Home
Jobs
Freshfields
Information Security Auditor

Information Security Auditor

On site

Manchester, United Kingdom

Full Time

04-03-2025

Share this job:

Score my CV Apply

Job Specifications

Join Freshfields' Information Security Group (ISG) as an Information Security Auditor and play a key role in strengthening our information and cyber security operations during a period of significant technological change.

Key Responsibilities:
Perform security assessments for 150+ new and current suppliers annually.
Audit ISO controls across the firm’s core operations
Regularly update policies, processes, and risk mitigation measures
Ensure compliance with security standards like ISO27001 and NIST
Assess and address third-party security risks, providing recommendations for improvements

Who We're Looking For:
IT/Information Security Auditing experience, ideally in third-party risk management
Strong knowledge of ISO 27001, with relevant auditing qualifications (Lead/Internal Auditor, etc.)
Proven ability to collaborate across teams, influencing stakeholders and translating complex technical requirements
Motivated, proactive, and eager to learn and grow in the security space

Desirable Skills:
Certifications like CISM, CISSP, CISA.
Knowledge of Cloud services (SaaS, PaaS, IaaS).
Familiarity with global cyber security and privacy laws.

If you’re detail-oriented, organized, and excited to be a part of a forward-thinking team, apply now to make an impact!

Inclusion

Freshfields is an equal opportunities employer and all applications received by the firm will be considered by the firm on the basis of their merit alone and we welcome applications from all suitably qualified individuals regardless of background. All offers of employment will be conditional on the candidate having/securing the right to work in the UK and providing the firm with evidence of that right (as required by the Immigration, Asylum and Nationality Act 2006) prior to employment commencing.

Freshfields is a Ban the Box employer. We ask applicants to disclose criminal convictions only when a conditional job offer is made. A conviction does not automatically lead to withdrawal of the offer: we make decisions on a case by case basis and take a number of factors into account (eg the role you are applying for and the circumstances of the offence). You would have the opportunity to discuss the matter with us before we make a decision.

About the Company

Freshfields is a global firm with over 280 years’ experience of anticipating change, setting new standards and shaping the future of law. In a complex world where new opportunities evolve quickly, we are a trusted, forward-thinking partner who can give clients the edge and help propel their ambitions. At Freshfields we are steadfast champions of our clients—that’s why leading global companies turn to us when it matters most. We are proud to be recognised as a top-tier leader in the practice areas most important to clients ... Know more

Related Jobs

Company Name: Figment
Job Title: Senior DevOps Engineer, New Networks
Job Description: You could work anywhere. Why Figment? Figment powers the future of Web3 through industry-leading blockchain infrastructure. As the leading provider of staking solutions, we help 500+ institutional clients optimize their crypto rewards, including top exchanges, asset managers, wallets, foundations, custodians, and major token holders. Our clients trust Figment for a comprehensive suite of services, including reward optimization, cutting-edge API development, detailed rewards reporting, seamless partner integrations, governance support, and slashing protection. Backed by a team of passionate and intelligent Figmates, with a 100% remote-first global presence across 12 countries, our company is on a mission to accelerate the adoption, growth, and long-term success of the Web3 ecosystem. We’re building the infrastructure that will power the decentralized future. As a fast-growing tech company, we’re looking for builders and innovators — people who thrive in the face of uncertainty and are motivated to make an impact. We are also looking for true teammates - people who are genuine, humble, and driven to level up together. If you're excited to shape the future, contribute to an energetic company culture, and work at the cutting edge of blockchain technology, we want you to join our team and help us lead the charge! About The Opportunity We run 70+ blockchains here at Figment. Come help us onboard more! This is a full-time remote position, with team members in North America and Europe. We are seeking a Senior DevOps Engineer to help us scale out our operations by planning and implementing projects to manage fleets of blockchain servers. This role presents unique opportunities to be involved in building out tooling where none exists in the industry. You will build production systems that need to handle newer (sometimes alpha quality) blockchain software. You’ll need to consider all aspects of security, monitoring, maintainability, and stability. How You Will Make An Impact Lead the planning, testing, implementation, and management of projects to deliver scalable, maintainable, secure, and stable deployments across a variety of use cases Identify & implement solutions for common areas where automation can significantly increase our ability to manage all our infrastructure Identify areas of systemic risk & evaluate, propose, and implement solutions Manage and monitor cloud and physical servers across multiple global hosting services and data centres Automate blockchain software build, install, and management processes Perform Linux server administration, hardening, intrusion detection, and vulnerability scanning Debug complex distributed blockchains to help run them smoothly Identify tasks and processes that get stuck or move slowly and support the team in pushing them through Explain broad initiatives and vision to Engineering Leadership and Product Demonstrate technical expertise in multiple domains and act as a mentor to others on the team Who you are In-depth experience using Ansible (and similar tools) in environments with over 500 servers: Designing complex static and dynamic inventories, variable structures, and playbooks Writing custom Ansible roles from scratch, with advanced features such as Jinja2 templating, complex logic flows, dynamic roles/tasks, and handlers Ensuring idempotency & reusability, and following applicable best practices In-depth experience supporting Linux servers in large, highly secure, and highly available 24/7 environments Demonstrated experience working with blockchain nodes or very strong knowledge of the blockchain domain Deep troubleshooting expertise of complex application flows which span multiple clusters of systems - to quickly identify server, network, and application issues; and methodical approach to implementing, testing, and measuring changes to remediate issues Knowledge of common OS and application level settings to optimize system performance Experience with common system administration scripting languages such as Bash and Python In-depth experience creating well organized modules with Terraform to ensure reusable cloud provisioning automation Deep understanding of networking and security best practices Even better if you have Ansible role testing with Molecule (or similar tools) and Ansible module development experience Knowledge of, or experience with, Proof-of-Work and Proof-of-Stake decentralized consensus mechanisms used in blockchains Experience running applications on Kubernetes Experience creating CI/CD pipelines from scratch to automate infrastructure provisioning and deploy applications (GitHub Actions or similar tools) Experience with Hashicorp Vault or other secure storage tools Why You Might Be Excited About Us At Figment, we offer an exciting range of competitive benefits designed to support and empower every member of our team. These will be discussed with you during the interview process. We are a team of under 200 members, which allows for an impactful contribution from day one. We place a strong focus on personal career development to shape a role that fits your goals and interests. Your satisfaction and well-being matter to us, and we’re here to support your ongoing growth. Our culture is one of honesty, professionalism and risk taking in a high-growth environment. Our team members themselves recommend working at Figment - with an eNPS score of 54 (which is ranked as ‘great’!). We are also extremely proud of ranking as one of the top Web3 employers by Talent Titans. Compensation One of Figment’s core principles is “Making the Invisible Visible” - ensuring transparency and information sharing in all communication. Figment is committed to transparency regarding pay, benefits, and other compensation types for all internal roles as well as all roles being hired for. Compensation for this role will be disclosed during the interview process. Interview process At Figment, we try to go above and beyond in making sure that you have the best possible experience interviewing with us. We strive for a smooth, organized, and informative process. During your first Recruiter Call, you will be provided with more information about Figment, the position and what to expect for the rest of the interview process. Please be prepared to discuss why you are interested in joining Figment and what excites you about the position and company. As we go through the process, we work to make sure that you hear back from us in a timely fashion. If we decide at any point that we’re unfortunately not moving forward, we will give you feedback on why it was not a fit. We aim for the entire process to take around 2-3 weeks from initial screen to offer. There can be exceptions on either side of the bell curve here, but as a rule, that’s the time-frame you can expect. See here for Figment's Privacy Policy and California Employee Privacy Policy. At Figment, we have a thorough hiring process to verify the identity of all job candidates. This...

Company Name: Microsoft Power Platform Community
Job Title: Security Go-to-Market (GTM) Manager, UK
Job Description: Overview Security is Microsoft’s number one priority and in the era of AI, organisations need to enhance their security posture to prevent, detect and remediate AI-powered attacks and also govern their data to enable AI-powered business transformation responsibly. The Security Business Group team plays a fundamental role in Microsoft UK , setting the local Go-To-Market strategy for our Security products portfolio, advocating for our solutions, enabling our sellers and partners and orchestrating the execution of th e plan s . This particular role is focused on orchestrating our Enterprise execution, working close with the product-aligned GTM Managers to identify opportunities, design programmes , enable sellers and gather insights . We are looking for an experienced individual contributor in Sales Enablement or Go-To-Market. Someone with a passion for helping protect organisations against Cyber threat s and able t o translate cloud services strategy and objectives into clear, discrete, and executable plans for the UK . In this role you will analyse reports to understand our business health and identify focus areas. You will col laborate with other members of the team who look after specific products to develop a robust Sales Enablement plan and execution rhythm with stakeholders across Sales and Customer Success to achieve goals. You will also support the Security Business Group Leader consolidate insights and provide regular updates to local, regional and global leaders Our team mission is to s afeguard the UK's people, data, and infrastructure with the most trusted AI-powered end-to-end security, through simplification, collaboration and insights-led best practices. Microsoft is on a mission to empower every person and every organization on the planet to achieve more , s ecurely! Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. You can help us to achieve our mission. Responsibilities You will develop and execute business strategy across the business, and accept accountability for revenue and KPIs. You’ll also identify strategic priorities for stakeholders, consolidate insights, and help development programs drive sales and marketing. You will lead definition and orchestration of strategic go-to-market plans across the business, ensuring they support a One Microsoft approach. You’ll also build and land growth plans, lead a complex stakeholder map, and prioritize impact over activity. You will ensure business unit leads and subsidiaries can equip channels and sellers with the knowledge and resources they need, and ensure field and corporate leadership are aligned. You’ll also drive leadership by pursuing long-range white-space growth opportunities, and develop strategies that maximize performance across the business. You will ensure customers have hardware availability, while driving a pipeline of feedback from sales to the supply chain. You’ll also proactively drive capacity forecasting, coach deals on alternative services, and drive pipeline and sales enablement. Qualifications E xperience in Go-to-market execution or business planning, project management, sales operations, ro les collaborating across sales, marketing and partners teams. Domain experience in the Security or a related field which may be transferable for you to excel in this role. Proficiency working with data, analysing reports to extract insights that would support business decisions Outstanding communication skills , able to adapt styles for different stakeholder audiences (leadership, sales, marketing) simplify ing the complex and providing clarity Ability to lead without authority , influencing people in different parts of the organisation Curious and Entrepreneurial mindset , to naturally question, explore, agitate, and push the business forward. Tak ing risks, learn ing from failures, operat ing within ambiguity and at pace , defining new ways to overcome business challenges You must be legally authorised to work in “United Kingdom” to be eligible for this role. (Legally authorised = Has citizenship or has been granted a valid visa or work permit). Relocation expenses are not provided as part of this role. Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form . Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

London, United Kingdom

On site

Full Time

04-03-2025

Company Name: s1jobs
Job Title: Cyber Security Consultant - Risk
Job Description: This is an exciting opportunity to join our world class Consultancy arm, as a Cyber Security Risk Consultant, supporting the next phase of Cyberfort's growth. You'll be joining a culture of knowledge sharing and continuous learning with expert peers in Secure Architecture and Risk planning. We work across a number of sectors with a diverse client base. We aim to create an environment where everyone can reach their full potential. We work together, we are passionate, creative, and we embrace difference. In this role you'll work within our Consulting team, supporting new and existing clients across various sectors to define and implement security risk assessment and best practice solutions that match their requirements. You'll work in close partnership with clients to ensure the delivery of expert services by complementing their inhouse Information and Cyber Security resources combining expertise in information security, solution architecture and business advice. As a Security Consultant, you will be responsible for the identification of risks relating to Security Architecture, maintaining an awareness of published vulnerabilities and best practices across various platforms, especially cloud infrastructures. Working across the business and multiple technology platforms, you will play a key role in ensuring our clients make the best use of their existing technology and make proportionate, risk-informed decisions, ensuring protection of client assets and transformation of their security architecture. This role forms part of the wider Consultancy team and will work cross functionally with the Delivery Manager and others to support and assure project delivery through all phases of the agile workflow. As a team we're always looking to raise the bar, learn new things and incorporate new technologies and you will too! You'll share your knowledge with the team and the wider Cyberfort community, contributing to Group blogs and undertaking research related to technology enhancements. Responsibilities General Responsibilities: Have an excellent understanding of risk management and assessment principles and frameworks, such as ISO27005 and the NIST Cyber Security Framework Have achieved or be working towards membership of CIISEC and UK Cyber Security Council professional registration at either Chartered or Principal. Work with multi-disciplinary teams, helping to ensure that products are delivered in a secure manner that is aligned with the wider business risk appetite. produce informative and succinct reporting that clearly articulates any identified vulnerabilities, associated risks, controls and risk treatment activity. Facilitate workshops with the various Authority departments, to align with wider HMG transformational Security and risk management outcomes. provide accurate and pragmatic remediation/risk management guidance/advice. Have an understanding of risk assessment in and agile delivery environment Be skilled in workshop facilitation particularly with respect to risk identification and assessment. Exceptional team working ethic and interpersonal skills Good level of knowledge of the cyber security industry Have a good understanding of modern IT technologies and services, such as Cloud Computing, Mobile Computing, IT Security, Infrastructure technologies, Zero Trust and demonstrate an understanding of security architecture As a team we're always looking to raise the bar, learn new things and incorporate new technologies and you will too! You'll share your knowledge with the team, our clients and the wider Cyberfort community, contributing to Group blogs and undertaking research related to technology enhancements. To Be Great At The Role Customer focused and a strong verbal and written communicator. Possess strong hands on experience in reviewing project delivery plans relating to security systems evaluation of network and security technologies developing requirements for network and cloud security designs as well as hardware & software. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Possess awareness and understanding of HMG and NCSC Security policies, standards and guidance. Passionate in cyber security. Able to deliver training to end users. Motivated, self-directed and able to work in large and virtual teams. The Cyberfort Group is a community of 160+ passionate people united by one overall mission... to make the world safer, one business at a time. We are the "one-stop shop" for all things cyber and are working to build a centre of excellence for our customers by building an amazing place to work, learn and develop for our people. We work with a diverse range of clients, including large Governmental departments as well as other public sector organisations and businesses within the private sector. We're growing our business and our team through our continuous investment in developing technology and cyber capability; we aim to deliver innovation to our customers as fast as possible. Whether it's AI-driven ML-based threat intelligence or rapid start hybrid Cloud; our goal is to implement solutions that make us stand out in the market. If that sounds like you, we'd like to see...... Your CV Find your place at the Cyberfort Group - Our vision is to bring together technology, people, expertise, facilities and leaders in Cybersecurity to create capability that is second to none. We aim to create a workplace that leverages the expertise of people from a diverse range of backgrounds that are to be themselves, are celebrated for thinking differently and work together as one team. We know that a one size fits all approach to our recruitment and selection practices will not allow us to reach some of the incredible people that are out there and it's common practice for us to make adjustments. When you apply to work for us please let us know if there's anything we can do to allow you to showcase your skills and talents to the best of your ability.

Glasgow, United Kingdom

On site

Full Time

04-03-2025

Company Name: GSMA
Job Title: Industry Security Programme Director
Job Description: Department: Technology Team: Security & Fraud Location: London Position type: Permanent What The Hiring Manager Says “Security is an essential component of the mobile industry whether within the development of specifications or in supporting programmes and events at the GSMA. This role will be pivotal in directing the strategy of key Industry security programmes. It will specifically focus on supporting the industry to provide value in the positioning of fraud and cybersecurity matters for the industry. The role holder will be responsible for aligning GSMA work regionally and seeking to influence senior security leaders and other eco-system partners to lift the profile of industry security.” Sam Kight, Head of Industry Security About The Team The GSMA Industry Security team is continually enhancing the support offered to its membership as the threats targeting the mobile ecosystem emerge. Our vision is to provide value for our membership in three main areas: Industry collaboration by convening membership to define industry specifications, facilitating intelligence sharing, promoting baseline controls, conducting external collaboration to ensure industry alignment. Providing expertise through subject matter experts by supporting solution and service offering development to internal and external stakeholders, as well as promoting industry Fraud and Security awareness. Defining the future by looking forward by assessing, analysing and reporting on the industry threat landscape. This is also done through engagement with standards bodies and reviewing new technologies to ensure adequate protection by design About The Role The Industry Security Programme Director is responsible for four main areas; Office of the CISO, T-ISAC, GSMA Security events and the development of new Global security initiatives. It requires alignment of security and fraud across the team, and requires engagement wider industry. The successful candidate will research security trends (threat landscape and emerging technologies), ensuring the strategy and priorities of the industry are reflected in internal/external platforms globally as well as programmes are being delivered and managed to a high quality. Specific Responsibilities Will Include Office of the CISO – Delivering Roundtables with senior stakeholders including agenda development, researching and identifying potential topics in existing/emerging technologies Support the T-ISAC to deliver a strategy that will successfully grow and develop the global programme Represent GSMA at industry leading events across a variety of regions. Working across several teams to support the development of presentations and ensuring alignment on GSMA content at these events Support the initiation of new programmes, identifying business and industry needs in the area of mobile fraud and security and translating these into the right area within GSMA’s Security team Keeping aligned the regional and local activities with the Fraud and Security Group, Regional Interest Groups and events to support a single voice for the ecosystem Advocacy of GSMA positions to external stakeholders Maintain GSMA process and procedural documents, to ensure transparency and compliance with GSMA policies About You Have previous experience cybersecurity function within a Mobile Network Operator or equipment supplier Have previous experience having managed a successful team Have previous experience in reporting to and influencing board /c-level management Have previous experience in setting strategies and delivering on agreed timescales Have knowledge of the mobile security threats faced and technologies used (legacy, current and future), and enjoy the respect of industry security professionals Have effective research, organisation and project management skills with key attention to detail and delivery of documentation Have a strong sense of business ethics and principles Be able to effectively work with others to make up for gaps in your experience or knowledge Display cultural understanding and sensitivity, recognising that GSMA is a global organisation with members from many countries and cultures Ideally speak a second language (Spanish or French desirable not essential) Be willing to do some global travel as required Contract type Regular Worker type Employee What We Offer Working at the GSMA offers you unparalleled access to the mobile industry. We offer a chance to truly shape the direction of mobile, whatever your role. By joining the GSMA, you will be exposed to a fast-paced rapidly evolving environment, working on global solutions, genuinely fascinating and industry-changing projects and a stimulating and dynamic environment designed to enable you to flourish. In addition to architect-designed offices and competitive compensation, our benefits include fantastic learning & development opportunities, generous holiday allowances, four additional days off for professional development and many others. To learn more about the GSMA, visit our career site, our LinkedIn page and our Twitter page. Being You at the GSMA We care deeply about diversity, equity and inclusivity and aspire to be the best at it. Your well-being and work/life balance is important, so flexi-time and remote working is available to all staff. We're keen to ensure everyone is equal, represented and connected so we particularly encourage applications from all demographics. The sucess of the GSMA year on year will continue to be contributed by people from all walks of life. GSMA Values Our values not only drive our culture – they shape how we work and interact inside and outside our global organisation. Passionately driven We approach everything we do with unparalleled capability, tenacity and commitment, knowing that the challenging scale, pace and complexity of our work is what leads to its world-changing impact. Insightful leaders We continually develop and engage our expertise, insight and creativity so that we’re always ready to respond to the changing landscape with authority, agility and nuance. Stronger together We lean on each other so the industry can lean on us, embracing our diversity by actively seeking out perspectives and skill sets beyond our own, fuelling each other’s successes and constantly asking how we can help. Underpinning our values is our collective mindset to show up purposefully as good human beings every day, in every situation. When we’re at our best – we are collaborative, considerate and compassionate to others, and we create a safe space for one another to thrive, assuming positive intent in our colleagues. And if we aren’t at our best and the pressure is on – we feel free to be ourselves but still remain curious, lean into the tough stuff and we are always respectful to others and accountable for the part we play.

London, United Kingdom

On site

Full Time

27-02-2025