ISO Consultant
Hybrid
Corsham, United Kingdom
Full Time
17-01-2025
Job Specifications
Job Description
Our ISO consultants are trusted to work closely with a wide range of clients from all sectors on exciting projects with real-world purpose and impact. Our roles are only available if you hold or fulfil the criteria to obtain a UK Security Clearance.
Candidates must be based in the UK, and prepared to travel to client sites, therefore must also hold a valid UK Driving Licence.
Role Overview
The successful candidate will ensure our clients achieve and maintain certification to ISO Standards such as ISO 27001, ISO 27701, and ISO 22301. You will need to be highly organised, able to manage a high workload and multiple clients. You will need to have fantastic inter-personal skills to convey the in-depth knowledge of ISO Standards that you have. You will need to have a sound understanding of the Internal and External Audit processes and be able to guide clients through them. Ideal Candidates will have significant experience in Information Security and ISO 27001 and be willing to attain further qualifications and experience with other ISO Standards.
Key Responsibilities:
Develop and implement comprehensive management systems aligned with relevant standards – ISO 27001, ISO 27701, ISO 22301, ISO 9001.
Conduct audits of clients' management systems to assess compliance and identify areas for continual improvement.
Conduct independent and objective gap analysis assessments for clients, evaluating the design, implementation, and effectiveness of controls.
Identify vulnerabilities, control weaknesses, and non-compliance issues through interviews, document reviews, testing procedures, and other established audit methodologies.
Identify and assess the organisation's risks and work with clients to mitigate those risks utilising controls
Collaborate with stakeholders across various departments (IT, HR, Legal, etc.) to implement corrective actions effectively.
Create management system-related Documents/Checklists/Policies/SOPs, and drive related activities throughout all locations.
Adhere to strict ethical standards and organisational information security practices when handling client data.
Key Skills:
Significant experience in ISO 27001 as a minimum, but preferably also experience in ISOs 27701/22301/9001
ISO 9001 Experience is desirable
A strong understanding of information security and data privacy frameworks like NIST Cybersecurity Framework (CSF), GDPR, CIS or similar.
Experience planning, preparing, and delivering internal and external audits.
Should have detailed experience and knowledge of Cyber/Information Security Governance, Risk Management, and Compliance.
Knowledge of industry best practices and procedures, Information Security Management tools-methods-techniques-and their applications, ISMS specific documentation structures-hierarchy-and interrelationships, electronic and digital signatures, electronic evidence collection, etc.
Strong Knowledge of Audit planning, Audit risks, Information Security Process Analysis, information security controls, risk assessment methodologies, vulnerability management principles and Internal Auditing of Information Security Management Systems.
Required Qualifications:
ISO 27001 Lead Auditor/ Implementer
Desirable Qualifications:
ISO 22301/9001/27701 Lead Auditor/ Implementer
CISA
CISM
CISMP
CISSP
GDPR Practitioner
CRISC
We will provide a benefits package that includes:
Competitive Salary based on experience and qualifications
Bonus Scheme
27 Days Holiday - Plus bank holidays
Company Pension
Remote Working
Dedicated Training Budget
Life Assurance
Cycle to Work Scheme
Private Healthcare (incl. Gym discounts)
Vision Care
Health & Wellbeing Perks
*This role requires candidates to hold or fulfil the criteria to obtain a UK Security Clearance, reside in the UK and possess a valid UK Driving Licence.
How to apply: Please visit our careers page to apply. https://i3secure.connectats.com/careers
NB: Applications by Easy Apply, direct email and/or direct messaging will not be viewed by the hiring manager.
About the Company
i3Secure is a Cyber Security and Information Assurance consultancy working to protect the confidentiality, integrity and availability of information and data within the defence, public and private sectors. Utilising our proven and pragmatic approach, we help clients overcome resource challenges by providing experienced, skilled security consultants to tackle specialist work, leading our clients through technical and non-technical security challenges including accreditation processes and the secure development of systems. ... Know more
Related Jobs
- Company Name
- Betway Group
- Job Title
- IT Security Engineer
- Job Description
- Who we are We’re part of Super Group, the NYSE-listed digital gaming company behind some of the world’s leading Sports and iGaming brands. At Betway, we’re driven by our shared vision to become the global leader in the online sports betting and casino industry. Our people are forward-thinking team-players who thrive on a collective diversity of skills and backgrounds. Founded in 2006, our teams in Guernsey, London, Malta, Germany, Portugal and Spain and are constantly expanding and evolving. Who we’re looking for We’re on a thrilling journey of growth and innovation, and we need passionate, driven individuals to join us. At Betway, every day is action-packed, and we expect you to bring your A-game. In return, you’ll find a supportive environment where your skills can flourish and your career can soar. Ready to become a game-changer? Supercharge your career with us and be part of something extraordinary. Why we need you We’re on a mission to create extraordinary experiences for our customers, and we believe that your unique skills, passion and superdrive will help us achieve our vision. As an IT Security Engineer you’ll be responsible for maintaining, evaluating and testing the security of our systems. You will assist with the ongoing protection of digital assets, and the maintenance and expansion of the security architecture. This will be completed via the implementation of applicable and well managed security controls by employing a process driven approach to tasks. You will be able to practice due care throughout your daily tasks ranging from ensuring the success of our data loss program to providing expert security guidance to the entire IT operations team. Further, the IT Security Engineer should be capable of providing best practice and guidance to our wide-ranging user base. What you’ll be doing As part of your role, your responsibilities will include: Security Strategy and Governance: -Determining appropriate levels of security controls, systems monitoring, and conduct security audits -Assisting in managing the development and implementation of security policies, standards, guidelines, and procedures -Working with outside consultants for independent security reviews and compliance audits -Assisting the Information Security Team with awareness training on information security standards, policies, and best practices Security Operations and Incident Response: -Developing, implementing, and monitoring security measures for the protection of systems, networks, and information -Responding to various requests logged by the business and act as a point of escalation for security issues -Assisting other technology teams with prioritizing patches and security fixes. -Reviewing security logs and analytics to identify and respond to potential security incidents -Leading investigations into suspected attacks and data breaches Security Solutions and Tools: -Enhancing configuration of security solutions to optimise their effectiveness and automate repetitive tasks -Completing third-party and application assessments to identify potential security risks and vulnerabilities -Maintaining existing security systems, controls, and documentation to a high standard Reporting and Documentation: -Providing comprehensive reports, including assessment-based findings, outcomes, and propositions for further system security enhancement -Maintaining documentation to a high standard, ensuring accurate and up-to-date records Security Collaboration and Leadership: -Acting as a business enabler, collaborating with various teams to prioritize security advisory -Working with cross-functional teams and outside consultants to ensure effective security collaboration. This job description is not intended to be an exhaustive list of responsibilities. You may be required to complete other reasonable duties in order to achieve business objectives. Essential skills you’ll bring to the table The necessary skills that we require for this role include: Strong verbal and written communication skills, with the ability to convey complex ideas clearly and effectively Experience working collaboratively in cross-functional teams, with a focus on achieving shared goals Expertise in managing multiple projects simultaneously, with a track record of delivering on time and within scope Exceptional attention to detail, ensuring high standards of quality in all outputs Ability to adapt quickly to changing environments and priorities, maintaining effectiveness in dynamic situations Detailed technical knowledge of threats, vulnerabilities, attack methods, and infection vectors Experience in securing cloud environments, including knowledge of cloud security architecture and best practices Experience working with on-premises and cloud (hybrid) security systems, such as firewalls, intrusion detection/prevention systems, and SIEM tools Experience working with networking and security controls across all OSI layers Ability to effectively detect, investigate, and respond to security incidents in line with incident response frameworks and methodologies Understanding of security frameworks, standards, and regulations (e.g., ISO 27001, PCI DSS, NIST, GDPR) Understanding of secure coding practices and web application vulnerabilities Understanding of security policy development and implementation Proactive approach, ability to analyse complex security issues and develop effective solutions Desirable skills you’ve got up your sleeve It would be great if you also have some the following skills: In-depth knowledge of sports betting markets, including odds calculation, betting types and market trends Previous experience in the online gaming or casino industry, with a strong understanding of player behaviour and industry regulations Familiarity with gambling regulations and compliance requirements in various jurisdictions, ensuring adherence to legal standards Experience in developing and executing customer retention strategies Microsoft: Azure Security Engineer Associate (AZ-500) or equivalent accreditation Experience working with geographically dispersed systems Comprehensive experience of working in a gaming and gambling environment Experience working within a regulated environment Our values are non-negotiables Our culture is underpinned by core values that are linked to key behavioural competencies. Along with the below behavioural competencies, these are essential for all employees in order for you to embed in and drive our culture forward. These competencies are: Adaptability Ownership and accountability Initiating action Resilience Team orientation Integrity Innovation What you’ll get back We offer a great variety of personal and professional benefits to help you thrive at Betway and Super Group. This includes: We’re dedicated to your supergrowth. Our comprehensive learning and development programmes give you a range of resources and opportunities to expand your skills and advance your career. Your hard work and achi...
- Company Name
- Crone Corkill
- Job Title
- Application Security Engineer
- Job Description
- Application Security Engineer Full Time | West London | Hybrid (2 in 3 WFH) £75,000 - £90,000 per annum Is this the Application Security Engineer role for you? Crone Corkill are assisting a West London based scale-up as they look to add an Application Security Engineer to the business. Working as part of a diverse business, you’ll be responsible for collaboration across the technical teams, whilst also being capable of working independently. Please note that this JD is a comprehensive list of what you can expect to be involved in, though they don’t expect you to have every single skill mentioned below. You’ll cover the architecture of their applications from network to API level, use CI/CD pipelines to implement the automation of security processes, respond to identified threats quickly, and assist with security tests as they look to implement mitigation measures. What will you do as an Application Security Engineer? Monitor the infrastructure using their available SIEM, EDR, Vulnerability, DLP and SAST/DAST tools Provide sound knowledge on the architecture of their applications from network to API level (emphasis on security) Perform security tests, implement mitigation measures, analyse code and ensure the SDLC remains secure Respond to threats, vulnerabilities and incidents quickly Implement the automation of security processes Assist in driving their security strategy by collaborating across teams, liaising with stakeholders and ensuring security is immersed in the company culture What skills do you need to be an Application Security Engineer? Splunk – Also happy with other SIEM tools CrowdStrike – Also happy with other EDR tools Qualys – Also happy with other Vulnerability tools SAST/DAST experience Performing Windows & Linux sys admin AWS ideally Scripting and automating tasks – Flexible with languages Infrastructure as Code (IaC) mindset – Happy with Terraform, CloudFormation etc Best practice for Cloud Security, logging & monitoring, incident response etc Knowledge of ISO27001 What’s in it for you? In return you’ll be joining an intriguing organisation in its relative infancy. Though they’ve been around for several years and operate as a scale-up, they haven’t grown too fast and operate with a good company culture. The foundations for the security team have already been laid, so this gives you a really good opportunity to help push them forward with lots of autonomy in the role for you.
- Company Name
- Stealth IT Consulting
- Job Title
- Technical Business Analyst
- Job Description
- Working with a large IT Consultancy who are on the search for a Technical Business Analyst on a permanent basis. Permanent role Paying up to £55,000 per annum Remote with occasional client visits Candidates must be eligible for SC Clearance As a Technical Business Analyst you will: •Translate business objectives and requirements into valuable technical features and user stories that will shape product development and technical delivery •Leverage your understanding of IT Delivery Frameworks and DevOps practices to facilitate continuous integration and continuous deployment (CI/CD) pipelines, ensuring smooth and efficient delivery Conduct system and data analysis to identify improvement areas and pain points which will inform decision making •Support with the management of product roadmap, prioritisation, and backlog refinement. Working collaboratively with product owners, developers, architects and QATs to plan and unblock impediments throughout the development process YOUR PROFILE You will bring below skills and experience: •Experience in the technical design and development of technology-based products •Experience working with technical architecture and owning technical writing Experience in data analysis, data modelling, and data visualisation tools (e.g. SQL, Excel, Tableau, PowerBI etc.). Willing to learn database schemas, perform data manipulation tasks such as data cleaning, transformation and aggregation •Ability to facilitate end-to-end delivery, from research, solution options and design through to development, testing and release. •Ability of building, refining and prioritising an agile backlog for technical implementation of requirements •Ability to learn different delivery methodologies such as Scrum, SAFE and Waterfall •Interest in playing an active role in the growth and development of our internal BA community, to support peer learning and business development •Ability to operate at pace, with ambiguity and be comfortable dealing with fast-moving and changing priorities Ideally, you would also have: •Experience across different sectors, including in Public Sector, Utilities, Financial Services, Consumer Products and Retail •Experience supporting internal operations of the team through activities such as recruitment, client development, line management, delivering trainings and mentoring Certifications across Business Analysis, Agile Delivery, User Centred Design etc.
- Company Name
- Allen Lane Ltd.
- Job Title
- Senior Information Assurance Specialist
- Job Description
- Senior Information Assurance Specialist Salary: £63,000-£78,000 (London) | £57,000-£71,000 (National) Location: London, Edinburgh, Leeds - hybrid working available (40% office, 60% WFH). Allen Lane is supporting a public sector organisation who is seeking to appoint to two Information Assurance Specialist roles. They are seeking a specialist for Cyber Assurance and Cloud Assurance. Applicants must have demonstrable experience in the following essential criteria: Designing and implementing security architectures in major cloud platforms (Azure and/or AWS). Hands-on experience with enterprise CSPM tools (Prisma Cloud, CloudGuard, Wiz). Experience with industry frameworks for risk evaluation. Excellent stakeholder management experience. Experience using Cloud Posture Management tools. Experience developing and implementing security policies. Good understanding of cybersecurity frameworks and regulations (e.g NIST Cybersecurity Framework, ISO27001, PCI-DSS, CIS etc). Proficient in performing cyber security risk assessment and vulnerability assessments. Strong influential and communication skills to collaborate with internal and external stakeholders and build effective working relationships. The successful candidate will hold or will be required to obtain Security Clearance (SC) level vetting. Applicants are required to provide a tailored CV to be considered. A comprehensive job description and personal specification is available. Employee benefits include: 25 days annual leave (plus bank holidays), private healthcare, life assurance (8x basic salary), income protection.