Information Security Lead
Hybrid
London, United Kingdom
Freelance
03-04-2025
Job Specifications
Information Security Lead
Contract Duration: 6 Months
Location: London
Aspen Insurance, is seeking an Information Security Lead to support their Group CISO in driving the company's security programme. This role offers a unique opportunity to oversee and enhance daily cybersecurity operations, including risk management, compliance, and incident response. You will be at the forefront of managing security policies and ensuring the confidentiality, integrity, and availability of client data and business-critical systems.
Lead Aspen's cybersecurity operations
Manage risk assessment process and security policies
Oversee investigation and resolution of security incidents
What you'll do:
As an Information Security Lead at Aspen Insurance, your role will be pivotal in supporting the Group CISO in driving Aspen’s security programme. You will have the responsibility of overseeing daily cybersecurity operations, including risk management, compliance, and incident response. Your leadership will be instrumental in managing the annual and ongoing risk assessment process, developing and maintaining security policies. You will also lead audit responses, monitor compliance, and oversee the investigation and resolution of security incidents.
Collaborate closely with the CISO to align security and privacy compliance programmes
Serve as the primary information security consultant for all departments
Lead and manage cybersecurity projects within the CISO organisation
Act as a backup to the CISO, providing senior-level guidance and managing escalations
Oversee initial and periodic security risk assessments, develop and implement a comprehensive security risk management plan
Create a culture of cyber security within the IT organisation and drive behavioural changes for the business
Cooperate with industry regulators, internal legal entities, and organisation officers in any compliance reviews or investigations
What you bring:
As an Information Security Lead at Aspen Insurance, you bring a wealth of experience in technical management, information analysis, computer hardware, software, and IT systems. Your in-depth knowledge of the NIST Cybersecurity Framework will be invaluable in guiding our cybersecurity practices. Your strong business acumen will help us understand how service levels impact our profitability. Your ability to evaluate and refine security processes will ensure our operational efficiency.
Strong understanding of technical management, information analysis, computer hardware, software, and IT systems
In-depth knowledge of NIST Cybersecurity Framework and industry-standard security best practices
Strong business acumen with understanding of how service levels impact business profitability
Ability to evaluate and refine security processes for operational efficiency
Highly effective planning skills enabling efficient task management
Strong team player with ability to collaborate effectively in cross-functional environments
Ability to build strong working relationships with stakeholders at all levels
What sets this company apart:
Aspen Insurance is a leading global insurance provider known for its commitment to excellence. They offer a supportive work environment that values collaboration and innovation. Their focus on continuous learning makes them an ideal place for professionals looking to grow their careers. They are committed to creating a diverse and inclusive workplace where everyone feels valued, respected, and able to contribute their best.
What's next:
Ready to take the lead in Information Security at a global insurance provider? Don't miss this opportunity!
Apply today by clicking on the link. We look forward to receiving your application.
About the Company
In a complex world, Aspen provides the clarity to see risks as opportunities, not fears. Whatever the challenges, as a leading specialty insurance and reinsurance company, we have the insight, expertise and confidence to bring clarity from complexity™. Know more
Related Jobs
- Company Name
- SSP Group plc
- Job Title
- Cyber Security Engineer - 6 Month Contract
- Job Description
- About us: SSP Group plc (LSE:SSPG) is a global leading operator of food and beverage outlets in travel locations employing around 49,000 colleagues in over 3,000 units across 37 countries. We specialise in designing, creating and operating a diverse range of food and drink outlets in airports, train stations and other travel hubs across six formats: sit-down and quick service restaurants, bars, cafés, lounges, and food-led convenience stores. Our extensive portfolio of brands features a mix of international, national, and local brands, tailored to meet the diverse needs of our clients and customers. Our purpose is to be the best part of the journey, and we are committed to delivering leading brands and innovative concepts to our clients and customers around the world, focusing on exceptional taste, value, quality and service. Sustainability is crucial for our long-term success, and we aim to deliver positive impact for our business while uniting stakeholders to promote a sustainable food travel sector. www.foodtravelexperts.com About the role: SSP require a Cyber Security Engineer for a 6 month contract to manage and maintain security processes, solutions and support strategic initiatives. This role is essential in building and maintain key security technologies and services, whilst also supporting the wider Cyber Security function as a 2nd line operational capability. The Cyber Security Engineer is responsible for designing, implementing, and maintaining security solutions to protect the organization's information systems from cyber threats. This role involves collaborating with various teams to ensure robust security architectures, conducting vulnerability assessments, and supporting incident response activities. This role also provides support for the cyber security programme and works with the wider teams to ensure high risk areas are remediated. What you’ll be doing: Manage and main security tooling and infrastructure, including health, licence, capacity, performance and support roadmap and upgrade decisions. Act as 2nd line team within Cyber Security, supporting 1st line with incidents and any change to tooling and processes. Recommend and drive effective changes to enhance defence and response procedures Investigate and resolve issues with key security platforms and services Engage with wider D&T teams and act as SME for projects/changes Support and lead platform changes and transition process changes into 1st line Cyber Provide guidance and training for wider cyber security team when onboarding new technologies and processes. Partner with SOC and IR teams in the event of a security incident to ensure timely mitigation and remediation efforts are completed Promote a culture of security awareness and good practice Maintains good understanding of wider industry threats and security engineering best practices To be successful in this role you will need: Experience working in a dynamic, fast paced environment Security tooling experience across protection, detection and response platforms Experience with EDR, SIEM, vulnerability management solutions and threat intelligence platforms Hands-on experience in implementing and testing new security features, planning security tooling upgrades, troubleshooting, and responding to security incidents. Strong communications skills and experience in presenting and communicating to both technical and non-technical stakeholders Proven experience in managing security tooling and solutions. Belong at SSP: Great food and drink are diverse by nature. It’s authentic, creates great experiences and brings people together. The same goes for our Belong strategy at SSP. By empowering our colleagues and celebrating our differences, we create great experiences for our people, enabling them to thrive as one global team. Spanning 6 continents, we’re very diverse when it comes to our backgrounds. But it’s so much more than that, it’s listening with humility, taking conscious action, and having the determination to do the right thing. True diversity, equity and inclusion can only happen when everyone feels able to bring their full self to work. We encourage and welcome applications from a diverse range of candidates regardless of background, gender, race, religious beliefs, disability, sexual identity and orientation or age.
- Company Name
- Stanley David and Associates
- Job Title
- Cyber Security Architect
- Job Description
- Job Title: IT Cybersecurity Enterprise Architect Location: Coventry, UK Type : Contract role Note : Client is not providing any sponsorship here Role Purpose: The IT Cybersecurity Enterprise Architect is a senior technical leadership role responsible for defining and maintaining the overarching cybersecurity architecture for Client’s IT landscape. This role will ensure that security considerations are embedded within the enterprise architecture, aligning with business objectives, regulatory requirements, and industry best practices. The architect will provide strategic direction and guidance on cybersecurity matters, working closely with other IT architects, security specialists, and project teams throughout the entire project lifecycle within the established solution delivery framework. Key Responsibilities: Develop and Maintain Cybersecurity Architecture: Define and maintain a comprehensive cybersecurity architecture framework that aligns with the overall enterprise architecture and business strategy. This includes defining security principles, standards, patterns, and target architectures. Security by Design: Integrate security considerations into the early stages of system design and development within the delivery methodology. Review and contribute to requirements gathering, design specifications, and architectural blueprints to ensure security is proactively addressed. Risk Assessment and Mitigation: Conduct and contribute to security risk assessments of existing and planned IT systems and infrastructure. Develop and recommend mitigation strategies and security controls to address identified risks. Security Standards and Compliance: Define and maintain security standards, policies, and guidelines in alignment with relevant UK regulations (e.g., NIS Regulations), industry best practices (e.g., ISO 27001, NIST), and internal policies. Ensure adherence to these standards throughout the project lifecycle. Technology Evaluation and Selection: Evaluate and recommend security technologies and solutions that align with the enterprise security architecture and business needs. Participate in vendor selection processes, ensuring security requirements are adequately addressed. Security Architecture Governance: Participate in architecture review boards and provide expert security guidance on proposed solutions and projects. Ensure that security architecture principles and standards are consistently applied. Collaboration and Communication: Effectively communicate complex security concepts to both technical and non-technical stakeholders. Collaborate with infrastructure teams, application development teams, project managers, and business stakeholders. Documentation: Create and maintain clear and concise security architecture documentation, including security principles, standards, patterns, and solution architecture documents. Staying Current: Keep abreast of emerging cybersecurity threats, trends, and technologies, and assess their potential impact on the company's IT environment. Qualifications and Experience: Bachelor's degree in Computer Science, Information Security, or a related field. Relevant industry certifications (e.g., CISSP, CISM, TOGAF with Security Architecture specialization) are highly desirable. Extensive experience (typically 8+ years) in IT, with a significant focus on cybersecurity architecture and design. Demonstrable experience in defining and implementing security architectures for complex enterprise environments. Strong understanding of cybersecurity principles, frameworks, and best practices (e.g., defense-in-depth, zero trust). Proven experience with a wide range of security technologies and solutions, such as firewalls, intrusion detection/prevention systems, SIEM, vulnerability management, identity and access management, data loss prevention, and cloud security. Experience with regulatory compliance requirements relevant to critical national infrastructure in the UK (e.g., NIS Regulations). Strong analytical and problem-solving skills with the ability to assess and mitigate security risks. Excellent communication, presentation, and interpersonal skills with the ability to influence and build relationships at all levels. Proven ability to produce clear and concise technical documentation. Understanding of the different phases and security considerations within this framework. Experience within the energy or utilities sector is advantageous.
- Company Name
- Cpl Life Sciences
- Job Title
- Information Security Compliance Analyst
- Job Description
- Information Security Compliance Analyst 12 Month Fixed Term Contract Salary: Negotiable Hybrid - Hertfordshire As an Information Security Compliance Analyst, you will support the development and maintenance of the EMEA wide information security management system in accordance with Global EIT strategy, EMEA business requirements and relevant information security legislation, including NIS 2, AI Act and GDPR. You will ensure the continued certification of the EIT ISO 27001:2022 management system and adherence by the EMEA EIT department to all relevant legislation and regulations, including but not limited to Health and Safety, Financial and Privacy laws. Main duties/responsibilities: Conduct information security, information system, and compliance-based risk assessments, evaluate responses and recommend risk treatment actions Develop and execute risk mitigation plans in conjunction with relevant internal and external stakeholders/groups and to agreed timescales, following through to completion Support the creation, implementation and maintenance of information security policies and standards, in accordance with ISO 27001 other relevant frameworks and standards (NIST CSF, IEC 62443, CIS, GDPR etc.) Maintain the department’s information security procedures, including but not limited to information security incident response and business continuity management, conducting tabletop exercises to evaluate effectiveness. Manage the information security awareness training program to ensure all employees develop and maintain an awareness about and comply with all applicable information security policies, procedures, laws, and regulations. Provide information security advice and guidance for EMEA business activities and projects Manage information security programs to ensure the company meets its compliance requirements Monitor, analyse and report on information security-based management metrics. Perform comprehensive third-party information security due diligence assessments in a timely manner, report on results, recommend remediation activities and work with the legal team to ensure contractual obligations include security clauses as relevant Support information security and compliance audits conducted in the department Qualifications and Experience required: Degree level qualified or equivalent - highly desirable. CISM and / or CRISC or other relevant certification is highly desirable ISO 27001:2022 Lead Implementer / Auditor certification is essential. Demonstratable experience in an Information Security, IT Governance, Risk and Compliance based role, including maintaining and continually improving an ISO 27001 compliant management system. Extensive experience of information security management and/or security awareness. In-depth expert knowledge of industry standard frameworks and best practices – ISO 27001: 2022, ISO 27002:2022, ISO 27005, ISO 31000, NIST and their practical application in a corporate environment to ensure all elements of integrity, availability and confidentiality are adhered to. Extensive experience conducting information security risk assessments, reporting risks Experience of developing, implementing, managing, and maintaining Information Security policies, controls, standards, guidance, processes & procedures, and auditing compliance. Experience of developing, implementing, managing, and maintaining risk management framework, policies, processes, and procedures. Knowledge & experience of developing and performing information security due diligence and risk assessments of third-party organisations based on IT control frameworks such as ISO 27001 and ISO 31000. Practical experience of conducting gap analysis, testing information security processes, procedures, plans and leading audits to achieve compliance with Information Security standards. Practical experience of establishing and maintain data classification standards within a corporate environment. Experience of project managing Information Security, Data Protection & Compliance initiatives. Experience in developing and executing an Information Security awareness training across multi-business units. Experience with ensuring corporate compliance with UK/EMEA data protection legislation such as DPA and GDPR. Good knowledge of a broad range of IT technology platforms, products, services. Stakeholder management experience at both a technical and non-technical to Executive level. Excellent Business/customer facing experience If you are interested please apply or send your CV to luke.sandilands@cpl.com
- Company Name
- Expleo Group
- Job Title
- Cyber Security Engineer
- Job Description
- Are you currently looking for a new career opportunity within Cyber Security? Are you keen to work within an Automotive OEM? If so, Expleo have the opportunity for you! Expleo Engineering are seeking a Cyber Security Engineer on behalf of our client. The role will involve investigating cyber intrusions, implementing mitigation measures, and developing processes and procedures to address and resolve such intrusions effectively. This is a contract-based position located at our client’s Manchester site. Responsibilities of the Cyber Security Engineer include: Performing proactive cyber risk assessments to uncover previously undetected vulnerabilities or identify actual intrusions. Developing and proposing security system solutions to safeguard proprietary and confidential data and systems. Providing mentorship, conduct reviews, and delegate responsibilities effectively within the team. Expleo is a trusted partner for end-to-end, integrated engineering, quality services and management consulting for digital transformation. We help businesses harness unrelenting technological change to successfully deliver innovations that will help them gain a competitive advantage and improve the everyday lives of people around the globe. To meet with current legislation, right to work checks will be carried out to ensure candidates are able to work within the UK, unfortunately we are unable to provide sponsorship for this role. Any application will be treated in a highly confidentiality manner and all conversations will be respected. For more information on the Cyber Security Engineer role, please apply now!