Location: Alcester, UK (2x days onsite per week)
Salary: £60k

Role Profile

We are seeking an experienced Information Security Manager to lead the assurance, performance management, and continuous improvement of our cybersecurity capabilities. The successful candidate will play a critical role in governing service providers, uplifting control maturity, and ensuring our security posture aligns with business objectives, regulatory expectations, and recognised industry frameworks.

Skills and Experience

• Experience in IT security management, with a proven track record in cybersecurity leadership.
• Professional certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CEH (Certified Ethical Hacker), or equivalent are highly desirable.
• In-depth knowledge of security frameworks (e.g., NIST, ISO 27001), network security protocols, firewalls, encryption, and intrusion detection systems (IDS).
• Strong understanding of threat landscape and risk management strategies.
• Proficiency in security tools and technologies such as SIEM (Security Information and Event Management) systems, anti-malware, DLP (Data Loss Prevention), and endpoint protection.
• Excellent problem-solving and analytical skills.
• Strong communication skills, with the ability to explain complex technical concepts to non-technical stakeholders.
• Leadership and team management experience.

ECS Recruitment Group Ltd is acting as an Employment Agency in relation to this vacancy.

Manchester Hybrid, 3 days a week in the office. Commutable from Stockport, Wigan, Bolton, Rochdale, Bury, Sale, Liverpool, Warrington, and Runcorn. Up to £90,000 + benefits Were partnered exclusively with a Fintech business in Manchester, who have been building their very own SaaS suite of products over the last 10 years. They have recently been through a cloud migration, and security is at the forefront of their digital transformation. With this being said, theyre looking for a Cloud Security Architect to join the rapidly growing team, in a time where the business is thriving, and the team is in high spirits. The successful architect will have strong application security experience, as well as implementing container security within Kubernetes or similar tooling, and more. Key skills needed: Strong experience across AWS, Azure, or GCP. Background in cloud security and application security, ideally within SaaS environments Experience with container security, whether thats implementing it, or supporting dev teams with implementing it. Solid understanding of auth and access control (OAuth, OIDC, SAML, JWT, RBAC/ABAC) Experience designing secure multi-tenant systems and data isolation Familiar with AI/ML systems and the security risks around them Able to communicate security decisions clearly to engineers and stakeholders This role is for a security minded architect/engineer who is looking for a challenge. This is a big role, within a thriving Fintech business. They want go-getters, and people who arent afraid to get their hands dirty. Click APPLY now to be considered for this role! Cloud Security Architect Manchester Hybrid, 3 days a week in the office. Commutable from Stockport, Wigan, Bolton, Rochdale, Bury, Sale, Liverpool, Warrington, and Runcorn. Up to £90,000 + benefits

Are you an experienced IT Security Engineer looking for a hands-on role where you can shape and strengthen a growing organisation’s security landscape? This is an excellent opportunity to join a market-leading business where technology is central to operational success.

The Role

As an IT Security Engineer, you will play a key role in protecting and enhancing the organisation’s IT environment across both cloud and on-premise infrastructure. Working closely with infrastructure, operations, and external security partners, you’ll design and implement robust security controls while continuously improving resilience and reliability.

You’ll take ownership of incident response activities, proactively monitor threats, and drive improvements across vulnerability management and security tooling. Alongside day-to-day operational security, you’ll contribute to wider technology initiatives, ensuring systems remain secure, scalable, and aligned with business objectives.

The Company

Our client is a well-established and highly respected organisation operating within a fast-moving sector. With technology at the heart of its continued growth and innovation, the business offers a collaborative environment where expertise is valued and continuous improvement is encouraged.

What’s Required?

The ideal candidate will have:

• Experience in a security engineering or IT security-focused role
• Strong hands-on knowledge of security technologies such as firewalls, SIEM platforms, endpoint protection, and vulnerability management tools
• Experience securing both cloud-based and on-premise environments
• A solid background in security incident response and investigation
• Experience working with third-party security vendors or managed service providers
• The ability to communicate technical security concepts clearly to non-technical stakeholders
• Relevant security certifications (e.g., Security+, SSCP) would be advantageous

What’s Next?

If you’re looking for a security-focused role where you can make a tangible impact within a forward-thinking organisation, apply now to find out more.

IT Security Engineer, Cloud & Infrastructure, COR7484

Corriculo Ltd acts as an employment agency and an employment business.

Utilities
Hybrid: 2 days per week in Kent
6 months+
£650 per day

In short: As our Operational Technology (OT) Engineer, you will have a critical role ensuring that interconnector OT system, networking and cyber assets maintain the highest level of operational performance and cyber security.

In full:

The Operations team are responsible for ensuring safe and efficient operational running of interconnectors 24/7/365.

Key accountabilities:

You will carry out various maintenance and inspection works within the Interconnector High Voltage Electricity Converter Station and control room environments. You will be working within a team, following safe systems of work, which is responsible for site systems, ensuring their good working order and security in line with business and regulatory requirements (notably the Network and Information Systems [NIS] Regulation) and frameworks.

Key accountabilities include:

• Carry out installation, refurbishment, maintenance, fault investigation/repair and condition monitoring across OT system, networking and cyber assets.
• You will support new systems, networking or cyber implementations.
• You will support in tender, procurement and design activities associated with new
• You will run routine activities such as system and patch updates, AV updates, backups and permission reviews on various frequencies - daily/weekly/monthly/annual.
• Perform asset condition-based monitoring and system performance monitoring.
• Perform both reactive and proactive maintenance on associated assets and systems.
• Proactively work towards eliminating all accidents by adopting risk assessment techniques, method statements and being aware of potential hazards and reporting all near misses.
• Carry out roles as defined in Safety Rules of ‘Competent Person’.
• Participation in a site call out rota on a periodic basis and support live incidents if they occur.
• Assist in the management of 3rd parties undertaking planned and unplanned works safely and efficiently including ensuring risk assessment and method statements are in place
• On occasion, support the delivery of works and services across the Interconnectors Portfolio of IFA, IFA2, NSL and Viking Link sites.
• Interpret and consult on central policy from the Cyber, Engineering, Assurance and Policy team and implement to your assigned interconnector and control rooms.
• Ensure systems are managed in accordance with change and asset management life cycles.
• You will support the management spares and ensure they are tested, configured and deployable as required.
• Work closely with the site and control room operations team to plan and test Incident Response Plans
• You will support and run response and recovery processes and procedures in isolation or with suppliers.
• Support training the on-site and operator teams in relation to systems, procedures or security.
• You will be crucial to the Backup and Restoration process, managing backups and recovery
• You will support and install HW & networking changes including testing
• Assist in the management physical and logical security controls relating to the cyber security of critical systems - for instance user permissions, port blocking, security system logic, CCTV coverage of core areas.
• Support assurance, audit and inspection activities when undertaken.
• Undertake compliance activities to key regulatory requirements, including compliance reporting in collaboration with other Subject Matter Experts.

Knowledge/Experience:

• Experience working with and/or knowledge on Operational Technology (including OT system, networking and cyber assets) such as control, protection, monitoring systems, HVAC, building management etc is highly desirable
• Ability to work unsupervised on a wide range of interconnector equipment as part of a fully integrated team but with occasional lone working
• Demonstrate a self-help approach to common work-related problems
• You will be computer literate
• Foundation knowledge and experience of key Health, Safety and Environmental and Occupier legislation applicable within an operational environment and premises (ie Health and Safety at Work Act, Management of Health and Safety at work Regulations, CDM Regulations, Electricity at Work Regulations, Occupier Liability Act, Temporary Works
• Competent Person authorisation or working towards
• Good communication skills with a “can do” attitude
• Ability to use an asset work management system like Ellipse/Maximo/Ultimo/IFS/etc is desirable
• Understanding of relevant regulatory requirements (such as the Networks and Information Systems Regulation [NIS]) is beneficial but not essential

Candidates will ideally show evidence of the above in their CV in order to be considered.
Please be advised if you haven’t heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.

We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.

Governance, Risk & Compliance Officer London (hybrid) £50,000 – £55,000 VIQU have partnered with a leading organisation that is looking for a Governance, Risk & Compliance Officer to join their Information Security function. This role focuses on owning and evolving established risk, governance, and compliance processes within a regulated, safety-critical environment. You’ll work closely with senior stakeholders to maintain alignment with frameworks such as ISO 27001 and NIST CSF, ensuring controls remain effective and audit-ready. Key Responsibilities of the Governance, Risk & Compliance Officer: • Manage and maintain the organisation’s risk management framework, including risk assessments and mitigation tracking. • Monitor risk, control effectiveness, and emerging threats, providing clear reporting to senior stakeholders. • Support compliance with regulatory and industry standards, maintaining registers and audit evidence. • Coordinate audits, manage findings, and ensure timely closure of actions. • Contribute to governance policies, procedures, and continuous improvement initiatives. • Support change governance, ensuring appropriate controls and documentation are in place. • Deliver risk and security awareness across the organisation. Key Requirements of the Governance, Risk & Compliance Officer: • Experience in GRC within a regulated or critical services environment. • Strong understanding of ISO 27001, NIST CSF, and wider risk management frameworks. • Experience supporting audits, compliance, and regulatory reporting. • Ability to translate regulatory requirements into practical controls and processes. • Strong stakeholder management and communication skills. • Organised, proactive, and able to manage multiple priorities. • Experience within transport, utilities, or similar regulated sectors is highly desirable. • Exposure to OT/ICS environments is a plus. • Certifications such as ISO 27001, CISMP, or CISM are advantageous. Apply now to speak with VIQU IT, or reach out to Katie Dark via the VIQU IT website. Do you know someone great? We’ll thank you with up to £1,000 if your referral is successful (terms apply). For more roles, follow us on LinkedIn @VIQU IT Recruitment Governance, Risk & Compliance Officer London (hybrid) £50,000 – £55,000

Cadent Gas Ltd Secure our digital future through identity excellence As an IAM Technical Analyst, you will be reporting into the Identity & Access Management team and working closely with internal IT teams and external partners supporting delivery of Cadent’s IAM roadmap into an ITIL disciplined environment, delivering IT services in a multisource model to an enterprise of 7000+ employees and external workers in a regulated utility. The IAM team aim to enhance the user experience for colleagues by simplifying, improving, and automating access to systems & data for our digital identities including Privileged Access Management (PAM). We work with internal and external partners to improve provisioning and revocation of access to resources, ensuring access is authenticated and limited, based upon principle of least privilege. Accountable for the ongoing development and deployment of automated access management processes and integrations focussed on Cadent’s non-SAP platforms and systems (Microsoft Active Directory, Entra ID and MS 365). We aim to enhance governance to improve management of digital identities including privileged access, protecting Cadent’s network to meet regulatory obligations (NCSC CAF), aligned to strategy and best practice. Why you’ll love this role: This is a hands-on technical role, where you will be working with industry standard tools where your skills and expertise will involve: Technical delivery – Implement, support and optimization of IAM and PAM services across the enterprise including SSO enablement of new SaaS applications and technical input and support to other projects and programmes.
Technical assurance – ensuring Change Management process is adhered to and technically validated to protect live service.
Security & Compliance – Ensure alignment with NCSC CAF and regulatory obligations, development, management and adherence to IAM Standard Operating Procedures (SOPs), support for internal and external IAM security audits.
Automation & Integration – Drive improvements in provisioning, revocation, and access governance.
Collaborative culture – Collaborate across IT, business, and vendor teams to deliver secure solutions.
Continuous Improvement – Champion innovation and efficiency in identity management including maintenance plans and roadmaps to maintain the health of services. What you’ll bring: Education & Certifications – Degree in IT or Cybersecurity, ITIL Foundation, and ideally CIAM, CISSP or CISM. Extensive hands-on experience in IT; specifically, Microsoft Active Directory (AD), Entra ID and MS 365, with a good knowledge of system technologies, monitoring tools, processes, and incident handling in a 24x7x365 support environment. Experience of configuring, implementing, developing, and supporting complex solutions. Evidence of vendor/ stakeholder management qualities. Technical curiosity, ensuring continuous skills refresh, with cutting edge and new to market technologies explored, understood, and assessed. Experience and understanding with different delivery methods and tools including Waterfall, Agile, SCRUM, Prince2, KANBAN and JIRA. Experience of building relationships and working with a variety of stakeholders, supported by interpersonal and communication skills at all levels, with the ability to translate complex IT issues into business related vocabulary. Experience and understanding of ITIL framework and ITSM tools, specifically ServiceNow. Experience working in a regulated utility industry desired. Experience and understanding of UK Data Privacy legislation Technical knowledge or qualifications highly desirable in the following areas: Identity and Access Management, specifically Microsoft Active Directory (AD), Entra ID and MS 365 including Entra Connect, app registrations, certificate and password management for user and machine authentication. Deep knowledge of SAML, OAuth, OpenID Connect, SCIM, MFA and federation protocols. HR Provisioning, specifically SAP SuccessFactors to AD / Entra ID). Experience with Microsoft Entra ID Conditional Access, Defender for Identity, and Entra Permissions Management including PIM. Strong understanding of Cyber security principles including zero-trust, privileged access management (PAM), Just-In-Time (JIT) access, Role Based Access Control and adaptive authentication. Privileged Access Management, specifically CyberArk suite. Experience of integrating applications with IGA solutions using a variety of APIs and protocols such as Web service protocols REST/SOAP, LDAP, csv. Hands-on experience with identity automation; PowerShell scripting / MS Graph API, and other API-based integrations. Data Lifecycle management tools such as Microsoft Defender & Microsoft Purview. NCSC Cyber Assessment Framework (CAF). DevOps and cloud security best practices in AWS/Azure environments

Salary - Up to £52,000.00 Location - Scunthorpe, North Lincolnshire, DN16 1XA Pattern of Work – 36.5 hours, Monday - Friday What you need to know about the role You will provide expert technical security oversight across enterprise IT platforms, acting as a trusted authority that identifies security risks, control gaps, and design weaknesses that operational teams may overlook. This is an individual contributor role with technical authority but no line management responsibilities. Your value lies in independent judgement, validation, and challenge, with only limited day‑to‑day operational ownership. Remediation and platform management remain with specialist infrastructure, network, endpoint, or OT teams. You will work alongside experienced engineers to assess security implications of designs, changes, and incidents, providing clear, evidence‑based advice and escalating risks where controls fall short of agreed standards. The role focuses primarily on corporate IT environments, with limited OT involvement centred on collaboration and alignment to central security standards. Key Responsibilities Include, but are not limited to * Provide expert technical security assurance across enterprise IT platforms, identifying control gaps, design weaknesses, and hidden risks that may be missed during operational delivery. * Assess the security impact of technical designs, changes, and exceptions, providing independent challenge and clear, evidence‑based recommendations. * Support security incident response by validating technical impact, root cause, and remediation effectiveness, working alongside operational teams rather than always owning execution. * Conduct and review vulnerability and control assessments, validating remediation outcomes and escalating unresolved or systemic risks where appropriate. * Act as a trusted technical advisor to infrastructure, network, endpoint, and cloud teams, balancing security requirements with operational realities. * Review and advise on firewall rules, network segmentation, and access controls, ensuring alignment with security standards and risk tolerance. * Educate and influence IT colleagues by raising security awareness through practical, technically grounded guidance, not just policy enforcement. * Operate autonomously, using professional judgement and experience to assess risk, document findings, and escalate where controls fall short. What we need to know about you Skills & Experience Essential: * Proven experience in IT security engineering or technical security assurance, operating across enterprise infrastructure. * Strong knowledge of endpoint protection (SentinelOne preferred), with the ability to assess configuration quality and control effectiveness rather than just operate tooling. * Experience reviewing and assuring enterprise firewall configurations and network security controls (e.g. Palo Alto, Cisco). * A solid understanding of encryption, certificates, and trust models as used within enterprise IT systems. * Experience assessing security patching effectiveness and remediation outcomes across Windows and Linux platforms. * Significant experience working with Windows and Linux environments, including legacy platforms. * Experience conducting or reviewing vulnerability assessments using tools such as Nessus, with the ability to interpret results in context. * Ability to analyse logs and technical evidence to identify security issues and validate root cause. * Strong technical communication and documentation skills, able to explain risk and findings clearly to experienced engineers and non‑specialists. Desirable: * Certifications such as CompTIA Security+, CISSP, CEH, or GIAC are beneficial but not essential; demonstrable technical assurance experience is valued over certifications. * Understanding of OT / ICS security principles and legacy constraints, with the ability to align OT risks to enterprise security standards. * Experience with SIEM tools, network monitoring, or threat intelligence platforms, particularly in support of investigation and assurance activities. * Knowledge of NIST, Cyber Assessment Framework (CAF), Cyber Essentials(+) or ISO 27001, with the ability to apply standards pragmatically rather than mechanically. * Scripting or data analysis skills to support investigation, validation, or evidence gathering. What we can offer you
We know our employees are our greatest asset and alongside the great benefits packages we offer, we continue to invest in their careers by providing a huge range of training and development opportunities. Whatever your stage in life, you’ll find a range of benefits to complement your work-life balance. The benefits you’ll enjoy include: * Defined contribution company pension scheme * 27 personal annual leave days + statutory bank holidays * Life Assurance * A comprehensive Company sick pay scheme * Health Cash Plan via our partnership with Simply health * Employee Assistance Programme * Standby and call-out payments * Family friendly benefits including enhanced maternity, paternity, and adoption leave. What you need to know about us
British Steel is a leading European steel manufacturer, supplying premium long products around the world. We take great pride in our history and heritage. Not many companies can claim to have generations of families dedicating their working lives to one company, one industry. Steel gets into your blood, and this drives the passion of our people. And these 2 values deliver our third value of performance – making the products our customers want now and in the future. British Steel has a bright future and we want you to be part of it. British Steel is an armed forces friendly company, and we actively encourage applications from ex-Armed Forces Personnel, Reservists, Armed Forces Veterans and military spouses/partners. We may close this vacancy sooner than planned if we receive a high volume of suitable applications. To ensure your application is considered, we encourage you to submit it as soon as possible

An IT support company are looking for a motivated Cyber Security Apprentice to join their team, where you’ll develop essential skills and contribute to protecting their digital infrastructure. This role offers hands-on experience, structured learning, and guidance from industry professionals, ideal for someone passionate about cybersecurity. As a Cyber Security Apprentice, you’ll work closely with their cybersecurity team to safeguard their systems, monitor for vulnerabilities, and respond to security incidents. You will support the implementation and maintenance of cybersecurity measures and assist in creating a secure IT environment. This role is perfect for someone eager to learn about cybersecurity and work towards becoming a certified cybersecurity professional. KEY DUTIES \* Assist in monitoring network activity and detecting potential threats and vulnerabilities \* Help in identifying, reporting, and mitigating security risks \* Support the team in responding to security incidents and implementing response strategies \* Conduct regular system checks and audits to ensure security protocols are up to date \* Assist with managing access controls and permissions for users \* Participate in the creation and updating of security policies, procedures, and best practices \* Collaborate with the IT team to troubleshoot and resolve security-related issues \* Stay informed on the latest cybersecurity trends and technologies CANDIDATE REQUIREMENTS \* Have the right to live and work in the UK

Information Security Assurance EngineerBristol - Hybrid (3 days onsite)We're looking for an Information Security Assurance Engineer to embed secure-by-design principles into mission-critical products operating in complex environments.You'll review application and product code, identify vulnerabilities, and provide practical guidance to improve security and code quality. Working with teams across the UK and Europe, you'll support shift-left security, contribute to architecture and design discussions, and help integrate security into the SDLC.Key skills:Secure-by-design experience, code review (C/C++, Python or similar), OWASP Top 10, SDLC, Git, CI/CD, Linux/Windows.Experience with embedded or performance-sensitive systems is a plus. Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

Job Advertisement: Financial Crime - Transaction Monitoring Specialist

Join Our Client’s Team!

Are you passionate about financial crime prevention and compliance? Do you thrive in a dynamic environment where your expertise can make a real difference? Our client, a leading organization in the financial services sector, is seeking a talented Financial Crime - Transaction Monitoring Specialist to join their innovative IT FinCrime team!

Position Details:

• Contract Type: Temporary
• Contract Length: 6 months
• Daily Rate: £675 - £775
• Working Pattern: Full Time

Why This Role Matters: As a Financial Crime - Transaction Monitoring Specialist, you will play a pivotal role in transforming financial crime prevention initiatives. Your insights and skills will help safeguard our client’s operations while enhancing compliance and reducing risk.

Key Responsibilities:

• Support the delivery of Financial Crime - Transaction Monitoring transformation projects.
• Conduct specialized data analysis across payment, list, and client data.
• Assist with technical and compliance audits, addressing remediation requests.
• Document and define technical processes, including data dictionaries.
• Provide 3LoD BAU support for key Transaction Monitoring applications.
• Lead system upgrades, regression testing, and vendor evaluations (RFPs/PoCs).

What You’ll Bring:

Experience:

• Experience in IT roles within financial services, with a bias towards Financial Crime or compliance. - Proven track record in delivering complex technical projects in regulated environments.

Technical Skills:

• Expertise in FinCrime applications, particularly with Actimize SAM and Data Warehouse. - Proficiency in SQL, ETL processes, and Linux operating systems. - Familiarity with automated tools and change cycles (SDLC).

Soft Skills:

• Strong communications skills to engage with stakeholders effectively. - A proactive approach to risk management and compliance. - Ability to mentor and support junior team members in a collaborative environment.

What We Offer:

• A chance to work with a dedicated IT FinCrime division of experts.
• Opportunities for professional growth and skill development.
• A supportive and innovative work culture that values continuous improvement

Join Us! If you’re ready to make an impact and help shape the future of financial crime prevention, we want to hear from you! Apply now and become a vital part of our client’s mission to uphold the highest standards of regulatory compliance.

We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.

Adecco is a disability-confident employer. It is important to us that we run an inclusive and accessible recruitment process to support candidates of all backgrounds and all abilities to apply. Adecco is committed to building a supportive environment for you to explore the next steps in your career. If you require reasonable adjustments at any stage, please let us know and we will be happy to support you.

Cyber Solution Architect (Digital Platforms & Trading Systems)

8-Month contract - Inside IR35 - market rate

London based - hybrid working - 3 days a week onsite

Role Overview

We are looking for a hands-on, highly technical Cyber Solution Architect to design and deliver secure solutions across our digital platform ecosystem, with a strong focus on Base Metals Order Execution Management Systems (OEMS). This role requires deep technical expertise, practical implementation capability, and the ability to embed security into complex, low-latency trading environments.

Key Responsibilities

• Design and implement secure, scalable cyber solutions for digital platforms, including OEMS and associated trading infrastructure.
• Act as a hands-on architect, contributing directly to solution design, engineering decisions, and security implementation.
• Develop and maintain security architecture patterns, reference models, and solution blueprints.
• Lead security design for Base Metals OEMS platforms, ensuring alignment with performance, resilience, and regulatory requirements.
• Perform threat modelling, security risk assessments, and architecture reviews.
• Integrate security into DevOps pipelines, promoting DevSecOps best practices.
• Collaborate with engineering, infrastructure, and business teams to ensure security is Embedded by design.
• Provide technical oversight on identity and access management (IAM), encryption, API security, and network security.
• Evaluate and implement security tooling (eg, SIEM, EDR, DLP, WAF) within platform environments.
• Support incident response activities and provide expert guidance on security incidents affecting trading systems.

Required Skills & Experience

• Proven experience in a Cyber Solution Architect role with strong hands-on delivery capability.
• Deep technical knowledge across application, infrastructure, network, and cloud security domains.
• Demonstrated experience securing digital platforms in complex enterprise environments.
• Strong understanding of Order Execution Management Systems (OEMS), ideally within Base Metals or commodities trading.
• Experience in commodities or financial trading environments (particularly Base Metals).
• Understanding of regulatory requirements relevant to trading systems.
• Knowledge of trading workflows, low-latency systems, and associated cyber risks.
• Experience with cloud platforms (AWS, Azure, or GCP) and cloud-native security architecture.
• Strong familiarity with security frameworks (eg, NIST, ISO 27001, CIS).
• Experience implementing security controls including IAM, encryption, endpoint protection, and monitoring solutions.
• Proficiency in Scripting or programming (eg, Python, PowerShell, Bash).

Desirable Skills

• Experience with high-frequency or algorithmic trading security.
• Knowledge of Zero Trust architecture and modern identity frameworks.
• Relevant certifications such as CISSP, CCSP, or TOGAF.

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited (“ARM”). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission. Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change.

To see more Chinese jobs please follow us on WeChat: teamchinapf AND pfteamchina

Ref: 23260

The Skills You’ll Need: Fluent in Mandarin, Extensive / Solid of IT experience, including team leadership.

Your New Salary: Up to £100k, depending on experience

Office based

Perm

Start: ASAP

Deputy Head of IT - What You’ll be Doing:

• Support the Head of IT in designing, implementing and maintaining the firm’s IT strategy.
• Assist in developing and enforcing IT policies, procedures and architectural frameworks in line with group standards, regulatory requirements and best practices.
• Oversee IT operations, including infrastructure, support, applications and cybersecurity to ensure system stability and service continuity.
• Act as deputy for cybersecurity monitoring, threat management, incident response and improvement of protective controls.
• Assist with IT budgeting, cost control, vendor management and procurement to ensure effective financial governance.
• Maintain strong collaboration with group IT, supporting policy alignment, reporting and joint initiatives.
• Work closely with business units to identify technology needs, propose IT solutions and support implementation.
• Assist in maintaining and testing Business Continuity Plans and disaster recovery arrangements; participate in the Business Continuity Committee.
• Support implementation of approved systems and controls in compliance with relevant legislation, regulatory requirements and group policies.
• Monitor team workload, task allocation and performance to ensure effective delivery and reliable production systems.
• Provide coaching, mentoring and knowledge-sharing to IT team members; identify training needs and support skills development.
• Manage IT assets, suppliers and contractual relationships in accordance with internal procurement and compliance requirements.
• Lead and/or support IT projects including planning, resourcing, tracking, reporting and risk management.
• Prepare reports, documentation, KPIs and updates for Senior Management and the Board when required.
• Act as deputy for the Head of IT during absence, taking responsibility for escalation, decision-making and operational oversight.
• Perform other duties as assigned by Senior Management or the Head of IT.

Deputy Head of IT - The Skills You’ll Need to Succeed:

• Bachelor’s degree in Information Technology, Computer Science or related discipline; Master’s degree preferred.
• Extensive / Solid of IT experience, including team leadership and project delivery.
• Strong technical knowledge across IT infrastructure, systems administration, networks, applications and cybersecurity.
• Experience in IT governance, ITIL processes, change management and incident management.
• Strong understanding of financial services IT environments, regulatory requirements and risk controls.
• Excellent communication, stakeholder management and decision-making skills.
• Ability to coach and develop teams; experience managing distributed teams is desirable.
• Strong vendor management and negotiation capabilities.
• Sound knowledge of Business Continuity/Disaster Recovery frameworks.
• Working knowledge of networking, firewalls, CUCM, cybersecurity tools and cloud/infrastructure technologies.
• Experience with trading systems, exchange connectivity, FIX protocols and back-office integrations is advantageous.
• Ability to work under pressure, manage competing priorities and deliver within deadlines.
• Bilingual speakers (English & Mandarin) is essential.

Please view all our Team China jobs at people-first-recruitment

Please follow us on Linkedin: people-first-team-china

We would be grateful if you could send your CV as a Word document. If your application is successful, you will be contacted within 7 days. We regret that due to the high volume of applications we receive we cannot provide feedback on individual CVs. Please note that we can only consider candidates who are eligible to work in the UK and are able to provide relevant supporting documentation.

People First is committed to increasing diversity, and maintaining an inclusive workplace culture. We welcome applications from all qualified candidates regardless of their ethnicity, race, gender, religious beliefs, sexual orientation, age, marital status or whether or not they have a disability.

People First (Recruitment) Limited acts as an employment agency for permanent and fixed term contract recruitment and as an employment business for the supply of temporary workers. Please note that by applying for this job you accept our Terms of Use and Privacy Policy which can be found on our website.

Location - London or Winchester with hybrid working as per departmental requirements (currently a MINIMUM of 40% (2 days per week).

LCP is an award-winning actuarial and analytics consultancy providing market-leading capabilities and advice across pensions and financial services, energy, and health. We use powerful analytics fused with human expertise to shape a more positive future.

We have a great opportunity to join our Infrastructure team as a Security Engineer. This role is perfectly poised at the intersection of traditional Infrastructure Security operations and the future’s promise of AI and automation. As a Security Engineer you will be 75% Hands-On and 25% Policy/Process management. As LCP embarks on this transformative journey, the Infrastructure Security Engineer will be pivotal in ensuring a blend of technological innovation with a deeply human touch. Beyond just problem-solving, this role offers the chosen candidates an opportunity for personal and professional growth. We’re not just seeking individuals to join us; we’re seeking visionaries who will evolve with us, taking ownership of their development and skills as the landscape of service support undergoes this exciting metamorphosis. The aim remains consistent: to uphold LCP’s unwavering commitment to exceptional user experience across all locations.

What will you be doing?

Under the guidance of the Head of Infrastructure or Security Lead you will:

• Secure LCP’s infrastructure, spanning multiple physical office (UK and Europe) and numerous Cloud subscriptions, through a balanced-risk approach
• Design and implement technical information security controls and countermeasures, ensuring alignment with the risks they are intended to mitigate
• Work with an outsourced Security Operations Centre (SOC), maintaining threat detection and response processes in conjunction with the InfoSec team to ensure its continued effectiveness
• Effectively operate established technical information security controls and countermeasures, ensuring adherence to policy and compliance requirements
• Deliver standardised security measures for cloud resource templates and configuration baselines, that enable approve teams to efficiently self-serve pre-configured resources
• Automate manual or repetitive tasks, improving the end-to-end efficiency of technical security measures
• Respond to new and emerging security threats and vulnerabilities, effectively engaging in cross-functional collaboration as needed
• Conduct security incident investigations, collaborating with technical and non-technical stakeholders as appropriate, with the aim of identifying root cause, threat vector utilised, scope of compromise and related remedial and preventative actions
• Implement and administer technical security tooling (Such as Defender for Cloud, Defender for End-Point, Nessus, etc), training others as required
• Optimise the cost of cloud-based security measures, ensuring they remain fit-for-purpose and right-sized as part of overall infrastructure efficiency
• Constantly maintain and develop awareness of
  • Emerging threats and vulnerabilities and the techniques used to mitigate them
  • Emerging information security practices, standards and trends within a modern, increasingly cloud-based and Agile/DevOps oriented environment
• Coordinate with internal and external stakeholders
• Partner with InfoSec to deliver on key information security risk related initiatives, ensuring compliance to patching and vulnerability policies
• Partner with Product and Platform team members in respect of secure coding practices and security measures within the infrastructure resources they utilise
• Establish and cultivate relationships, being a trusted advisor and technical point of contact within the firms engineering community

What skills and experience are we looking for?

• First-hand experience and knowledge of modern information security methodologies, techniques, and tooling, spanning both physical and cloud infrastructure
• Knowledge of key security standards/frameworks including ISO 27001, NIST, and CIS
• Experience of securing infrastructure within a DevOps organisation – including secure coding standards, automation and enterprise monitoring and reporting tools specifically within Microsoft Azure
• Demonstrable experience of security controls and countermeasures within IP based networks, WAN technologies, virtual server technologies and Microsoft Cloud on Windows and Linux
• Demonstrable experience working with DLP and EDR technologies such as Microsoft Defender
• Demonstrable first-hand experience with modern Security Information and Event Management (SIEM) solutions and related workflow automation (SOAR)
• Ability to proactively own and coordinate resolving security issues, to ensure solutions continue to meet business needs
• Ability to break a problem down into its component parts to identify and diagnose root causes, troubleshooting and identify problems across different technology capabilities
• Strong planning and organisational skills, including the ability to coordinate several work streams simultaneously, while balancing priorities and quality
• Excellent communication skills with a capacity to present, discuss and explain issues coherently and logically, both in writing and orally
• Ability to balance conflicting and changing demands through prioritisation and pragmatism

What’s in it for you?

Take a look at our Glassdoor and Career stories pages to see why our people love being here! As well as joining a certified B-Corp, multi-award winning, fun, collaborative, people first organisation where your personal and professional skills will be developed to make you the best you can be, we offer an attractive benefits package designed to promote your overall wellbeing so that you are able to perform to your full potential both in and out of work. Currently our core benefits package includes:

For you:

• Hybrid working (see top of the advert for details)
• Professional study support (where applicable)
• Access to our internal Wellbeing, LGBTQ+, Multicultural and Women’s networks

For your family:

• Life assurance
• Income protection
• Enhanced maternity/paternity/adoption and shared parental leave

For your health:

26 days annual leave (pro-rata for part-time working) plus bank holidays (most of which can be taken flexibly!) with options to buy & sell holidayPrivate medical insurance

Cyber Solution Architect (Digital Platforms & Trading Systems)

8-Month contract - Inside IR35 - market rate

London based - hybrid working - 3 days a week onsite

Must have Base Metals trading experience

Role Overview

We are looking for a hands-on, highly technical Cyber Solution Architect to design and deliver secure solutions across our digital platform ecosystem, with a strong focus on Base Metals Order Execution Management Systems (OEMS). This role requires deep technical expertise, practical implementation capability, and the ability to embed security into complex, low-latency trading environments.

Key Responsibilities

• Design and implement secure, scalable cyber solutions for digital platforms, including OEMS and associated trading infrastructure.
• Act as a hands-on architect, contributing directly to solution design, engineering decisions, and security implementation.
• Develop and maintain security architecture patterns, reference models, and solution blueprints.
• Lead security design for Base Metals OEMS platforms, ensuring alignment with performance, resilience, and regulatory requirements.
• Perform threat modelling, security risk assessments, and architecture reviews.
• Integrate security into DevOps pipelines, promoting DevSecOps best practices.
• Collaborate with engineering, infrastructure, and business teams to ensure security is embedded by design.
• Provide technical oversight on identity and access management (IAM), encryption, API security, and network security.
• Evaluate and implement security tooling (e.g., SIEM, EDR, DLP, WAF) within platform environments.
• Support incident response activities and provide expert guidance on security incidents affecting trading systems.

Required Skills & Experience

• Proven experience in a Cyber Solution Architect role with strong hands-on delivery capability.
• Deep technical knowledge across application, infrastructure, network, and cloud security domains.
• Demonstrated experience securing digital platforms in complex enterprise environments.
• Strong understanding of Order Execution Management Systems (OEMS), ideally within Base Metals or commodities trading.
• Experience in commodities or financial trading environments (particularly Base Metals).
• Understanding of regulatory requirements relevant to trading systems.
• Knowledge of trading workflows, low-latency systems, and associated cyber risks.
• Experience with cloud platforms (AWS, Azure, or GCP) and cloud-native security architecture.
• Strong familiarity with security frameworks (e.g., NIST, ISO 27001, CIS).
• Experience implementing security controls including IAM, encryption, endpoint protection, and monitoring solutions.
• Proficiency in scripting or programming (e.g., Python, PowerShell, Bash).

Desirable Skills

• Experience with high-frequency or algorithmic trading security.
• Knowledge of Zero Trust architecture and modern identity frameworks.
• Relevant certifications such as CISSP, CCSP, or TOGAF.

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited (“ARM”). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission. Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change.

Investment Banking Endpoint Security Engineer - ITSM, Powershell, Python, Trellix, Splunk, Azure, AWS CONTRACT

Endpoint Security Engineer

Key Responsibilities

. Contribute to and support a major cloud migration programme.
. Design, engineer, and implement advanced endpoint security solutions using technologies such as Trellix, BeyondTrust, and CrowdStrike.
. Deploy enterprise security solutions through ITSM systems including Remedy and ServiceNow change control.
. Produce high-quality technical documentation, workflows, and support materials.
. Collaborate with security vendor consultants and Technical Account Managers to optimise product usage.
. Partner with compliance, audit, and information security teams to ensure alignment with organisational standards.
. Conduct effective research and provide informed consultancy on security solutions and trends.
. Define and maintain security baseline configurations

Required Technical Skills & Certifications

. Demonstrated experience in endpoint security, across both engineering and support capacities.
. Strong expertise in Application Control, especially with BeyondTrust solutions.
. Proficiency in Scripting PowerShell and Python are essential.
. Experience with Trellix ePO, BeyondTrust EPM Cloud, and policy management in Azure and AWS environments.
. Advanced understanding of Microsoft Windows operating systems.
. Strong analytical and problem-solving skills, with the ability to assess complex security challenges and propose effective solutions.

. Exposure to data analytics tools such as Splunk and Power BI.
. Ability to clearly articulate troubleshooting methods and strategies.

Desired Skills

. Knowledge of cloud technologies, particularly Azure and AWS.
. Security certifications, preferably CISSP.
. Experience supporting macOS/iOS environments.

Contract role inside IR35 (initial 12 months, to be extended) - hybrid working - candidate can be based near Manchester/Liverpool/Stoke/Birmingham

By applying to this job you are sending us your CV, which may contain personal information. Please refer to our Privacy Notice to understand how we process this information. In short, in order to supply you with work finding services, we will hold and process your personal data, and only with your express permission we will share this personal data with a client (or a third party working on behalf of the client) by email or by upload to the Client/third parties vendor management system. By giving us permission to send your CV to a client, this constitutes permission to share the personal data that would be necessary to consider your application, interview you (Phone/video/face to face) and if successful hire you.

Scope AT acts as an employment agency for Permanent Recruitment and an employment business for the supply of temporary workers. By applying for this job you accept the Terms and Conditions, Data Protection Policy, Privacy Notice and Disclaimers which can be found at our website.

Hybrid - 2 days per week onsite in Hampshire
Circa £90,000 per annum + benefits
SC cleared

We are seeking a passionate and forward-thinking DevSecOps Engineer to join our Defence client, offering a unique opportunity to work at the forefront of secure, scalable software delivery across DevSecOps, MLOps, and cloud technologies.

In this role, you will help push the boundaries of what’s possible-from securely updating deployed equipment to enabling resilient, high-availability systems-while shaping technical direction, mentoring others, and driving best practices across the full software development life cycle. You will leverage modern cloud and DevSecOps tooling to accelerate deployment automation and improve system reliability, applying Site Reliability Engineering (SRE) principles to ensure the continuous, secure operation of live systems. Taking ownership of code releases, deployments, and operational support, you will combine strong technical expertise with effective communication skills to collaborate across a wide range of stakeholders in a dynamic, team-oriented environment.

What You’ll Bring

You will have hands-on experience across a range of DevSecOps disciplines. Depending on your experience level, you may bring expertise in some of the following:

Cloud Technologies

• AWS (primary)
• Azure and/or GCP (beneficial)

Cyber Security

• Vulnerability management (eg Tenable)
• Identity and Access Management (eg Azure AD, Keycloak)
• Static and dynamic analysis (eg SonarQube)
• Network security, certificates, and token management

Virtualisation & Containerisation

• Docker, Podman
• Kubernetes
• GPU containerisation (eg NVIDIA Container Toolkit, Run:AI)

Architectural Approaches

• Microservices and serverless architectures
• Edge computing
• API design (REST, gRPC/Protobuf)
• Event-driven systems (Kafka, MQTT)

DevSecOps Tooling

• Version control (Git)
• CI/CD pipelines (eg GitLab CI/CD)
• Infrastructure as Code (Terraform, Puppet, Ansible)
• Linux Scripting
• Programming (eg Python, Rust)
• Monitoring & observability (Prometheus, Grafana, Elasticsearch)

If this role is of interest, apply now or send your CV to me at (see below)

DURATION: 6 months (extension - very likely
LOCATION: Edinburgh, Leeds or Manchester
WORKING HOURS: Standard business hours with out of hours support required
ONSITE REQUIREMENTS: Hybrid - 2 days onsite per week
ENGAGEMENT TYPE: Contract - Outside IR35
DAY RATE: £550 per day

LEGAL RIGHT TO WORK: Candidates must have the legal right to work in the UK. Sponsorship is not available for this role.

ATRIUM GLOBAL SUMMARY
Atrium Global is supporting a client within the financial services sector who is seeking a highly experienced IBM MQ z/OS Administrator to join a specialist Mainframe Middleware team.

JOB OVERVIEW
This role sits within a Mainframe-only environment and requires a contractor who can contribute immediately with minimal ramp-up. You will provide hands-on support and delivery across a critical IBM MQ estate on z/OS, focusing on production stability, incident resolution and controlled change delivery.

This is a pure z/OS MQ role - candidates with primarily distributed MQ or broader platform backgrounds will not be suitable.

RESPONSIBILITIES
Provide hands-on administration of IBM MQ on z/OS across production environments
Deliver incident, problem and change resolution within strict SLAs
Support and maintain MQ queue managers, channels and configurations
Perform production deployments, upgrades and migrations
Troubleshoot complex MQ issues across mission-critical systems
Maintain service stability, resilience and performance optimisation
Work closely with stakeholders across Mainframe and infrastructure teams
Ensure adherence to governance, processes and security standards
Participate in out of hours support and deployment activities

REQUIREMENTS
* Strong hands-on experience administering IBM MQ on z/OS (v9.x preferred)
* Proven experience working in Mainframe-only MQ environments
* Deep understanding of:

• Queue managers
• Channels
• MQ objects
• Clustering/Queue Sharing Groups (QSG)
  * Experience with TLS/SSL configuration and MQ security (RACF)
  * Strong troubleshooting skills within production MQ environments
  * Experience delivering changes independently into production
  * Familiarity with z/OS panels, ISPF and Mainframe tooling
  * Experience working within ITIL-controlled environments

NICE TO HAVE
* Experience with MQ monitoring tools on z/OS (eg Omegamon)
* Experience within UK banking or financial services environments
* Experience supporting high-volume payments or core banking systems

Two experienced DevSecOps Engineers are required to support defence-focused projects, driving best practice across secure software delivery, cloud platforms, and deployment automation. The role focuses on improving the speed, reliability, and security of systems throughout the full software development life cycle. These positions works with modern DevSecOps, cloud, and SRE practices in complex, security-critical environments. The Role The DevSecOps Engineers will design, build, and maintain secure CI/CD pipelines and cloud infrastructure, supporting both development teams and live operational systems. The role combines hands-on technical delivery with collaboration across engineering, security, and product teams. Key responsibilities include: \* Managing code releases and automated deployments \* Applying SRE principles to improve system reliability and uptime \* Supporting and troubleshooting live systems \* Working closely with developers, security architects, and quality engineers \* Coaching team members on DevSecOps best practice Skills & Experience Essential \* Experience in DevSecOps or similar roles \* Strong experience with AWS (Azure or GCP beneficial) \* CI/CD tooling (eg GitLab CI/CD) \* Infrastructure as Code (eg Terraform, Ansible, Puppet) \* Containerisation and orchestration (Docker, Kubernetes) \* Linux and Scripting \* Secure development and vulnerability management \* Monitoring and observability tools (eg Prometheus, Grafana, Elastic) Beneficial \* Cyber security tooling (eg Tenable, SonarQube, IDAM solutions) \* Microservices, serverless, APIs, and event-driven architectures \* GPU or edge computing environments \* Automation languages such as Python or Rust \* Experience in defence or highly regulated environments Security Clearance Due to the nature of the work, candidates must be eligible for SC clearance. This requires British citizenship and UK residency for the relevant period. Reasonable Adjustments: Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients. If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

The successful applicant will join teams working at the forefront of AI/DS, Cyber, Cloud, DevOps/SRE and Platform Engineering. With long-term programmes secured across the latest frameworks, this position offers the chance to be part of an exciting growth journey with significant technical depth and variety. As a Cyber Software Engineer, you will contribute to the research, design and development of critical systems in support of National Security missions. You will apply secure coding practices, maintain high standards of software quality and work closely with operating systems at a low level. Key Requirements \* Strong experience with C or C++ \* Familiarity with Python \* Comfortable working with Linux or Windows operating systems \* Knowledge of version control tools and experience in agile delivery environments \* An interest in the Cyber domain \* Understanding of common software design and testing patterns \* Ability to build systems and support continuous integration pipelines Clearance Due to the nature of the work, applicants must be eligible to obtain DV clearance. This requires being a British Citizen and having lived in the UK for the past 10 years. Next Steps To apply, please submit an up-to-date CV. Reasonable Adjustments: Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients. If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Cyber Software Engineer - National Security

The successful applicant will join teams working at the forefront of AI/DS, Cyber, Cloud, DevOps/SRE and Platform Engineering. With long-term programmes secured across the latest frameworks, this position offers the chance to be part of an exciting growth journey with significant technical depth and variety.

As a Cyber Software Engineer, the successful applicant will contribute to the research, design and development of critical systems in support of National Security missions. They will apply secure coding practices, maintain high standards of software quality and work closely with operating systems at a low level.

Key Requirements

. Strong experience with C or C++
. Familiarity with Python
. Comfortable working with Linux or Windows operating systems
. Knowledge of version control tools and experience in agile delivery environments
. An interest in the Cyber domain
. Understanding of common software design and testing patterns
. Ability to build systems and support continuous integration pipelines

Clearance

Due to the nature of the work, applicants must be eligible to obtain DV clearance. This requires being a British Citizen and having lived in the UK for the past 10 years.

Next Steps

To apply, please submit an up-to-date CV. The team looks forward to hearing from you.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

The University of Surrey is a global community of ideas and people, dedicated to life-changing education and research.

We are recruiting a Cyber Risk & Assurance Manager to provide a focal point for Information Security Assurance, providing guidance and support to colleagues within IT Services and across the business.

As a senior risk professional, you will be leading on information security assurance, working with other security disciplines, technical teams and architects to overlay good practice and security controls in support of business activities. Using your business acumen, you will apply appropriate risk analysis principles to support the University mission.

What you’ll be doing:

• Working with the Cyber Security leadership team to develop the University’s security and compliance frameworks, maintaining and developing accreditation for IT Services’ service catalogue
• Managing the PCI-DSS certification process, supporting all faculties / departments to ensure that their payment solutions are compliant
• Managing the annual certification activities associated with NHS DSP Toolkit
• Managing the annual certification activities associated with Cyber Essentials+
• Operating and continuously improving the cyber risk registers and management information, supporting the successful communication of business risk within the institutional risk framework and University committee structure
• Provide product ownership for GRC tooling

What you’ll have:

• Substantial vocational and relevant management experience, and success in similar or related roles, supported by evidence of significant appropriate specialist knowledge
• Experience of administering vendor risk management processes, and prior experience of risk assessment
• Experience of working with external parties in relation to their specific information security assurance requirements, such as NHS England (NHS DSP Toolkit); ONS (ONS Secure Research Service)
• Experience of developing workflows in support of information governance and information security assurance; particularly any service development involving GRC processes and tooling (such as OneTrust)
• Appropriate IT Security/risk certifications (such as one or more of: CISSP, CISA, CISM, CRISC)
• Ability to work flexibly, including working outside of regular office hours upon occasion where incidents arise

What we can offer

In addition to a competitive salary you will receive 25 days annual leave, with 8 additional days for Bank Holidays and 7 for University closure days. We offer a generous pension, flexible working options, access to world-class leisure facilities, a range of travel schemes, and supportive family friendly benefits including an excellent on-site nursery.

How to apply

To apply, please upload your CV and a cover letter to the university website.

Informal enquiries should be directed to David Iveson via

Interviews will be held 26th May.

Please note, we are not looking for any external agency support on this role at this time.

The University of Surrey is committed to providing an inclusive environment that offers equal opportunities for all. We value everyone in our community and are seeking to increase the diversity. Therefore, we particularly encourage applications from under-represented groups, such as people from Black, Asian and minority ethnic groups and people with disabilities.

Further details

Job Description