. This is a rare opportunity to help elevate the capabilities of the NAO at a pivotal moment in its evolution. We invite you to play a leading role in shaping how digital, data and AI drive public sector impact. To apply or for a confidential discussion , please contact our recruitment partners GatenbySanderson via or email Russell Brandon at Equality, Diversity, and Inclusion Our commitment to equality, diversity and inclusion is central to who we are as an organisation and how we deliver our work. We are committed to building a workforce that reflects the diversity of the communities we serve and to creating an inclusive environment where everyone feels valued, supported and able to contribute fully. We recognise that diversity of thought, skills and experience strengthens our work and supports better outcomes. We therefore welcome applications from candidates from all backgrounds and particularly encourage applications from groups that are currently underrepresented at senior levels. We are committed to fair and inclusive recruitment processes and will work with candidates to ensure they are able to demonstrate their skills and experience at every stage. Reasonable Adjustments and Guaranteed Interview Scheme We are committed to ensuring our recruitment process is inclusive and accessible to all. If you require any reasonable adjustments at any stage of the recruitment process, please let us know and we will work with you to provide appropriate support. The NAO operates a Guaranteed Interview Scheme (GIS) for candidates who meet the essential criteria for the role and who identify as disabled. Where criteria are met, candidates will be progressed in line with the scheme. Further information about reasonable adjustments and the Guaranteed Interview Scheme is available on request.

Cyber Security Auditor Hybrid - Home Based / Client Site Travel 55,000 - 65,000 + Bonus + Excellent Benefits We're supporting a growing cyber security consultancy delivering assurance and compliance services across the UK Defence and Public Sector landscape. Due to continued demand, they are looking to hire experienced Cyber Security Auditors to join their permanent consulting team. This is a fantastic opportunity for someone with a strong background in cyber assurance, compliance, governance or risk who enjoys working closely with customers to improve security posture across critical environments. The role will involve delivering audits and assessments against frameworks including NCSC CAF, Defence Cyber Certification (DCC) and Go Assure, helping organisations meet regulatory and operational cyber security requirements. Key responsibilities: Planning and conducting cyber security audits across client environments Leading audit activities and producing high-quality findings and recommendations Supporting clients with corrective actions and compliance improvements Maintaining clear audit documentation and reporting Keeping up to date with evolving cyber assurance standards and best practice What we're looking for: ISO27001 Lead Auditor certification or equivalent Experience delivering audits, compliance or risk activities within Defence or wider Public Sector environments Strong understanding of NCSC CAF v3.2 / v4.0 Excellent stakeholder engagement and communication skills Ability to work both independently and within wider delivery teams Due to the nature of the work, applicants must hold active SC Clearance and be UK sole nationals. Package includes: 25 days holiday + bank holidays Annual personal and company bonus schemes Private medical insurance including family cover Full expenses EV scheme Income protection Death in service Enhanced pension options Professional fees allowance

Cyber Security Auditor +Permanent opportunity +Hybrid working - Corsham / West Country +SC / DV clearance is essential We are looking for Cyber Security Auditors to join a growing team delivering high-impact assurance services across UK Government and Defence programmes. This role is suited to auditors already operating within NCSC-aligned frameworks , with the ability to lead and deliver audits across nationally significant cyber assurance schemes. Essential Requirements (Must Have) ISO27001 Lead Auditor qualification (or equivalent) Chartered Auditor and Assessor accreditation Active presence on the NCSC Assured Service Provider / Auditor register Proven experience delivering NCSC-aligned audits The Role You will lead the delivery of cyber security audits across frameworks such as CAF, DCC, and GovAssure , supporting government-led cyber resilience initiatives. Key responsibilities include: Leading end-to-end cyber security audits across client environments Assessing compliance against frameworks such as CAF (v3.2 / v4.0) and GovAssure Producing high-quality audit reports with clear, actionable recommendations Engaging with stakeholders to support remediation and continuous improvement Maintaining audit documentation and evidencing to regulatory standards Staying current with evolving NCSC guidance, standards, and best practice What We're Looking For Minimum 3+ years' experience in cyber auditing, compliance, or risk (Public Sector / Defence preferred) Strong working knowledge of NCSC CAF frameworks Experience leading audit engagements and managing audit teams Excellent stakeholder engagement and report writing skills Ability to operate independently in client-facing environments Due to the nature of the roles, applicants must be UK sole nationals and hold UK Security Clearance to SC level, or preferably DV. If you'd like to discuss this role in more detail, please send your updated CV to (url removed) and I will get in touch.

Supplier Security Assurance Manager (SC Cleared) Employment Type : Contract Day Rate: £550 to £580 p/d Inside IR35 (based on candidate experience) IR35 Status : Inside IR35 Contract Length: 6-months (likely to extend indefinitely) Hybrid Model (Subject to customer requirement): Mostly remote, may occasionally require 1-2 days per week on-site in London office, as well as attendance to client sites for audits/essential meetings etc. Office/Customer Locations: Office locations are spread throughout the country (mostly London, occasionally Leeds, Manchester, Newcastle). Travel to Customer Sites: Expensed by client. Security Clearance : Active SC Clearance (Essential) About the Client and Role: My client, a leading Cyber Security Services provider that specialise in supporting security services to the public sector, such as Police, Government & Defence, is seeking a Supplier Security Assurance Manager to lend their expertise of Security Supplier Assurance. The candidate will be expected to support the delivery of the Supplier Security Assurance process throughout all stages of procurement/contract interactions. Responsibilities will include identifying risks, reporting, security reviews & auditing and ensuring minimum security standards are consistently met. Security Clearance: Active SC is essential Highly Desirable: Experience in Central Government/providing services to government departments Main Responsibilities: Auditing of suppliers for security purposes. Candidates must have outstanding skill producing clear and well documented audits. Ensure security due diligence is conducted on all bid applications as part of the procurement process. Identify physical, personnel and information security risks and/or vulnerabilities and report these prior to contract award. Work with business to provide suppliers with early insight into the mandatory minimums security requirements expected of them during the life of a contract. Supporting and ensuring consistency in approach for the delivery of Supplier Security Assurance across Commercial Directorate Conduct on-going assurance activities post contract award to ensure supplier maintain compliance with minimum security requirements. Conduct on-site supplier security assessments/reports/audits Desirable Certifications: Certified Cyber Professional (CCP) Security Information Risk Advisor (SIRA) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certification in Information Security Management Principles (CISMP) Governance Risk & Compliance Professional (GRCP) ISO27001 Lead Auditor

A well-established business is looking for an accomplished Head of Information Security to join its team based in London. Please note this is an office-based role, so you will work from the office 5 days per week. In this role of significant responsibility, you will design and lead the information security strategy for the organisation. Supported by a Cyber Security Analyst you will provide InfoSec expertise, ensuring that the business has a secure, resilient and robust technology estate, and will also ensure that effective security governance policies and procedures are in place. In order to be suitable for this role, you must be a highly capable information security leader with a proven track record of delivering secure, compliant and robust systems and procedures. CISSP or similar accreditation would be highly advantageous to your application. Key responsibilities will include:- Evolving a cyber and information security strategy aligned with ISO27001 standards and business objectives. - Lead the design, implementation, and continuous improvement of the Information Security Management System (ISMS) - Oversee risk management activities, including risk assessments, mitigation planning, and incident response.You will work with senior stakeholders to ensure alignment between security initiatives and organisational priorities and strive to continually harden and enhance the organisation's IT systems. You will be effective at managing relationships with third party suppliers and external auditors and will deliver awareness training, enhance and test the businesses disaster recovery, continuity and incident response plans, and carry our internal audits for the InfoSec governance frameworks. This is an excellent opportunity for a Head of Information Security to join a market leading business.

IT Specialist Internal Auditor needed to drive innovation - London-based - £70k+ Your new company This company is looking to transform their audit team by gaining an IT audit specialist to create robust IT systems to ensure compliance with industry standards. They are looking for a skilled IT Specialist Internal Auditor to join our team. This role is crucial in evaluating and improving our IT controls and ensuring the integrity of our information systems. Key Responsibilities: Conduct comprehensive IT audits, including planning, execution, and reporting. Assess the effectiveness of IT controls and identify areas for improvement. Evaluate IT systems and processes to ensure compliance with regulatory requirements and industry best practices. Utilise data analytics to streamline audit plans and enhance audit efficiency. Collaborate with IT and business teams to address audit findings and implement corrective actions. Prepare detailed audit reports and present findings to senior management. Stay updated on emerging IT risks, technologies, and regulatory changes. Provide guidance and training to junior audit staff on IT audit methodologies. Qualifications: Traditional accounting qualifications i.e. ACA/ACCA/CIMA or CISA, CISSP, or other relevant certification preferred. Minimum of 3 years of experience in IT auditing or a related field. Strong understanding of IT control frameworks Excellent analytical, problem-solving, and communication skills. Ability to work independently and as part of a team. Proficiency in audit software and Microsoft Office Suite. Operational Audit Experience: Proven experience in conducting operational audits to assess the efficiency and effectiveness of business processes. Technical Skills (some of these include): Operating Systems: Proficiency on Windows, Linux, and Unix environments. Database Management: Knowledge of SQL, Oracle, and other database management systems. Cybersecurity: Experience with vulnerability assessments, penetration testing, and incident response. IT Governance: Knowledge of ITIL, ISO 27001, and other IT governance frameworks. Software Development: Understanding of SDLC, DevOps practices, and application security. Data Analytics: Proficiency in data analytics tools and techniques to enhance audit processes. For example: Excel: Advanced skills in data manipulation, pivot tables, and data visualisation. SQL: Ability to query and analyse large datasets. Python/R: Experience with programming languages for data analysis and automation. Tableau/Power BI: Expertise in creating interactive dashboards and visualisations. ACL/Galvanize: Familiarity with audit-specific data analytics tools. What We Offer: Competitive salary and benefits package. Opportunities for professional growth and development. A collaborative and supportive work environment. Flexible work arrangements, including remote work options. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. #

Job Title: Principal Cyber Security Engineer Location: Barrow-In-Furness - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Salary: Negotiable, depending on experience What you'll be doing: Manage and deliver a Submarines Business Unit Product Security Assurance Audit schedule within the scope of EPAD Be able to plan and manage work concurrently across multiple security work programmes Be able to select appropriate Product Security Assurance techniques which are consistent and repeatable for use across a programme Represent the EPAD at Design Reviews and other various engagements, to ensure that Product Security is appropriately considered at each stage of the design lifecycle Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness Ensure that Product Security activities within a programme, a project, system or equipment, are delivered and managed using recognised techniques and in accordance with the Submarines Product Security Management System (PsecMS) Provide regular updates on assurance status/progress in accordance with programme/project specific reporting cycles Your skills and experiences: Essential: Degree (or equivalent experience) in a relevant STEM subject or Information Security related. Relevant Professional certification such as CISSP, CISM or CCP SIRA status (or able to achieve) Desirable: Experience in Cyber Security in relation to DEFCON 658, DEFSTAN 05-138, MOD Accreditation/Secure by Design ISO 27001 Lead Auditor or Implementer Benefits: As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive. The Engineering Product Assurance Department: The Product Security Assurance Principal Engineer will be a focal point for security and information risk matters within the Engineering Product Assurance Department (EPAD). They will have Governance, Risk and Compliance (GRC) subject matter expertise and will be responsible for development of the strategy within the scope of EPAD. The Principal Engineer will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks. Closing Date: 7 th October 2025 We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

Job Title: Principal Cyber Security Engineer Location: Barrow-In-Furness - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Salary: Negotiable, depending on experience What you'll be doing: Manage and deliver a Submarines Business Unit Product Security Assurance Audit schedule within the scope of EPAD Be able to plan and manage work concurrently across multiple security work programmes Be able to select appropriate Product Security Assurance techniques which are consistent and repeatable for use across a programme Represent the EPAD at Design Reviews and other various engagements, to ensure that Product Security is appropriately considered at each stage of the design lifecycle Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness Ensure that Product Security activities within a programme, a project, system or equipment, are delivered and managed using recognised techniques and in accordance with the Submarines Product Security Management System (PsecMS) Provide regular updates on assurance status/progress in accordance with programme/project specific reporting cycles Your skills and experiences: Essential: Degree (or equivalent experience) in a relevant STEM subject or Information Security related. Relevant Professional certification such as CISSP, CISM or CCP SIRA status (or able to achieve) Desirable: Experience in Cyber Security in relation to DEFCON 658, DEFSTAN 05-138, MOD Accreditation/Secure by Design ISO 27001 Lead Auditor or Implementer Benefits: As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive. The Engineering Product Assurance Department: The Product Security Assurance Principal Engineer will be a focal point for security and information risk matters within the Engineering Product Assurance Department (EPAD). They will have Governance, Risk and Compliance (GRC) subject matter expertise and will be responsible for development of the strategy within the scope of EPAD. The Principal Engineer will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks. Closing Date: 7 th October 2025 We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

Job Title: Principal Cyber Security Engineer Location: Barrow-In-Furness - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Salary: Negotiable, depending on experience What you'll be doing: Manage and deliver a Submarines Business Unit Product Security Assurance Audit schedule within the scope of EPAD Be able to plan and manage work concurrently across multiple security work programmes Be able to select appropriate Product Security Assurance techniques which are consistent and repeatable for use across a programme Represent the EPAD at Design Reviews and other various engagements, to ensure that Product Security is appropriately considered at each stage of the design lifecycle Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness Ensure that Product Security activities within a programme, a project, system or equipment, are delivered and managed using recognised techniques and in accordance with the Submarines Product Security Management System (PsecMS) Provide regular updates on assurance status/progress in accordance with programme/project specific reporting cycles Your skills and experiences: Essential: Degree (or equivalent experience) in a relevant STEM subject or Information Security related. Relevant Professional certification such as CISSP, CISM or CCP SIRA status (or able to achieve) Desirable: Experience in Cyber Security in relation to DEFCON 658, DEFSTAN 05-138, MOD Accreditation/Secure by Design ISO 27001 Lead Auditor or Implementer Benefits: As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive. The Engineering Product Assurance Department: The Product Security Assurance Principal Engineer will be a focal point for security and information risk matters within the Engineering Product Assurance Department (EPAD). They will have Governance, Risk and Compliance (GRC) subject matter expertise and will be responsible for development of the strategy within the scope of EPAD. The Principal Engineer will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks. Closing Date: 7 th October 2025 We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

Job Title: Principal Cyber Security Engineer Location: Barrow-In-Furness - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Salary: Negotiable, depending on experience What you'll be doing: Manage and deliver a Submarines Business Unit Product Security Assurance Audit schedule within the scope of EPAD Be able to plan and manage work concurrently across multiple security work programmes Be able to select appropriate Product Security Assurance techniques which are consistent and repeatable for use across a programme Represent the EPAD at Design Reviews and other various engagements, to ensure that Product Security is appropriately considered at each stage of the design lifecycle Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness Ensure that Product Security activities within a programme, a project, system or equipment, are delivered and managed using recognised techniques and in accordance with the Submarines Product Security Management System (PsecMS) Provide regular updates on assurance status/progress in accordance with programme/project specific reporting cycles Your skills and experiences: Essential: Degree (or equivalent experience) in a relevant STEM subject or Information Security related. Relevant Professional certification such as CISSP, CISM or CCP SIRA status (or able to achieve) Desirable: Experience in Cyber Security in relation to DEFCON 658, DEFSTAN 05-138, MOD Accreditation/Secure by Design ISO 27001 Lead Auditor or Implementer Benefits: As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive. The Engineering Product Assurance Department: The Product Security Assurance Principal Engineer will be a focal point for security and information risk matters within the Engineering Product Assurance Department (EPAD). They will have Governance, Risk and Compliance (GRC) subject matter expertise and will be responsible for development of the strategy within the scope of EPAD. The Principal Engineer will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks. Closing Date: 7 th October 2025 We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

Job Title: Principal Cyber Security Engineer Location: Barrow-In-Furness - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Salary: Negotiable, depending on experience What you'll be doing: Manage and deliver a Submarines Business Unit Product Security Assurance Audit schedule within the scope of EPAD Be able to plan and manage work concurrently across multiple security work programmes Be able to select appropriate Product Security Assurance techniques which are consistent and repeatable for use across a programme Represent the EPAD at Design Reviews and other various engagements, to ensure that Product Security is appropriately considered at each stage of the design lifecycle Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness Ensure that Product Security activities within a programme, a project, system or equipment, are delivered and managed using recognised techniques and in accordance with the Submarines Product Security Management System (PsecMS) Provide regular updates on assurance status/progress in accordance with programme/project specific reporting cycles Your skills and experiences: Essential: Degree (or equivalent experience) in a relevant STEM subject or Information Security related. Relevant Professional certification such as CISSP, CISM or CCP SIRA status (or able to achieve) Desirable: Experience in Cyber Security in relation to DEFCON 658, DEFSTAN 05-138, MOD Accreditation/Secure by Design ISO 27001 Lead Auditor or Implementer Benefits: As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive. The Engineering Product Assurance Department: The Product Security Assurance Principal Engineer will be a focal point for security and information risk matters within the Engineering Product Assurance Department (EPAD). They will have Governance, Risk and Compliance (GRC) subject matter expertise and will be responsible for development of the strategy within the scope of EPAD. The Principal Engineer will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks. Closing Date: 7 th October 2025 We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

Job Title: Principal Cyber Security Engineer Location: Barrow-In-Furness - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Salary: Negotiable, depending on experience What you'll be doing: Manage and deliver a Submarines Business Unit Product Security Assurance Audit schedule within the scope of EPAD Be able to plan and manage work concurrently across multiple security work programmes Be able to select appropriate Product Security Assurance techniques which are consistent and repeatable for use across a programme Represent the EPAD at Design Reviews and other various engagements, to ensure that Product Security is appropriately considered at each stage of the design lifecycle Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness Ensure that Product Security activities within a programme, a project, system or equipment, are delivered and managed using recognised techniques and in accordance with the Submarines Product Security Management System (PsecMS) Provide regular updates on assurance status/progress in accordance with programme/project specific reporting cycles Your skills and experiences: Essential: Degree (or equivalent experience) in a relevant STEM subject or Information Security related. Relevant Professional certification such as CISSP, CISM or CCP SIRA status (or able to achieve) Desirable: Experience in Cyber Security in relation to DEFCON 658, DEFSTAN 05-138, MOD Accreditation/Secure by Design ISO 27001 Lead Auditor or Implementer Benefits: As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive. The Engineering Product Assurance Department: The Product Security Assurance Principal Engineer will be a focal point for security and information risk matters within the Engineering Product Assurance Department (EPAD). They will have Governance, Risk and Compliance (GRC) subject matter expertise and will be responsible for development of the strategy within the scope of EPAD. The Principal Engineer will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks. Closing Date: 7 th October 2025 We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

Job Title: Principal Cyber Security Engineer Location: Barrow-In-Furness - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Salary: Negotiable, depending on experience What you'll be doing: Manage and deliver a Submarines Business Unit Product Security Assurance Audit schedule within the scope of EPAD Be able to plan and manage work concurrently across multiple security work programmes Be able to select appropriate Product Security Assurance techniques which are consistent and repeatable for use across a programme Represent the EPAD at Design Reviews and other various engagements, to ensure that Product Security is appropriately considered at each stage of the design lifecycle Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness Ensure that Product Security activities within a programme, a project, system or equipment, are delivered and managed using recognised techniques and in accordance with the Submarines Product Security Management System (PsecMS) Provide regular updates on assurance status/progress in accordance with programme/project specific reporting cycles Your skills and experiences: Essential: Degree (or equivalent experience) in a relevant STEM subject or Information Security related. Relevant Professional certification such as CISSP, CISM or CCP SIRA status (or able to achieve) Desirable: Experience in Cyber Security in relation to DEFCON 658, DEFSTAN 05-138, MOD Accreditation/Secure by Design ISO 27001 Lead Auditor or Implementer Benefits: As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive. The Engineering Product Assurance Department: The Product Security Assurance Principal Engineer will be a focal point for security and information risk matters within the Engineering Product Assurance Department (EPAD). They will have Governance, Risk and Compliance (GRC) subject matter expertise and will be responsible for development of the strategy within the scope of EPAD. The Principal Engineer will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks. Closing Date: 7 th October 2025 We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

Job Title: Principal Cyber Security Engineer Location: Barrow-In-Furness - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Salary: Negotiable, depending on experience What you'll be doing: Manage and deliver a Submarines Business Unit Product Security Assurance Audit schedule within the scope of EPAD Be able to plan and manage work concurrently across multiple security work programmes Be able to select appropriate Product Security Assurance techniques which are consistent and repeatable for use across a programme Represent the EPAD at Design Reviews and other various engagements, to ensure that Product Security is appropriately considered at each stage of the design lifecycle Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness Ensure that Product Security activities within a programme, a project, system or equipment, are delivered and managed using recognised techniques and in accordance with the Submarines Product Security Management System (PsecMS) Provide regular updates on assurance status/progress in accordance with programme/project specific reporting cycles Your skills and experiences: Essential: Degree (or equivalent experience) in a relevant STEM subject or Information Security related. Relevant Professional certification such as CISSP, CISM or CCP SIRA status (or able to achieve) Desirable: Experience in Cyber Security in relation to DEFCON 658, DEFSTAN 05-138, MOD Accreditation/Secure by Design ISO 27001 Lead Auditor or Implementer Benefits: As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive. The Engineering Product Assurance Department: The Product Security Assurance Principal Engineer will be a focal point for security and information risk matters within the Engineering Product Assurance Department (EPAD). They will have Governance, Risk and Compliance (GRC) subject matter expertise and will be responsible for development of the strategy within the scope of EPAD. The Principal Engineer will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks. Closing Date: 7 th October 2025 We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.