IT Security Engineer
Hybrid
Leeds, United Kingdom
Full Time
27-03-2025
Job Specifications
Role: IT Security Engineer
Location: Leeds
Salary: DOE plus extensive benefits
Contract type: Permanent
Employment type: Full time
Working hours: 40 hours per week, Monday to Friday 09:00 – 17:30
The IT Security Engineer will administer and optimise security tools, to provide technical security guidance and to implement security change across a range of components to achieve and maintain security across business platforms and applications.
Scope of responsibilities include Microsoft 365, Exchange, networking components (firewall etc), Windows Server, core Microsoft back-office technologies, and 3rd party software and applications.
You will be passionate about providing an excellent level of service with a focus on improving the security posture of global infrastructure in line according to the IT security strategy and business requirements. You will also be comfortable suggesting improvements and be prepared to adapt and change as necessary. In addition, you will be a problem solver, who wants to find the “secure way” to solve a business problem.
What’s in it for you?
Occupational sick pay
Enhanced maternity and paternity pay
Contributory pension
Discounted insurance (Aviva)
Employee discount site
Discounted gyms (via our blue light card and benefits schemes)
Employee assistance programme
In-house mental health support
Free onsite parking
Health and wellbeing initiatives
Social events throughout the year
Cycle to work scheme
Green car scheme*(subject to minimum earnings)
Registration fees paid (GPhC, NMC, CIPD etc)
Long service bonus
Refer a friend bonus
Blue light card
Hybrid working
Commitment to CPD/training
25 days annual leave increasing with service
Annual leave buy and sell scheme
Discounts & Exclusive offers at The Springs, Leeds
25% Discount & health & beauty purchases
25% Discount on Pharmacy2U Private Online Doctor Services
What you’ll be doing?
Daily system checks and monitoring of information security alerts (AV, Firewall, M365 etc).
Reporting on the performance of technical security controls
Assessing the security risks of changes
Assessing the risk to the business of making security changes
Communicating weaknesses and vulnerabilities
Liaising with technical counterparts across the business, in partners and other 3rd Parties.
Participating in Incident Response and Investigation
Policy development
Test, evaluate, build, and implement security change in line with business requirements
Vulnerability management of hardware and software components
Keep up to date with advancements in information security and technology
Monitor threat intelligence and investigate the organisations exposure to threats
Maintain application and infrastructure security including antivirus software, endpoint protection and other technical controls
Who are we looking for?
Experience working within the retail services sector preferably in an information security-related role
Experience supporting Microsoft Windows On-Premise and Cloud (Azure) environments, ideally in a security capacity
Strong understanding of Information Security concepts, principles and best practices
Experience of Vulnerability Management
Strong knowledge of securing Active Directory (DHCP, DNS)
Skilled in technical risk management
Experience with Cloud Technologies (PaaS, IaaS, SaaS)
Experience in administering and securing virtual environments
Knowledge of Windows Endpoint technologies, Intune, BitLocker, Defender
Able to develop good working relationships
What happens next?
Please click apply and if we think you are a good match, we will be in touch to arrange an interview.
Applicants must prove they have the right to live in the UK.
All successful applicants will be required to undergo a DBS check.
Unsolicited agency applications will be treated as a gift.
#INDTECH
About the Company
The UK's largest digital pharmacy. Proudly partnered with the NHS and helping over 1.5 million patients take control of their healthcare. Know more
Related Jobs
- Company Name
- Intec Select
- Job Title
- Cyber Security Manager
- Job Description
- Cyber Security Delivery Manager – Financial Services – Up to £120k + 20% bonus – City of London - Hybrid Overview: We are exclusively partnered with a leading Financial Services organisation seeking a highly experienced Senior Cyber Security Delivery Manager to lead the technical execution of high-impact cyber security initiatives. This role is critical to the success of the Cybersecurity Program, ensuring the seamless delivery of complex security projects while providing strategic oversight across governance, financial management, and executive reporting. You will serve as a key advisor to senior leadership, driving cybersecurity transformation and embedding robust security practices across the organisation. Role & Responsibilities: Act as a senior liaison between cybersecurity teams, business units, and executive stakeholders. Communicate complex cyber security frameworks, industry regulations, and best practices in a business-aligned manner, ensuring strategic integration into enterprise-wide security initiatives. Oversee the full lifecycle of cyber security projects, ensuring alignment with enterprise risk management objectives. Drive project execution from inception to completion, ensuring on-time, within-budget, and high-quality outcomes. Identify, assess, and mitigate project risks, ensuring all cybersecurity initiatives adhere to regulatory compliance, security frameworks, and internal governance requirements. Implement formal risk tracking, escalation, and remediation strategies. Provide comprehensive project and program reports, including financial performance insights, risk assessments, and strategic recommendations for senior leadership and governance committees. Drive organisational change by embedding security best practices into business processes and IT operations. Lead continuous improvement initiatives to enhance security posture and project delivery efficiency. Partner with technical and non-technical teams, including IT, risk management, compliance, and third-party vendors, to ensure cybersecurity solutions are scalable, resilient, and aligned with business objectives. Essential Skills & Experience: Extensive experience in leading and delivering large-scale, complex cybersecurity projects within financial services or similarly regulated industries. Proven expertise in managing cybersecurity technology deployments, such as DLP implementation, cyber infrastructure enhancements, cloud security solutions, and threat intelligence platforms. In-depth knowledge of IT security domains, including Identity and Access Management, Threat Intelligence, Security Assessments, Incident Response, and Third-Party Risk Management. Strong ability to assess and address cybersecurity risks, compliance requirements, and industry frameworks (e.g., NIST, ISO-27001, PCI-DSS, EBA-ICT, FFIEC). Demonstrated leadership experience in cybersecurity program management, including governance, financial oversight, and reporting to steering committees. Strong understanding of security assurance practices, security architecture principles, and risk-based decision-making frameworks. Expertise in structured project and program management methodologies (Agile, Waterfall, PRINCE2, or PMP) and familiarity with SDLC and PDLC controls. Advanced stakeholder management skills, with experience influencing C-suite executives, board members, and external regulators. Package: Up to £120,000 basic salary Up to 20% discretionary bonus 10% pension contribution Other Excellent benefits Hybrid working – 3 days onsite (City of London)
- Company Name
- Locke and McCloud
- Job Title
- Information Security Analyst
- Job Description
- InfoSec Analyst - Swindon/Hybrid - £40,000-£50,000 We’re working with a rapidly expanding e-Commerce company that’s embedding strong information security practices into its operations to protect customer data and maintain trust. They’re hiring an Information Security Analyst to lead risk assessments, manage compliance with ISO 27001, and improve internal processes across the business. This hybrid role offers £40,000– £50,000, a comprehensive UK benefits package, and flexibility around remote working. Your responsibilities: Develop and maintain global security policies, procedures, and controls Manage ISO 27001 activities across multiple international locations Coordinate and support audits, certifications, and management reviews Monitor evolving risks and advise on compliance and control improvements Provide training and insight across teams to raise awareness You’ll need: Experience working with or towards ISO 27001 certification Strong understanding of risk management frameworks Excellent planning and documentation skills A collaborative mindset and ability to communicate clearly with all levels CISMP, Lead Implementer or similar certification beneficial Locke & McCloud is the leading specialist in cyber security and information security talent. With an exclusive focus on the cyber security and information security space, we’ve built deep, long-standing relationships with cutting-edge cyber security consultancies and forward-thinking end-users. We're currently building a platform designed specifically for the cyber security industry – giving professionals like you access to more targeted information security and cyber security opportunities than ever before. If you're exploring your next move in the cyber security or information security market, we’d love to hear from you.
- Company Name
- Bestman Solutions
- Job Title
- Cyber Security Consultant
- Job Description
- Cybersecurity Consultant - £55,000 - £65,000 base We are working with a leading consultancy specializing in Managed IT Services, Cloud Hosting, and expert IT Consultancy, dedicated to helping UK organizations future-proof their IT foundations. We are seeking a Cybersecurity Consultant to play a critical role in shaping the future of security for clients' businesses. This is a fantastic opportunity to apply your expertise in ISO27001, Cyber Essentials, and NIST to deliver tailored security solutions that drive real business impact. In this role, you will be a trusted advisor, working with a diverse range of clients or embedding within a key organization, giving you the chance to make a significant impact across multiple industries. Your ability to tackle complex security challenges and implement effective solutions will help businesses enhance their security postures and stay ahead of evolving threats. Responsibilities Provide cybersecurity consulting services, ensuring compliance with ISO27001, Cyber Essentials, and NIST frameworks. Advise and support clients in improving their security posture. Work either across multiple clients in a fast-paced, high-variety role or as an embedded consultant with a primary client, including regular onsite presence. Proactively identify security risks and recommend mitigation strategies. Adapt to different client environments and manage multiple priorities effectively. Requirements Proven experience in cybersecurity consulting. Certifications (Preferred): CISSP, CISM. Knowledge of frameworks: ISO27001, Cyber Essentials, NIST. Technical Background: Prior experience in technical or service desk roles before transitioning into cybersecurity consulting. Strong client management, ability to multitask, and adaptability to varied environments. This is a great opportunity for an experienced Cybersecurity Consultant to make a real impact. The consultant will deliver security solutions and advise clients on best practices. If you excel in a fast-paced, client-facing environment and have a track record of strengthening security postures, we’d love to hear from you.
- Company Name
- Clyde & Co
- Job Title
- Information Security Risk and Assurance Specialist – Assurance
- Job Description
- Description The Role The mission of the firm's Information Security and Risk team is to establish a risk-managed environment that enables the firm to adequately and reasonably protect the confidentiality, integrity and availability of information used by the business and on behalf of clients. The successful candidate will be part of the team that focuses on the management of risk and assurance for Information Security and IT, and will work with stakeholders across the global business to develop and maintain the risk management and control frameworks, identify and measure the levels of associated Information Security and IT risks, help to identify and oversee the implementation of appropriate remediation strategies where necessary including the implementation of appropriate controls, work alongside the technical teams and other areas of the business to help bring the levels of risk into appetite; periodically monitor the risk levels and the maturity of related controls, conduct reviews and control assurance exercises, develop and maintain the associated policies, processes, standards to ensure that the people, processes and technology within the enterprise are appropriately risk-managed, adding value to the business consistent with assigned information security scope and risk appetite. Key Responsibilities Ensure an in-depth knowledge and understanding of the Information Security and IT risk management requirements and practices. Responsible for the risk management framework for Information Security and IT, in accordance with Firm policy and in line with the enterprise risk management framework. Periodically review and maintain the relevant Information Security and IT Risk management policies as appropriate. Work closely and build relationships with stakeholders in Information Security, IT, the global Risk department and across the wider business, to encourage and develop the processes required for the determination of appropriate risk appetite, identification and assessment of risk, the implementation of appropriate mitigation strategies and ongoing management, in accordance with the risk management policy. Manage the Information Security and IT risk register, ensuring that all identified risks are clearly recorded together with assigned owners, measured inherent and residual risk levels, and details of compensating controls and/or mitigation strategies with their respective owners. Ensure that the recording and management of risk remains consistent and in accordance with the policy and underlying agreed standards/processes. Ensure that all risks are periodically reviewed and re-assessed to determine whether the inherent/residual levels are still appropriate. For risks still not in appetite, determine the most likely scenarios that could lead to crystallization of the risk, and whether current mitigation strategies and/or controls would be optimal/effective. Perform risk assessment activities as are appropriate for larger projects or for where there may be significant transformation or change within the business affecting Information Security or IT. Identify and assess on an ongoing basis, risks that could materially impact the ability for IT to deliver its commitments to the business, together with periodic reporting to the Senior Leadership Team, and the tracking of any mitigation actions required. Provide education where required to develop the skills within Information Security, IT and other business areas to identify, assess, measure and record risks. Stay abreast of developments in the risk management area and cyber and information security trends as they relate to the legal industry, information management, technological standards, emerging and current threats employing appropriate horizon scanning. Build and maintain relationship with the global Risk department to share best practice and to ensure that the risk management and control frameworks for Information Security and IT fully aligns with the enterprise risk management framework. Responsible for a risk reporting framework that informs effective risk-based decision making within IT and tracks progress of risk mitigation while recognizing the different audiences within Clyde & Co e.g. risk or service-owners, management within Information Security and IT, the Audit and Risk Committee and where appropriate to other levels of management in the firm. Maintain a reporting environment capable of historical reporting, trends, key triggers, performance and risk indicators, management information etc. Skills Essential Skills & Experience Proven experience of working in an Information Security and IT Risk Management role within a fast-paced environment. Experience within the legal industry is ideal, but not essential. Operational knowledge of risk management and international information security standards, practices, risk management and control frameworks g. ISO31000, IRAM2, NIST 800-53 and cybersecurity framework. ISO27001/2, COBIT, ISF SOGP, CPS-234 etc. Strong organisational skills and the ability to handle multiple conflicting priorities. Able to work to very tight deadlines under pressure and to assimilate information quickly. Strong interpersonal skills including confidence, positivity, diplomacy and the ability to gain credibility quickly. Excellent verbal and written communication skills, with the ability to explain risk concepts and technical terms in a way that non-technical people would understand. Demonstrates attention to detail with a high level of accuracy. Positive and tenacious with the ability to pro-actively drive initiatives forward and motivate resources within and outside their team to perform. within and outside their team to perform. Drives innovation and challenges the status quo to achieve a continuously improved risk management and risk reporting insights for Clyde & Co. Business Services Competencies Clyde & Co is committed to providing extensive, personal and professional development opportunities for our people enabling them to be highly effective in their current role as well as assisting them to fulfil their career aspirations. The competencies are used to inform all aspects of Business Services career development. They vary across levels and different business areas and fall under the following areas: Technical Excellence People and Team Client/Stakeholder Relationships Service Delivery and Commercial Awareness Personal Effectiveness This is the job description as constituted at present; however the Firm reserves the right to reasonably amend it in accordance with the changing needs of the business.