18 jobs found

We are seeking a Technical GRC Analyst to support the day-to-day operation of our governance, risk, compliance, and security assurance processes within a growing EdTech SaaS environment. This role will focus on administering established policies and workflows, coordinating compliance and security activities, handling requests from across the business, and performing risk assessments particularly where personal data, information security, and GDPR considerations are involved. You will play a key role in ensuring that our systems, processes, security tooling, and third-party relationships meet our security, compliance, and data protection standards. Working closely with the IT & Information Security Manager and wider IT team, you will help maintain audit readiness, support operational security assurance activities, and coordinate remediation and evidence management across the organisation. The role offers exposure across governance, operational security assurance, compliance, and risk management within a growing SaaS environment. Key Responsibilities Administer and operate IT risk, compliance, and security assurance processes aligned to internal policies and regulatory requirements (including GDPR) Act as a central point of contact for compliance-related requests (e.g. Subject Access Requests (SARs), data sharing requests, access requests, exceptions, and supplier onboarding) Perform risk assessments using defined criteria, with a focus on data protection and information security risks Review requests against defined policies and controls, escalating where appropriate in line with internal governance processes Support third-party / supplier risk assessments, including reviewing security and data protection documentation and tracking follow-up actions Support periodic reviews of high-risk and business-critical suppliers, applications, and technology platforms to ensure appropriate security, compliance, and data protection controls remain in place Support the implementation and ongoing operation of compliance and assurance tooling (Vanta), including evidence collection, test management, stakeholder coordination, remediation tracking, and control adoption activities. Ensure appropriate documentation, audit trails, and evidence are maintained for assessments, compliance activities, and operational processes Support internal and external audits (e.g. ISO 27001), including evidence gathering, action tracking, and coordination of remediation activities Monitor compliance with policies and highlight potential risks, gaps, or control weaknesses for review Support coordination and operational delivery of security improvement initiatives across IT and business teams. Support incident management processes through documentation, tracking, and coordination of follow-up actions Coordinate security awareness activities, including phishing simulation campaigns and training tracking Assist with reviews of security tooling configurations and collection of supporting control evidence Work closely with engineering, product, and business teams to ensure compliance and security processes are understood and followed Contribute ideas and feedback to improve workflows and operational processes, particularly where they impact scalability, operational efficiency, or customer trust Skills & Experience Essential: Experience in IT risk, compliance, or GRC roles within a SaaS or technology environment Understanding of GDPR and handling of personal data (especially sensitive or child/student data) Experience performing risk assessments using structured frameworks and defined processes Ability to interpret policies and apply them to operational and real-world scenarios Strong organisational, coordination, and documentation skills (audit trails, evidence, decision logs) Experience working with cross-functional teams (e.g. engineering, product, operations) Experience supporting operational security assurance activities, such as evidence collection, control validation, remediation tracking, or audit preparation Desirable: Familiarity with ISO 27001, Cyber Essentials, or similar frameworks Experience supporting audits, evidence collection, or remediation tracking activities Experience with vendor / third-party risk management Exposure to data protection processes (e.g. SARs, DPIAs, data sharing assessments) Exposure to data classification, data governance, or data loss prevention (DLP) processes Experience with GRC, compliance, or assurance platforms (e.g. Vanta, Drata) and ticketing/workflow management tools Exposure to Microsoft 365 security and compliance tooling (e.g. Entra ID, Intune, Secure Score, Defender) Basic understanding of cloud/SaaS architecture and common security controls Key Behaviours: Pragmatic approach to risk, with the ability to balance compliance requirements with business needs Comfortable assessing requests against defined policies and escalating concerns where appropriate Confident communicating risks, issues, and follow-up actions to stakeholders Detail-oriented, with a strong focus on documentation, evidence quality, and traceability Organised and proactive, with the ability to manage multiple tasks and follow through on actions Able to operate independently within established processes and governance frameworks Collaborative approach to working with technical and non-technical teams Bromcom is an equal opportunities employer.

Role: Finance and Procurement Manager Employer: Single Source Regulations Office Sector: Non-Departmental Public Body Location: London / Hybrid / Remote Salary: Up to £59,000 (pro rata) and Civil Service Pension + up to Zones 1-6 London oyster card + 30 days holiday plus bank holidays (pro rata) Closing Date: 26 June 2026 Interviews planned for: W/c 6 July 2026 Working pattern: Part-time (0.8 FTE). The SSRO welcomes flexible working arrangements. Introduction The Single Source Regulations Office (SSRO) is an executive non-departmental public body that supports the regulatory framework for single source defence contracts established by Part 2 of the Defence Reform Act 2014. It plays a key role in the regulation of the UK government's 'single source,' or non-competitive, procurement of military goods, works and services. The framework places controls on the prices of qualifying defence contracts and requires greater transparency from defence contractors. In conducting its functions, the SSRO aims to ensure that government obtains good value for money in its expenditure on qualifying defence contracts, and that contractors are paid fair and reasonable prices. By working for the SSRO you will be an important part of a dynamic organisation. Our staff have a range of professional skills and include accountants, analysts, economists, researchers, and military experts. The SSRO is seeking a qualified accountant with experience in preparing and managing a corporate budget. This role involves managing a tight budget and provides an opportunity to tackle complex transactions working in an outsourced system environment. You will also be required to provide advice on the SSRO's financial policies and ensuring compliance across the organisation. Working with the Head of Corporate Services, this role will also provide end-to-end procurement support for the organisation's purchasing of goods and services. Whilst a procurement qualification is not needed for this role, some procurement experience (ideally gained in the public sector) is required. Role Responsibilities Finance Lead on the preparation of the SSRO's corporate budget and the subsequent management of it. Ensuring regular review of expenditure takes place; developing relationships with budget holders and/or managers within SSRO and understanding their priorities and spending plans; providing advice and guidance. Communicating and interpreting of financial data to non-financial managers to facilitate monitoring of annual spend outturn on projects and long-term contracts; Production of monthly, quarterly and annual budgets and forecast reporting. Liaising with budget holders and/or managers to collate information and identify key financial risks, pressures and opportunities. Adminstration of the quarterly drawdown of Grant-In-Aid funding. Providing input into the development of and then ensuring compliance with finance and procurement policies and procedures. Lead on the production of the Remunertion Report for inclusion in the Annual Report and Accounts. Assist with the management of the outsourced finance and payroll contract and supplier. Liaise with internal and external auditors on matters relating to the budget and remuneration report. Provide cover, as needed for the Finance Manager. Procurement Provide end-to-end procurement support activity, while identifying and managing procurement risks, including: supporting service managers in identifying appropriate routes to market, production of procurement project plans, securing internal approvals and managing any market pre-engagement. preparing and issuing procurement documentation and co-ordinating communications with bidders. supporting evaluation panels, assisting the Legal Team with any contract negotiations and making the contract award; and fulfilling relevant transparency requirements, including the publishing of notices and compliance with relevant government procurement policy. Contribute to the review and development of the SSRO's Procurement Strategy, policy and processes. Undertake periodic reviews and updating of the SSRO's procurement policy and procedures. Manage the SSRO's Contract Register and contract management processes. Liaise with internal and external auditors on matters relating to procurement. General Engage actively with internal and external stakeholders and work closely with them. Manage and maintain effective relationships. Actively learn and develop your skills and experience. Act with integrity, apply the SSRO's governance procedures, and promote good governance. Make best use of available technology and contribute to the delivery of new and innovative ways to deliver our work that improve quality and efficiency. Promote the SSRO's values. Undertake such other duties as the SSRO may require, in line with business need. Support working relationships with the MOD sponsor team, the internal audit function, NAO and HM Treasury. Represent the SSRO in meetings and other forums as requested. Participate actively and constructively in discussions in line with the SSRO's vision, values, objectives, and priorities. What skills do I need to be effective in this role? Essential criteria AAT qualified or Part qualified accountant e.g., CAB, ACA, CIMA, ACCA, CIPFA or equivalent Experience of financial planning, budgeting, forecasting and supporting senior management with decision making. Experience of supporting end-to-end procurement activity. Strong financial analytical skills with the ability to interpret data, generate insights and construct solutions. Good communication skills with the ability to explain financial data to non-financial managers. Intermediate excel skills. Demonstrable ability to meet deadlines and a "can do" attitude with the willingness and ability to work flexibly and undertake a wide variety of activities. A natural team player who can interact easily with colleagues and have strong communication skills. An ability to switch between tasks, to quickly get up-to-speed on new subjects and to deliver to sometimes challenging timetables, consistently delivering high quality and robust advice and support. Strong communication skills, with ability to explain and defend a position to a variety of audiences and to express procurement issues in easy-to-understand plain English. A team player who enjoys and has experience of working collaboratively with others. An ability to build strong working relationships, internally and externally, and to engage with stakeholders at all levels in business and government. Desirable criteria Relevant professional qualification(s), or part qualification in procurement and supply. A good understanding of the defence sector. Experience of contract relationship management, and an understanding of how that can deliver and improve value for money. Experience of working in a similarly sized and funded NDPB, or a public body would be an advantage but is not essential Security clearance The role will require you to undergo and successfully secure national security vetting and obtain Security Check (SC) clearance. Applying for the position To apply for the position, please submit both of the following: A covering letter of no more than 1000 words (font size 12), clearly explaining how you meet the essential and desirable criteria as outlined above, using appropriate examples; and Your CV, setting out your qualifications and experience. This should clearly include any professional bodies of which you are a member. Applications that do not contain both covering letter and CV may be rejected. The SSRO embraces diversity and promotes equal opportunities. We recruit by merit based on fair and open competition. Contact point for applicants:

Information Security Analyst - ISO 27001, SOC2, PCI DSS Audit & Compliance - Large Government Projects London Hybrid. Full-Time Permanent 80,000 - 90,000 plus bonus & benefits We're working with a global leader in workforce management solutions to find a certified Information Security Analyst well versed in ISO Audit & Compliance. You'll join a talented team and contribute towards delivering compliance with leading security frameworks, preparing for and conducting audits, and contributing to security operations. You'll be joining a collaborative, ambitious team delivering GRC initiatives across large government projects. The Role Lead and conduct internal audits across ISO 27001, GDPR, DORA, Cyber Essentials & more. Prepare teams for external audits and manage the audit process end-to-end. Monitor changes in compliance frameworks and maintain alignment. Support the Cyber Security Operations Centre (CSOC) in incident monitoring and response. Develop and maintain policies, procedures, and security documentation. Collaborate with IT & Security teams to identify and remediate vulnerabilities. What We're Looking For Strong knowledge of audit & compliance frameworks (ISO 27001, Cyber Essentials, GDPR, DORA). Experience with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions. Hands-on experience with internal/external audits and compliance assessments. Relevant security/audit certifications (CISA, CISM, CISSP, ISO 27001 Lead Auditor, Cyber Essentials Assessor, or equivalent). Eligible for UK Security Clearance. This is a great opportunity to work with Hit apply to upload your CV Spectrum IT Recruitment (South) Limited is acting as an Employment Agency in relation to this vacancy.

Salesforce Business Analyst 75,000- 80,000 Hybrid South West England Role Overview We are looking for an experienced Salesforce Business Analyst to support the governance, optimisation, and continuous improvement of the Salesforce platform. You will work closely with business stakeholders, delivery teams, architects, QA, and Information Security to ensure Salesforce processes, controls, and solutions are effectively managed and aligned to business requirements. Key Responsibilities Gather, analyse, and document business and functional requirements. Support Salesforce governance, standards, and compliance activities. Document business processes, workflows, and operating procedures. Produce governance reporting, management information (MI), and control evidence. Perform assurance activities including access reviews and platform assessments. Support risk management, audit readiness, and remediation activities. Collaborate with cross-functional teams to deliver scalable Salesforce solutions. Drive continuous improvement across Salesforce processes and governance. Required Skills & Experience 8-10+ years' experience as a Business Analyst within Salesforce environments. Strong Salesforce functional knowledge and hands-on declarative configuration experience including: Flows Validation Rules Objects & Fields Page Layouts Workflows Experience gathering and translating business requirements into functional solutions. Strong understanding of Salesforce governance, controls, and compliance processes. Experience working within Agile/Scrum delivery environments. Excellent stakeholder management, communication, and facilitation skills. Strong analytical and problem-solving abilities. Ability to work effectively in fast-paced, changing environments. If you receive suspicious outreach claiming to be from us, please contact us via the ManpowerGroup website.

12 month FTC (would suit someone immediately available or on short notice period Strengthen risk. Shape governance. Drive confidence. Excellent team culture. Hybrid working (2 days per week in office) Join my client in a pivotal second-line Operational Risk role where you'll help elevate the organisation's risk maturity, strengthen governance, and embed a forward-looking Operational Risk Framework across key Group Functions. This 12-month FTC offers the opportunity to shape how risk is understood, managed, and governed at scale - delivering insight, challenge, and real impact at the heart of a major UK Financial Services Institution. Produce high-quality, insight-led risk reporting to support committees and senior stakeholders Analyse risk events to identify trends, root causes and emerging risks Build strong working relationships with colleagues across EORM, Information Security, Compliance, HR and Finance Support and challenge business Risk owners and Risk Champions with the identification, assessment and documentation of their risks and control. You will have: Experience in operational risk, risk management, audit or a business control function within financial services Strong understanding of risk and control frameworks, including control assurance Experience in risk event or incident management and analysis My client offers a first class culture where you opinion matters and is heard, offering a flexible and mature approach to work.

Supplier Tooling Governance Support Analyst Location: Peterborough Industry: Global Manufacturing & Engineering Step into a role that keeps global supply chains moving Are you detail-driven, organised, and ready to make an impact in a fast-paced, global environment? This is your opportunity to join a leading manufacturing and engineering organisation where supplier tooling governance plays a critical role in quality, cost efficiency, and supply continuity. In this role, you'll be at the heart of operations-supporting tooling governance across international markets while enabling senior teams to focus on high-value strategic initiatives. What You'll Be Doing Tooling Governance & Operations Act as a key point of contact for day-to-day queries within the tooling management system Maintain and validate tooling data, ensuring accuracy and integrity Monitor supplier-held tooling and proactively identify risks or issues Process & Documentation Create and maintain standard work instructions (SWIs) Keep governance documentation, templates, and records up to date Stakeholder & Supplier Collaboration Support supplier queries related to tooling and ownership Work closely with procurement and operational teams to resolve issues Governance & Audit Support Assist with audit preparation and governance reviews Provide data and documentation for internal and external audits What You'll Bring Experience in procurement, purchasing, or operations support Strong attention to detail with excellent data accuracy skills A structured, problem-solving mindset Confidence balancing administrative and technical tasks Strong communication skills and ability to collaborate across teams Bonus Points For Experience in tooling or asset management systems Exposure to audit, compliance, or governance environments Experience working with global stakeholders across time zones Key Skills Tooling | Excel | Data Management | Governance | Operations Support Why This Role? Be part of a globally connected operation supporting teams across the UK, EU, US, and Asia Gain exposure to end-to-end processes and governance frameworks Play a key role in improving efficiency, compliance, and supply continuity Work on initiatives including process improvements, automation, and supplier development A great opportunity to grow within a strategic procurement and operations environment Job Title: Tooling Governance Support Analyst Location: Peterborough, UK Rate/Salary: 18.00 - 22.00 GBP Hourly Job Type: Contract Trading as Aston Carter. Allegis Group Limited, Bracknell, RG12 1RT, United Kingdom. No Allegis Group Limited operates as an Employment Business and Employment Agency as set out in the Conduct of Employment Agencies and Employment Businesses Regulations 2003. Aston Carter is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, Talentis Solutions, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available on the website. To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go to the website. We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. If you are resident in the UK, EEA or Switzerland, we will process any access request you make in accordance with our commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.

SAP Basis Administrator 60,000 - 65,000 + Bonus and Benefits Full Time / Permanent Hybrid / Birmingham The Role I am looking for a driven SAP Basis Administrator / Analyst to join a large and nationally recognised manufacturing client based in the Birmingham area as the continue on their digital evolution. As a SAP Basis Administrator / Analyst you will be a key member of a dynamic internal IT team acting as the technical subject matter expert for all things SAP infrastructure. The successful candidate will work across a broad technical landscape - translating business needs into innovative SAP platform solutions, ensuring system availability, security, and performance. Responsibilities Lead SAP infrastructure service management activities, ensuring reliable, secure and cost-effective solutions. Manage third-party SAP hosting providers, ensuring delivery against SLAs and governance standards. Acting as SAP SME on IT and business transformation projects. Monitor system performance, capacity, and availability - and planning smart enhancements. Support compliance with SOx, audit and security standards such as ISO27001 and Cyber Essentials. Investigate and resolve incidents, support users, and ensure root cause analysis is actioned. The Person Experience in a similar SAP Basis Administration role in a large enterprise environment Extensive experience of SAP infrastructure and associated technologies Strong knowledge of IT governance, audit, and service management principles Ability to translate business requirements into robust, scalable solutions Excellent communication and stakeholder engagement skills Please apply via the link or contact (url removed) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

Job Title: Cryptography Analyst Location: Hybrid working - 2 days a week in Knutsford Cheshire Duration: Till 31st December 2025 Rate: 445.00 per day (Inside IR35) Successful candidates will be required to go through a BPSS Clearance We are looking for an experienced Cryptography Analyst to join a dedicated security team. You will be supporting the integrity and availability of the clients cryptographic infrastructure. You will play a key role in supporting cryptographic hardware, key management services, certificate management, and ensuring adherence to IT security standards. Your expertise will help shape and secure the operations, aligning with the Crypto strategy and wider departmental goals. Key Responsibilities Manage cryptographic hardware (HSMs - Thales, Entrust, Gemalto, etc.), including installation, configuration, and on-site activities Perform SSH key and certificate management Support cryptographic key lifecycle activities: generation, distribution, storage, recovery, and deletion Maintain accurate documentation and perform regular risk and compliance checks Handle incident, problem, and change management processes (aligned with ITIL best practices) Ensure strong governance, audit trails, and adherence to Barclays' IT Security Standards Contribute to automation and scripting efforts (e.g., Python) to streamline operations Participate in out-of-hours support and provide monthly risk/management reporting Collaborate with global teams across diverse platforms (IBM, Tandem, Unix) Essential Skills & Qualifications Proven experience in cryptography or information security roles Hands-on experience with HSMs from vendors such as Thales, Entrust, or Gemalto Familiarity with HSM monitoring tools Strong scripting or coding skills (Python preferred) ITIL Foundation Certification Bachelor's Degree in Computer Science or related field Strong stakeholder management and communication skills Excellent attention to detail and ability to multitask Proficient in Microsoft Office tools Desirable Skills Operational experience in IT Security environments Industry certifications in security and/or project management Experience with Unix/Windows operating systems Proficiency in tools such as SharePoint, Confluence, and JIRA Understanding of compliance, data protection, and incident response best practices Experience creating and maintaining operational documentation If you are interested and looking for your next role, please apply with a copy of your CV or email - (url removed)

IT Security Analyst Location: Hybrid - Middlesbrough Salary: 50,000 - 60,000 + Benefits 83zero are partnered with a market-leading software company who are on a mission to transform the construction and related industries through their end-to-end digital solutions. With teams across the UK, Europe, USA and India, they are delivering large-scale transformation projects on a global scale and are continuing to expand. We are now looking for a highly organised and detail-driven IT Security Analyst to join their growing security function. This role plays a key part in securing customer trust and supplier integrity, ensuring compliance with recognised frameworks, and supporting wider security initiatives. The Role Own and manage responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background checks. Desirable: Certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor. Familiarity with SaaS/cloud platforms (AWS, Azure, GCP). Understanding of secure software supply chains (SBOM, SLSA). What's on Offer 50,000 - 55,000 base salary 25 days annual leave + public holidays (increasing with service) Matched pension scheme Private medical insurance & life assurance Fitness allowance Paid study leave & volunteering days Flexible hybrid working Excellent career development and training opportunities

IT Security Analyst Location: Hybrid - Buckinghamshire Salary: 50,000 - 55,000 + Benefits 83zero are partnered with a market-leading software company who are on a mission to transform the construction and related industries through their end-to-end digital solutions. With teams across the UK, Europe, USA and India, they are delivering large-scale transformation projects on a global scale and are continuing to expand. We are now looking for a highly organised and detail-driven IT Security Analyst to join their growing security function. This role plays a key part in securing customer trust and supplier integrity, ensuring compliance with recognised frameworks, and supporting wider security initiatives. The Role Own and manage responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background checks. Desirable: Certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor. Familiarity with SaaS/cloud platforms (AWS, Azure, GCP). Understanding of secure software supply chains (SBOM, SLSA). What's on Offer 50,000 - 55,000 base salary 25 days annual leave + public holidays (increasing with service) Matched pension scheme Private medical insurance & life assurance Fitness allowance Paid study leave & volunteering days Flexible hybrid working Excellent career development and training opportunities

Information Security Analyst - Heron Foods Salary: £35,000 - £45,000 per annum (depending on experience) Location: Hull (with hybrid working flexibility) About the Role We are looking for an Information Security Analyst to join the Group Information Security Function at B&M, with a dedicated focus on Heron Foods. In this role, you'll act as the primary contact for all things cyber and information security at Heron Foods, working day-to-day under the steer of the Head of IT at Heron Foods while aligning with the security strategy, policies, and standards set by the Group Head of Information Security. This is an exciting opportunity to be at the frontline of cyber defence - monitoring threats, responding to incidents, managing vulnerabilities, and embedding security into everyday operations across Heron Foods. Key Responsibilities As Information Security Analyst, you will: Be the first point of contact for all cyber and information security matters within Heron Foods. Monitor and respond to alerts from our Managed Security Operations Centre (SOC). Coordinate incident response, containment, and recovery activities. Oversee vulnerability management: assessing risks, tracking remediation, and validating fixes. Support forensic investigations and evidence handling when needed. Contribute to compliance activities including PCI DSS evidence gathering and audit readiness. Deliver security awareness training, phishing simulations, and staff engagement campaigns. Provide local insights to the Group Information Security team to strengthen overall resilience. About You We're looking for someone who combines technical knowledge with an investigative mindset and strong stakeholder communication skills. Essential skills & experience: Experience working in security operations, SOC, or incident response. Knowledge of SIEM tools, vulnerability management, and log analysis. Understanding of security frameworks such as ISO 27001, NIST, or PCI DSS. Strong communication skills to engage with IT teams, business stakeholders, and non-technical staff. Ability to work independently at Heron Foods while remaining aligned to Group Information Security. Desirable: Hands-on exposure to security tooling (e.g., EDR, SIEM, vulnerability scanners). Experience supporting audits and compliance activities. Scripting/automation skills (e.g., PowerShell, Python) to streamline tasks. Why Join Us? At B&M and Heron Foods, we are on a journey to strengthen our cyber resilience. This role offers: A unique opportunity to be the dedicated security lead for Heron Foods while benefiting from Group-level support and expertise. A competitive salary of £35,000 - £45,000 (depending on experience). Hybrid working arrangements. Excellent staff discount across B&M and Heron Foods stores. Opportunities for training, development, and progression within a growing security function. How to Apply If you're passionate about cyber security and want to make a real impact by protecting business-critical systems and data, apply today and help us keep Heron Foods secure.

IT Security Manager Hybrid We are seeking an experienced IT Security Manager to lead our clients security function across the EMEA region. Reporting to the Head of IT Infrastructure, you will manage a team of internal security analysts as well as external consultants and managed services providers. This role requires strong interpersonal skills to collaborate effectively with IT Infrastructure teams across multiple European sites, as well as wider business units within the group. The successful candidate will take ownership of their Information Security Management System (ISMS) , supporting ISO 27001 certification, ensuring compliance with relevant regulations, and safeguarding our IT assets. You will also play a proactive role in shaping and delivering future security programmes as part of the Global IT Security Team. Key Responsibilities Lead and manage the IT security team, including outsourced SOC/MDR/DFIR providers. Maintain and enhance our ISMS, including policies, procedures, registers, and reports. Ensure compliance with ISO 27001, ISAE 3402 Type II, and NIS2 requirements. Prepare and present regular security reports to senior management. Liaise with external auditors, customers, and vendors as required. Conduct regular security assessments, penetration tests, and risk analyses. Monitor networks and systems for breaches, incidents, and vulnerabilities. Respond to and manage security incidents, including investigation, mitigation, and reporting. Oversee user access controls, identity management, and data protection measures. Lead Business Continuity and Disaster Recovery (BC/DR) planning and testing. Manage and deliver IT security awareness training for staff and end users. Qualifications & Experience Bachelor's degree in Computer Science, Information Security, or related field. Professional certification (CISM, CISSP, or equivalent) required. 7+ years' experience in IT security, with at least 3 years in a leadership or managerial role. Strong knowledge of ISO 27001, ISAE 3402, and related frameworks. Experience with security technologies such as XDR, MDR, EDR, SIEM, NAC, IDS/IPS, and SASE. Proven background in incident response, risk management, and ISMS operation. Essential Skills Demonstrated leadership and team management experience. Strong analytical and problem-solving skills. Excellent communication and interpersonal skills. Ability to prioritise effectively and perform under pressure. What they Offer An influential leadership role in a global organisation. Opportunity to shape security programmes and strategy at an international level. Competitive salary and benefits package. Professional development and certification support. If you are a proven IT Security leader with the vision, expertise, and drive to safeguard critical systems and data, we would like to hear from you. IT Security Manager Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website

Information Security Senior Analyst Location: Surrey (Hybrid) Our client, a large corporate organisation based in Surrey, is seeking an Information Security Senior Analyst with experience of Risk & Controls to join their team. The successful candidate will have proven experience in risk management, controls, and governance frameworks, who can lead initiatives, mentor others, and collaborate effectively across business units. You should be both strategic and hands-on, with a passion for proactive security and continuous improvement. Responsibilities: Lead the InfoSec risk register - Identify, assess, and mitigate information security risks. Own control frameworks - Maintain and improve controls to ensure alignment with standards like NIST CSF and COBIT. Drive assurance - Monitor the effectiveness of security controls, including outcomes of penetration testing and red team exercises. Collaborate with business units - Act as a security advocate and guide cross-functional teams in secure practices. Lead technical initiatives - Provide hands-on leadership and mentor more junior team members. Conduct threat and vulnerability assessments - Take a proactive role in identifying potential security threats. Skills and experience required: Strong experience in risk & controls within the information security, ideally in a regulated industry. Experience in large, complex enterprise environments (e.g., multiple sites, technologies). Hands-on leadership in technical InfoSec initiatives. Strong understanding and implementation of control frameworks (NIST CSF, COBIT). Ability to run threat intelligence and vulnerability assessments. Experience collaborating with 2nd and 3rd line governance teams (e.g., audit, compliance). Strong stakeholder engagement and influencing skills. Reasonable Adjustments: Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients. If you need any help or adjustments during the recruitment process for any reason , please let us know when you apply or talk to the recruiters directly so we can support you.

SOC Manager 6 Month contract initially Based: Hybrid/Leamington & Gaydon - Hybrid as per business need Rate: £Market rates p/d (via Umbrella company) We have a great opportunity with a world leading organisation where you will be provided with all of the support and development to succeed. A progressive organisation where you can really make a difference. We have a great opportunity for a SOC Manager to join the team. As SOC Manager you will: * Oversee SOC activities by reviewing your team's performance metrics, incident reports and other key indicators * Lead incident response efforts when a security incident occurs, the SOC team has to respond as quickly as possible * Lead these efforts by establishing clear incident response procedures and protocols and conveying them to the team * Analyse incident reports to understand your organization's security posture by reviewing incident reports, SOC managers identify patterns and trends that may indicate weaknesses or vulnerabilities in their security defences * Serve as the point of contact (POC) for security incidents within the company. You are the primary liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients or regulatory bodies. * Be responsible for conducting information security investigations as a result of security incidents. These are previously identified by the Level 2 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone) End to end security incident management. You will play a key role in providing the highest level of technical expertise and handling the most complex security incidents. Key Responsibilities: * Manage service and process improvements of SOC, auditing SOC incidents, identifying new use cases and automations * POC for SOC engineering team, threat intelligence analyst and Threat exposure management * Act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques * Act as the lead coordinator to individual information security incidents * Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Centre. * Document incidents from initial detection through final resolution * Ensure threat management, threat modelling, identify threat vectors and develop use cases for security monitoring * Create reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt. * Act as focal point for any investigations involving security; to prepare reports and note follow up action * Participate in the role of Incident Manager during any incidents and emergencies * Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date * Coordinate with IT teams on escalations, tracking, performance issues, and outages Key skills & experience: * Strong knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) and SOC advancements such as EDR and SOAR * Good knowledge of SIEM technologies, like Google Chronicle, Splunk ES or QRadar * In-depth familiarity with security policies based on industry standards and best practices * Experienced within the information security field, with emphasis on security operations, incident management, intrusion analysis, security device installations, configuration, and troubleshooting (e. g., Firewall, IDS, etc.) * Experience in Log source integration and in Developing new correlation rules & Parser writing * Experienced in SOC automation development, cloud operations (e. g. AWS), Designing, building security operations centers and Regulatory Compliance * Ability to lead and communicate efficiently within a team environment along with Incident management process development and/or incident management experience * Solid understanding of information technology and information security required * Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences (including executives) * Ability to work well under pressure with differing levels of Management This is an excellent opportunity on a great project of work, If you are looking for your next exciting opportunity, apply now for your CV to reach me directly, we will respond as soon as possible. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds. Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.

SOC Manager Whitehall Resources are looking for a SOC Manager. This role is hybrid working with 2-3 days per week onsite in Warwickshire, and the remainder remote working, for an initial 6-month contract. *Inside IR35* Job Description: Establish goals and priorities by working closely with your team to identify the most critical focus areas. These include: Improving incident response times Reducing false positives and other extraneous alerts Enhancing threat detection capabilities Oversee your staff's activities and ensure they focus on the right priorities Oversee SOC activities by reviewing your team's performance metrics, incident reports and other key indicators Lead incident response efforts when a security incident occurs, the SOC team has to respond as quickly as possible Lead these efforts by establishing clear incident response procedures and protocols and conveying them to the team Analyse incident reports to understand your organization's security posture by reviewing incident reports, SOC managers identify patterns and trends that may indicate weaknesses or vulnerabilities in their security defences Serve as the point of contact (POC) for security incidents within the company. You are the primary liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients or regulatory bodies. Be responsible for conducting information security investigations as a result of security incidents. These are previously identified by the Level 2 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone) End to end security incident management. You will play a key role in providing the highest level of technical expertise and handling the most complex security incidents. Report to the Customer about security operations. This means that you must keep the CISO and Head of security operations informed about everything that's happening in the operations centre. You can do this by preparing clear and concise reports that highlight key findings, and recommendations about the operations. Your reports will help the customer make informed decisions about security investments and strategies that align with the company's goals. Your responsibilities: Manage service and process improvements of SOC, auditing SOC incidents, identifying new use cases and automations POC for SOC engineering team, threat intelligence analyst and Threat exposure management Act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques Act as the lead coordinator to individual information security incidents Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Centre. Document incidents from initial detection through final resolution Ensure threat management, threat modelling, identify threat vectors and develop use cases for security monitoring Create reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt. Act as focal point for any investigations involving security; to prepare reports and note follow up action Participate in the role of Incident Manager during any incidents and emergencies Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date Coordinate with IT teams on escalations, tracking, performance issues, and outages Essential skills and experience: Strong knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) and SOC advancements such as EDR and SOAR Good knowledge of SIEM technologies, like Google Chronicle, Splunk ES or QRadar In-depth familiarity with security policies based on industry standards and best practices Experienced within the information security field, with emphasis on security operations, incident management, intrusion analysis, security device installations, configuration, and troubleshooting (e. g., Firewall, IDS, etc.) Experience in Log source integration and in Developing new correlation rules & Parser writing Experienced in SOC automation development, cloud operations (e. g. AWS), Designing, building security operations centers and Regulatory Compliance Ability to lead and communicate efficiently within a team environment along with Incident management process development and/or incident management experience Solid understanding of information technology and information security required Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences (including executives) Ability to work well under pressure with differing levels of Management Desirable skills and experience: Experience of Agile ways of working. All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description. Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.

Regulatory Analyst - DORA Hybrid Our client, a leading financial services organisation, is seeking a Regulatory Analyst with strong expertise in Digital Operational Resilience (DORA) and European cyber regulations. As a subject matter expert, you will drive DORA implementation, collaborate with operational resilience teams, and influence policies, controls, and risk frameworks to safeguard critical business services. Key Responsibilities Regulatory Assurance (DORA): Lead gap analyses and implement solutions to ensure full DORA compliance . Embed DORA's six pillars: ICT Risk Management, Incident Reporting, Resilience Testing, Information Sharing, Third Party Risk, and Governance . Collaborate with operational resilience and business continuity teams. Design and execute testing initiatives to measure cyber and digital resilience. Assess third-party resilience as part of TPRM efforts. Partner with IT and Risk stakeholders on cross-functional initiatives. Act as a subject matter expert and champion of digital resilience. Policies & Standards: Develop and evolve policies to align with both local and enterprise-wide regulatory requirements. Contribute to the information security policy framework . Governance & Controls: Support ongoing control maintenance and internal audits. Work with stakeholders to assess risk and strengthen mitigation strategies . Build deep expertise around regulated business services . What You Bring Expertise & Education: Degree in IT, Information Security, Risk Management or a related field. Strong knowledge of DORA, NIS2, and UK/EU cyber regulations . Familiarity with frameworks: ISO27001, NIST, COBIT, CAF . Recognised certifications such as CISSP, CISM, CISA, CRISC, CTPRP . Experience with European financial regulations (BaFin, AMF, etc.). Proven background in information security, audit, or risk management . Skills & Traits: Financial services experience with strong awareness of cybersecurity trends . Proactive problem solver with excellent analytical skills . Collaborative with strong stakeholder management abilities .

Are you ready to make a meaningful impact in the world of cyber security? At UK Power Networks, we're seeking a dedicated Senior Cyber Security Risk Specialist to join our Information Systems directorate in either our London or Crawley office. With a competitive salary of up to 75,000.00 plus a 7.5% bonus. Step into a pivotal role where your skills and insights will help shape the security posture of a leading energy distribution company. You'll report directly to the Cyber Security Governance, Risk & Compliance Manager and play a vital part in safeguarding essential business operations from evolving cyber threats. The role is dynamic and collaborative, involving close teamwork with a group of 8-10 GRC professionals and expert partners. You'll mentor less experienced analysts, offer guidance and training, and occasionally deputise for the GRC Manager, representing UK Power Networks at industry forums and regulatory working groups. Communication is at the heart of this position; you'll interact regularly with senior management across IT, IS, and the broader business, as well as with auditors and third-party partners, translating technical risks into actionable recommendations. Your main accountabilities will revolve around conducting cyber security risk assessments using the UK Power Networks framework, identifying, tracking, and remediating control environment risks, and ensuring third-party risks are also addressed. You'll produce management information and regulatory submissions, maintain compliance with major standards like ISO 27001/27002, and provide assurance for policy compliance. Establishing robust GRC policies and procedures, developing the IT controls framework, and supporting business continuity and disaster recovery planning will all fall under your remit. You'll operate and improve our information security management system, ensure ongoing compliance with legal and regulatory requirements such as Cyber Essentials, NIS Regulations, and the Smart Energy Code, and support technical implementation of GRC tools. Imagine being part of a team that is integral to delivering seamless technology solutions and continuous improvement throughout the organisation. The Information Systems Department underpins our commitment to operational excellence, customer service, and cyber resilience. In this role, you'll assess IT and cyber risks, drive improvements in our cyber maturity, collaborate with a variety of internal and external partners, and enable UK Power Networks to maintain its license to operate by demonstrating a strong and sustainable security posture. We're looking for someone with practical experience in GRC, audit, or cyber security, and with relevant training in cyber risk assessment. You should have a deep knowledge of at least three specialist areas such as industry standards, operational controls, risk management, business continuity, or supply chain security. Professional certifications like CISSP, CompTIA, CISA, CISM, CRISC, or an academic background in information security will be highly valued, along with hands-on experience in compliance frameworks, IT/OT risk assessments, and audit engagements. Familiarity with regulated environments, especially within the energy sector, will be advantageous. Beyond a competitive salary and bonus, we offer 25 days of annual leave plus bank holidays, reservist leave, a generous pension plan, tenancy loan deposit and season ticket schemes, tax-efficient benefits, health support, retail discounts, and an employee assistance programme. We are committed to supporting your health, safety, and wellbeing, and are proud to be an equal opportunity employer who values diversity and inclusion at every level. If you are motivated to support a critical infrastructure business, thrive in a collaborative environment, and are passionate about advancing cyber security, we invite you to apply and become a key player in the future of UK Power Networks. Take the next step towards an exciting and rewarding career-your expertise could make all the difference. Click apply to view the full job description on our careers page with a closing date of 28/09/2025

Information Security Analyst - Heron Foods Salary: £35,000 - £45,000 per annum (depending on experience) Location: Hull (with hybrid working flexibility) About the Role We are looking for an Information Security Analyst to join the Group Information Security Function at B&M, with a dedicated focus on Heron Foods. In this role, you'll act as the primary contact for all things cyber and information security at Heron Foods, working day-to-day under the steer of the Head of IT at Heron Foods while aligning with the security strategy, policies, and standards set by the Group Head of Information Security. This is an exciting opportunity to be at the frontline of cyber defence - monitoring threats, responding to incidents, managing vulnerabilities, and embedding security into everyday operations across Heron Foods. Key Responsibilities As Information Security Analyst, you will: Be the first point of contact for all cyber and information security matters within Heron Foods. Monitor and respond to alerts from our Managed Security Operations Centre (SOC). Coordinate incident response, containment, and recovery activities. Oversee vulnerability management: assessing risks, tracking remediation, and validating fixes. Support forensic investigations and evidence handling when needed. Contribute to compliance activities including PCI DSS evidence gathering and audit readiness. Deliver security awareness training, phishing simulations, and staff engagement campaigns. Provide local insights to the Group Information Security team to strengthen overall resilience. About You We're looking for someone who combines technical knowledge with an investigative mindset and strong stakeholder communication skills. Essential skills & experience: Experience working in security operations, SOC, or incident response. Knowledge of SIEM tools, vulnerability management, and log analysis. Understanding of security frameworks such as ISO 27001, NIST, or PCI DSS. Strong communication skills to engage with IT teams, business stakeholders, and non-technical staff. Ability to work independently at Heron Foods while remaining aligned to Group Information Security. Desirable: Hands-on exposure to security tooling (e.g., EDR, SIEM, vulnerability scanners). Experience supporting audits and compliance activities. Scripting/automation skills (e.g., PowerShell, Python) to streamline tasks. Why Join Us? At B&M and Heron Foods, we are on a journey to strengthen our cyber resilience. This role offers: A unique opportunity to be the dedicated security lead for Heron Foods while benefiting from Group-level support and expertise. A competitive salary of £35,000 - £45,000 (depending on experience). Hybrid working arrangements. Excellent staff discount across B&M and Heron Foods stores. Opportunities for training, development, and progression within a growing security function. How to Apply If you're passionate about cyber security and want to make a real impact by protecting business-critical systems and data, apply today and help us keep Heron Foods secure.