cover image
The Curve Group

Cybersecurity Risk Analyst

On site

London, United Kingdom

Freelance

19-02-2025

Share this job:

Score my CV

Job Specifications

Cyber Vulnerability Management Analyst
Fixed Term Contract (Maternity Cover) 18 months

Our Client is a globally recognised, successful bank who provide world-class services to various institutions and individuals. Offering a comprehensive range of retail and corporate financial services/products, this thriving business boasts over 10 million active customers in over 700 business locations. Due to business requirements, we are now looking to acquire the services of an experienced Senior Compliance Officer, Monitoring & Assurance.

Please note that this is a hybrid role with 3 days in the office and 2 days working from home.

Key Responsibilities:

In this fixed term contract role, you will be part of the team supporting the IT & Cyber Security Manager to plan and deliver our business strategy in line with our long-term goals.

The role of Cyber Vulnerability Management Analyst is to deal with all remediation work in relation to identified vulnerabilities inclusive of patch testing and implementation within SLA. The job holder will work very closely with all third-party vendors involved in the remediation process. The job holder will also prepare the necessary MI/Dashboard reports for the relevant stakeholders and alleviate the workload of the IT Service desk function when required.
The primary responsibilities of the role is to perform daily assessment of vulnerabilities identified by internal and external scans. Evaluate, risk assess and rate the results of the scan, prioritise all vulnerabilities discovered and remediate/patch within the established remediation timeline(s)/SLA. The role also requires the job holder to work closely with the SMEs/vendors of the relevant systems. Understanding of cloud technologies such as Azure/Amazon Web Services and Oracle Cloud Infra is essential.

Key Skills/Experience:

Essential: Bachelor’s degree, preferably in Computer Science, Cyber Security or Cyber Security Professional Qualifications/Certifications
Desirable: General understanding of IT Security principles, standards and regulations (e.g. ISO 27001, NIST, CIS, PCI DSS and GDPR)
CISM/CISSP
Patch Management Applications, EDR/XDR systems. Antivirus, NAC - Forescout
Vulnerability Scanning Tool e. Tenable One, Qualisys
Knowledge of vulnerability scoring systems (CVSS/CMSS)
Incident/Response & Forensic Management Skills
IT Technical Admin Support - Azure, Oracle Cloud Infrastructure (OCI Cloud)
Microsoft Windows Support & administration, CE+, ISO27001
Email and Information Security Filtering/Monitoring Solutions, Egress
Hands on experience on Linux and Mac Administration Support
Good understanding of Windows and Linux patching

About the Company

www.thecurvegroup.co.uk At The Curve Group we create extraordinary solutions that transform working lives by supporting organisations to design, develop and elevate Recruitment and HR functions. Through expert analysis, benchmarking, consultancy and delivery services, we provide solutions across the entire employee lifecycle to enable better attraction and retention of talent. If you’d like to talk to us today about your plans and ambitions or to get fresh ideas and solutions to your current challenges, get in touch ... Know more

Related Jobs

Company background Company brand
Company Name
Caspian One
Job Title
Product Security Engineer
Job Description
Product Security Engineer Contract Details Client: Global investment manager Rate: Up to £1200/day Duration: 6 months rolling Location: London Job Description Responsibilities: Support the implementation of security controls and processes for product security, focusing on a broad range of systems, including core trading infrastructure, cloud services, and business applications across both Windows and Linux environments. Collaborate with engineering and product teams to integrate security into product design and development, applying your experience in securing large-scale software systems in a fast-moving environment. Contribute to the development and maintenance of a secure software development lifecycle (SDLC) with a focus on secure coding practices in languages like Python, C++, Rust, Go and Kotlin/Java. Conduct threat modeling, vulnerability assessments and security code reviews across different platforms, ensuring security is embedded at every stage of the development lifecycle. Provide mentorship, guidance, and training on security best practices and secure development processes to engineering teams working in mixed cloud and operating systems environments. Perform vendor security reviews to assess third-party security practices and ensure compliance with our standards. Integration of security scanning tools (SAST, DAST, etc.) into CI/CD pipelines and runtime environments to ensure continuous security monitoring and threat detection across Alibaba Cloud, AWS, Azure, and on-prem systems. Proactively identify security risks and develop strategies for risk mitigation in a fast-paced high-stakes environment. Crypto/DeFI and Smart Contracts experience will be a good advantage. Requirements: At least 7 years of experience in product security or similar roles with significant practical experience in securing software development at scale. Proven record of accomplishment in secure coding practices and development experience in development languages such as Python, C++, Rust, Go and Kotlin/Java. Strong technical background in software development, system architecture and security tools. Strong understanding of security principles, techniques and technologies related to software and product security, cloud platforms and business applications. Knowledge of low-latency financial systems would be an advantage. Experience working with and securing both Windows and Linux-based systems. Extensive experience with one or more cloud platforms such as AWS, Microsoft Azure and Alibaba Cloud used in a hybrid environment. In-depth knowledge of threat modeling, risk assessment and development of mitigation strategies for large-scale, complex systems in a fast-paced environment. Experience integrating security scanning tools into CI/CD pipelines and runtime environments. Experience conducting vendor security reviews and managing third-party security assessments. Excellent leadership, problem-solving, communication and adaptability skills, suited for a senior-level position in a fast-paced environment.
London, United Kingdom
Hybrid
Freelance
17-03-2025
Company background Company brand
Company Name
undisclosed
Job Title
Security Auditor
Job Description
Role Title: Security Auditor Duration: contract to run until 31/12/2025 Location: Wokingham, Hybrid 60% remote 40% onsite Rate: up to £717 p/d Umbrella inside IR35 Clearance required: Active Security Clearance is necessary Key Skills/ requirements Security Integration: Drive the delivery of defined security requirements into the project, becoming an essential part of the project team. Regulatory Compliance: Lead on all security areas and regulatory commitments, including identifying non-compliances and managing them to remediation. Security Testing: Support security testing of the service, including Non-Functional Requirements (NFR) and Penetration Testing. Transition to BAU: Assist in the transition of security services into BAU operations, ensuring seamless integration and ongoing compliance. Areas of Focus: Security Policy and Controls Vendor Best Practices ISA/IEC 62443 Standards NCSC Cyber Assessment Framework (CAF) and Guidelines Desirable Knowledge and Skills: Industry Expertise: Familiarity with the UK energy sector and its unique security challenges. Agile Methodologies: Experience with agile delivery methodologies and their application in security projects. Containerised Services: Understanding of best practices related to securing containerised services. Qualifications: Proven experience in a similar role within the cyber security field. Strong knowledge of security policies, controls, and regulatory standards. Excellent problem-solving skills and the ability to manage multiple tasks simultaneously. Strong communication and interpersonal skills, with the ability to work effectively within a team. All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!
Wokingham, United Kingdom
Hybrid
Freelance
17-03-2025
Company background Company brand
Company Name
WorldFirst
Job Title
Lead Cyber Security Engineer
Job Description
Description Position at Ant Group About Us Ant International powers the future of global commerce with digital innovation for everyone and every business to thrive. In close collaboration with partners, we support merchants of all sizes worldwide to realize their growth aspirations through a comprehensive range of tech-driven digital payment and financial services solutions. Ant International strives to become the most trusted digital services connector to achieve sustainable growth of global commerce. With a focus on Travel, Trade, Technology, and Talent, Ant International is committed to enhancing the digital mindset and capacities of businesses worldwide. Through fostering collaborative efforts with partners, we are driving responsible innovation and increase market accessibility for global SMEs. We do so across our 4 key businesses: Alipay+, Antom, WorldFirst and ANEXT Bank. Role Overview As a GRC Lead, you will ensure alignment with European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience. What You Will Be Doing Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act), ensuring alignment in areas such as incident reporting and data protection. Translate requirements from PSD2 SCA, PCI DSS, and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements, including due diligence, contract oversight, and continuity planning. Audit & Assurance Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation. Risk Management Maintain the enterprise risk register, prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security Advise on vulnerability management, endpoint security (EDR/XDR), and cloud compliance. Good understanding on IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management (PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What We Are Looking For Experience: 5+ years in GRC roles; financial services or banking experience is a strong plus. Regulatory Knowledge: Understanding of GDPR, DORA, PCI DSS, and outsourcing/third-party risk requirements. Technical Skills: Hands-on experience with ISO 27001 implementation and third-party risk tools. Proficiency in IAM (Identity and Access Management) solutions and conducting user access reviews. Familiarity with cloud Technology and IT infrastructure. Framework Expertise: Strong knowledge of NIST frameworks (CSF, 800-53) and CIS Controls. Certifications: CRISC, CISSP, CISM, or CISA preferred (equivalent experience considered).
London, United Kingdom
On site
Freelance
17-03-2025
Company background Company brand
Company Name
ARC IT Recruitment
Job Title
Information Technology Security Engineer
Job Description
IT Security Operations Engineer London/Hybrid Up to £650 a day, inside IR35 6-9 months contract CISSP, AZURE, TVM, PAM, IAM, DLP IT Security Operations Engineer is required on a contract basis by thriving financial services organisation based in the City of London. You will be responsible for both maintaining and improving security controls, frameworks and processes, and supporting the delivery of new technology that improves our security posture and protects our business. You will be required to support the team in ensuring resilient, dependable security services are delivered across the entire estate and in all regions. You will be working with leaders in IT, Security, Information Security Risk, alongside key suppliers to ensure that the services we provide meet the current and future needs of the business. Responsibilities: Working within the existing IT Security operations/engineering functions. Manage relationships and the performance of outsourced security providers. Ensure BAU security operations services are managed with efficiently in line with any SLA’s. Delivery of IT Security services including (but not limited to) - Security Operations, Threat and Vulnerability Management, Privileged Access Management, Identify and Access Management, Data Loss Prevention, Network Security and Penetration Testing. Act as lead SME on IT and Cyber Security Improvement Projects. Play an active role in IT projects and operational processes (e.g., change management, exception management) to assess from an IT security standpoint IT projects, changes and exceptions. Manage IT Security Incidents including forensic investigations. Provide direction and guidance acting as an SME on IT security matters, closely supporting our infrastructure and architecture colleagues. Oversee and operate security controls (process & tools) to safeguard the security (integrity, confidentiality and availability) of all IT Systems in line with the expectations of a top tier global financial institution. Aligned to frameworks such as ISO27001/NIST. Demonstrate that security controls are effective and therefore are compliant with policy defined by InfoSec second line. Support and assist in the coordination and delivery IT Governance, Due Diligence and Audit activities. Deliver technical security reviews to ensure technologies follow information security standards, regulatory requirements and best practices. Support architectural review processes, risk management and the quantification of technology risks. Experience: Significant experience in similar security operations roles. Industry recognised technical certifications such as CISSP, TOGAF CCSP, GCIH or other equivalent certifications. Deployed, configured and managed infrastructure and the security of Microsoft cloud environments. Experienced in a broad range infrastructure and security solutions to protect the business. Including SIEM/SOAR. Proven experience of designing top to bottom systems/solutions with focus on all aspects of Security (Network, Infrastructure, Access, Cloud Services, Controls, and SecOps). Knowledge and experience of cloud specific security challenges, designs and solutions. Demonstrated involvement in major IT/cloud transformation initiatives, with the ability to navigate the complexities and ensure security considerations are integrated throughout. Knowledge and experience of security standards, procedures, reviews and automation. For a full consultation on this exciting new contract opportunity, please get in touch with ARC IT today!
London, United Kingdom
Hybrid
Freelance
17-03-2025