Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success. Why Join Us? To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win. We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a flexible work model (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We're building a more open world. Join us. Strategic Partnership Manager Introduction to the Team Do you want to join a high growth B2B2C partnership focused on driving industry-leading travel products and services? Are you passionate about building enduring relationships? Do you want to make a lasting difference on a growing business that is central to the Expedia Group strategy? If yes, then Expedia Private Label Solutions (PLS) would like to meet you! In this role, you will: As a Strategic Partnerships Manager, you will join a team of Account Managers who manage one of Expedia's largest private label financial institution partners. You will be responsible for owning internal and client-facing operational workstreams specific to the partner's proprietary Hotel programs and Compliance requirements to ensure Expedia is delivering best-in-class services and adhering to our partnership obligations. You will help manage the account to revenue targets as well as identify and drive growth initiatives in collaboration with other Account Managers and Product teams. This is an opportunity to learn in a high-performance environment, in a multi-billion dollar and complex enterprise partnership from the ground up. If you are comfortable building lasting partner relationships and delivering at the highest standards, come build something great with us! Manage and optimize our partnership operations to ensure the highest standards of delivery in the following areas: Hotel Operations: Work closely with internal and partner operations team to ensure best in class operations which includes Work with internal Expedia teams as a knowledge base on our private label partnership Act as primary contact for our private label partner as it relates to hotel operations Day-to-day operations management for our hotel partners Compliance: Work closely with Expedia Security, Servicing and Legal teams to manage our annual information security audit as well as ongoing compliance requests and escalations Find ways to optimize our partner compliance processes (Infosec and other audits, compliance requests, partner escalations, etc ) Manage partnership SLAs Work collaboratively with the partner to identify new business opportunities and drive new business Build strong long-term strategic commercial relationships Resourcing and Budget Management Experience and Qualifications: Have a strong business acumen and financial skillset Have prior experience in client facing roles & building strategic partnerships Have prior experience understanding commercial contracts Have prior experience or understanding of hotel revenue management & operations Have an advanced Microsoft Excel skillset and are comfortable working with data to communicate and make effective business decisions Proactive in identifying and acting on opportunities for improvement Can identify commercial risks and communicate them effectively Comfortable navigating and managing complex organizational structures and people dynamics Have strong written and verbal communication skills Have prior travel industry & tech experience Are comfortable working in a fast pace and complex environment to meet high partner standards 5+ years experience in a consulting/ strategic partnership role Bachelor's degree or equivalent work experience required MBA Preferred The total cash range for this position in Chicago is $90,000.00 to $126,000.00. Employees in this role have the potential to increase their pay up to $144,000.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role. Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual's knowledge, skills, and experience. Pay ranges may be modified in the future. The total cash range for this position in Seattle is $94,000.00 to $131,500.00. Employees in this role have the potential to increase their pay up to $150,500.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.The total cash range for this position in Chicago is $90,000.00 to $126,000.00. Employees in this role have the potential to increase their pay up to $144,000.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role. Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual's knowledge, skills, and experience. Pay ranges may be modified in the future. Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee's passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent ( IATAN ) membership. View our full list of benefits . Accommodation requests If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request . We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others. Expedia Group's family of brands includes: Brand Expedia, Expedia Partner Solutions, Vrbo, trivago, Orbitz, Travelocity, Hotwire, Wotif, ebookers, CheapTickets, Expedia Group Media Solutions, Expedia Local Expert, and Expedia Cruises. 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: -50 Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you're confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain The official website to find and apply for job openings at Expedia Group is . Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.
Aug 13, 2025
Full time
Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success. Why Join Us? To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win. We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a flexible work model (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We're building a more open world. Join us. Strategic Partnership Manager Introduction to the Team Do you want to join a high growth B2B2C partnership focused on driving industry-leading travel products and services? Are you passionate about building enduring relationships? Do you want to make a lasting difference on a growing business that is central to the Expedia Group strategy? If yes, then Expedia Private Label Solutions (PLS) would like to meet you! In this role, you will: As a Strategic Partnerships Manager, you will join a team of Account Managers who manage one of Expedia's largest private label financial institution partners. You will be responsible for owning internal and client-facing operational workstreams specific to the partner's proprietary Hotel programs and Compliance requirements to ensure Expedia is delivering best-in-class services and adhering to our partnership obligations. You will help manage the account to revenue targets as well as identify and drive growth initiatives in collaboration with other Account Managers and Product teams. This is an opportunity to learn in a high-performance environment, in a multi-billion dollar and complex enterprise partnership from the ground up. If you are comfortable building lasting partner relationships and delivering at the highest standards, come build something great with us! Manage and optimize our partnership operations to ensure the highest standards of delivery in the following areas: Hotel Operations: Work closely with internal and partner operations team to ensure best in class operations which includes Work with internal Expedia teams as a knowledge base on our private label partnership Act as primary contact for our private label partner as it relates to hotel operations Day-to-day operations management for our hotel partners Compliance: Work closely with Expedia Security, Servicing and Legal teams to manage our annual information security audit as well as ongoing compliance requests and escalations Find ways to optimize our partner compliance processes (Infosec and other audits, compliance requests, partner escalations, etc ) Manage partnership SLAs Work collaboratively with the partner to identify new business opportunities and drive new business Build strong long-term strategic commercial relationships Resourcing and Budget Management Experience and Qualifications: Have a strong business acumen and financial skillset Have prior experience in client facing roles & building strategic partnerships Have prior experience understanding commercial contracts Have prior experience or understanding of hotel revenue management & operations Have an advanced Microsoft Excel skillset and are comfortable working with data to communicate and make effective business decisions Proactive in identifying and acting on opportunities for improvement Can identify commercial risks and communicate them effectively Comfortable navigating and managing complex organizational structures and people dynamics Have strong written and verbal communication skills Have prior travel industry & tech experience Are comfortable working in a fast pace and complex environment to meet high partner standards 5+ years experience in a consulting/ strategic partnership role Bachelor's degree or equivalent work experience required MBA Preferred The total cash range for this position in Chicago is $90,000.00 to $126,000.00. Employees in this role have the potential to increase their pay up to $144,000.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role. Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual's knowledge, skills, and experience. Pay ranges may be modified in the future. The total cash range for this position in Seattle is $94,000.00 to $131,500.00. Employees in this role have the potential to increase their pay up to $150,500.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.The total cash range for this position in Chicago is $90,000.00 to $126,000.00. Employees in this role have the potential to increase their pay up to $144,000.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role. Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual's knowledge, skills, and experience. Pay ranges may be modified in the future. Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee's passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent ( IATAN ) membership. View our full list of benefits . Accommodation requests If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request . We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others. Expedia Group's family of brands includes: Brand Expedia, Expedia Partner Solutions, Vrbo, trivago, Orbitz, Travelocity, Hotwire, Wotif, ebookers, CheapTickets, Expedia Group Media Solutions, Expedia Local Expert, and Expedia Cruises. 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: -50 Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you're confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain The official website to find and apply for job openings at Expedia Group is . Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.
Head of Infosec Policy & Advisory page is loaded Head of Infosec Policy & Advisory Apply locations UK - Greater London USA - New Jersey - Warren time type Full time posted on Posted Today time left to apply End Date: August 14, 2025 (6 days left to apply) job requisition id 534800 Hello. We're Haleon. A new world-leading consumer health company. Shaped by all who join us. Together, we're improving everyday health for billions of people. By growing and innovating our global portfolio of category-leading brands - including Sensodyne, Panadol, Advil, Voltaren, Theraflu, Otrivin, and Centrum - through a unique combination of deep human understanding and trusted science. What's more, we're achieving it in a company that we're in control of. In an environment that we're co-creating. And a culture that's uniquely ours. Care to join us. It isn't a question. This is an exciting time to join us and help shape the future. It's an opportunity to be part of something special. The Head of InfoSec Policy & Advisory is a strategic leadership role responsible for overseeing the development and maintenance of Global Information and Cyber Security policies and standards and developing an Information Security advisory capability. The advisory capability will become the front end for all information Security aspects (cyber, data privacy and compliance). You will work alongside D&T technical delivery teams to ensure that the policies, standards and controls are appropriately implemented and recorded, security and compliance is built in from the start and also provide advice and guidance to business leaders across entire Haleon business. We're looking for a seasoned cybersecurity professional with a deep understanding of the IT & OT environments, emerging threats, industry best practices, and have the ability to build and develop a world class team. A key measure of success will be to collaborate with key stakeholders across the organization. This role will provide YOU the opportunity to lead key activities to progress YOUR career, these responsibilities include some of the following Provide strategic guidance to senior leadership on emerging threats, risk mitigation, and the evolving landscape of cybersecurity. Conduct regular reviews of information security policies and standards to ensure they are maintained and are kept in line with changes to regulation and emerging requirements. Build a team of high quality advisors that are able to work effectively with technical teams and business leaders around the globe. Gather feedback on policies and standards from implementation teams, GRC and cyber operations to improve and optimize the policies and standards. Act as a point of escalation for any infosec or policy issues, and undertaking risk assessments before approving any deviations/exceptions to policy or escalating risk to more senior leadership as necessary. Why you? Basic Qualifications: We are looking for professionals with these required skills to achieve our goals: CISSP or CISM. Ability to solve complex problems. Risk Management. Highly-developed interpersonal and communication skills. Team management and development experience. Preferred Qualifications: If you have the following characteristics, it would be a plus: Proven ability to communicate with Executive Teams and junior staff. Enterprise level risk management. Strong relationship building. APPLICATION CLOSING DATE - 22 August 2025. Please save a copy of the Job Description, as this will not be available post closure of the advert. When applying for this role, please use the 'cover letter' of the online application or your CV to describe how you meet the competencies for this role, as outlined in the job requirements above. The information that you have provided in your cover letter and CV will be used to assess your application. Why Join Us? The future of everyday health is changing. And we're thepeople changing it. In front of us is an incredibleopportunity to go beyond what any of us have donebefore. And make everyday health more achievable,more inclusive and more sustainable. For more and morepeople. So,join us, as we build one of the world's leadingconsumer healthcare companies. Join us to innovate ourcategory-leading brands. To better understand people'severyday health needs. To tackle the biggest barriersthat stand in their way. To change individual and societalbehaviour.Join us to work with colleagues who share your restlessenergy. To explore your interests. To stretch yourself todo the best work of your career. And join us, as togetherwe build a working experience that encourages us all tolead happier, healthier, more productive lives.The way we see it, every day is an opportunity for better.And we're going all in to realize it. Care to join us. Find out what life at Haleon is really like At Haleon we embrace our diverse workforce by creating an inclusive environment that celebrates our unique perspectives, generates curiosity to create unmatched understanding of each other, and promotes fair and equitable outcomes for everyone. We're striving to create a climate where we celebrate our diversity in all forms by treating each other with respect, listening to different viewpoints, supporting our communities, and creating a workplace where your authentic self belongs and thrives. We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are. As you apply, we will ask you to share some personal information, which is entirely voluntary. We want to have an opportunity to consider a diverse pool of qualified candidates and this information will assist us in meeting that objective and in understanding how well we are doing against our inclusion and diversity ambitions. We would really appreciate it if you could take a few moments to complete it. Rest assured, Hiring Managers do not have access to this information and we will treat your information confidentially. Haleon is an Equal Opportunity Employer. All qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class. Accommodation Requests If you require a reasonable accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific accommodations you are requesting. We'll provide all reasonable accommodations to support you throughout the recruitment process and treat all information you provide us in confidence. Similar Jobs (1) Head of Cyber Engineering & Architecture locations UK - Greater London time type Full time posted on Posted Yesterday time left to apply End Date: August 23, 2025 (15 days left to apply) Who are we? Hello. We'reHaleon. A new world-leading consumerhealthcare company. Shaped by all of us. Together, we'reimproving everyday health for millions of people. Bygrowing and innovating our global portfolio of category-leading brands - including Sensodyne, Panadol, Advil,Voltaren, Theraflu,Otrivin, and Centrum - through aunique combination of deep human understanding andtrusted science. What's more, we're achieving it in acompany that we're building together. In an environmentthat we're co-creating. And a culture that's uniquelyours. Care to join us. It isn't a question.
Aug 13, 2025
Full time
Head of Infosec Policy & Advisory page is loaded Head of Infosec Policy & Advisory Apply locations UK - Greater London USA - New Jersey - Warren time type Full time posted on Posted Today time left to apply End Date: August 14, 2025 (6 days left to apply) job requisition id 534800 Hello. We're Haleon. A new world-leading consumer health company. Shaped by all who join us. Together, we're improving everyday health for billions of people. By growing and innovating our global portfolio of category-leading brands - including Sensodyne, Panadol, Advil, Voltaren, Theraflu, Otrivin, and Centrum - through a unique combination of deep human understanding and trusted science. What's more, we're achieving it in a company that we're in control of. In an environment that we're co-creating. And a culture that's uniquely ours. Care to join us. It isn't a question. This is an exciting time to join us and help shape the future. It's an opportunity to be part of something special. The Head of InfoSec Policy & Advisory is a strategic leadership role responsible for overseeing the development and maintenance of Global Information and Cyber Security policies and standards and developing an Information Security advisory capability. The advisory capability will become the front end for all information Security aspects (cyber, data privacy and compliance). You will work alongside D&T technical delivery teams to ensure that the policies, standards and controls are appropriately implemented and recorded, security and compliance is built in from the start and also provide advice and guidance to business leaders across entire Haleon business. We're looking for a seasoned cybersecurity professional with a deep understanding of the IT & OT environments, emerging threats, industry best practices, and have the ability to build and develop a world class team. A key measure of success will be to collaborate with key stakeholders across the organization. This role will provide YOU the opportunity to lead key activities to progress YOUR career, these responsibilities include some of the following Provide strategic guidance to senior leadership on emerging threats, risk mitigation, and the evolving landscape of cybersecurity. Conduct regular reviews of information security policies and standards to ensure they are maintained and are kept in line with changes to regulation and emerging requirements. Build a team of high quality advisors that are able to work effectively with technical teams and business leaders around the globe. Gather feedback on policies and standards from implementation teams, GRC and cyber operations to improve and optimize the policies and standards. Act as a point of escalation for any infosec or policy issues, and undertaking risk assessments before approving any deviations/exceptions to policy or escalating risk to more senior leadership as necessary. Why you? Basic Qualifications: We are looking for professionals with these required skills to achieve our goals: CISSP or CISM. Ability to solve complex problems. Risk Management. Highly-developed interpersonal and communication skills. Team management and development experience. Preferred Qualifications: If you have the following characteristics, it would be a plus: Proven ability to communicate with Executive Teams and junior staff. Enterprise level risk management. Strong relationship building. APPLICATION CLOSING DATE - 22 August 2025. Please save a copy of the Job Description, as this will not be available post closure of the advert. When applying for this role, please use the 'cover letter' of the online application or your CV to describe how you meet the competencies for this role, as outlined in the job requirements above. The information that you have provided in your cover letter and CV will be used to assess your application. Why Join Us? The future of everyday health is changing. And we're thepeople changing it. In front of us is an incredibleopportunity to go beyond what any of us have donebefore. And make everyday health more achievable,more inclusive and more sustainable. For more and morepeople. So,join us, as we build one of the world's leadingconsumer healthcare companies. Join us to innovate ourcategory-leading brands. To better understand people'severyday health needs. To tackle the biggest barriersthat stand in their way. To change individual and societalbehaviour.Join us to work with colleagues who share your restlessenergy. To explore your interests. To stretch yourself todo the best work of your career. And join us, as togetherwe build a working experience that encourages us all tolead happier, healthier, more productive lives.The way we see it, every day is an opportunity for better.And we're going all in to realize it. Care to join us. Find out what life at Haleon is really like At Haleon we embrace our diverse workforce by creating an inclusive environment that celebrates our unique perspectives, generates curiosity to create unmatched understanding of each other, and promotes fair and equitable outcomes for everyone. We're striving to create a climate where we celebrate our diversity in all forms by treating each other with respect, listening to different viewpoints, supporting our communities, and creating a workplace where your authentic self belongs and thrives. We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are. As you apply, we will ask you to share some personal information, which is entirely voluntary. We want to have an opportunity to consider a diverse pool of qualified candidates and this information will assist us in meeting that objective and in understanding how well we are doing against our inclusion and diversity ambitions. We would really appreciate it if you could take a few moments to complete it. Rest assured, Hiring Managers do not have access to this information and we will treat your information confidentially. Haleon is an Equal Opportunity Employer. All qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class. Accommodation Requests If you require a reasonable accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific accommodations you are requesting. We'll provide all reasonable accommodations to support you throughout the recruitment process and treat all information you provide us in confidence. Similar Jobs (1) Head of Cyber Engineering & Architecture locations UK - Greater London time type Full time posted on Posted Yesterday time left to apply End Date: August 23, 2025 (15 days left to apply) Who are we? Hello. We'reHaleon. A new world-leading consumerhealthcare company. Shaped by all of us. Together, we'reimproving everyday health for millions of people. Bygrowing and innovating our global portfolio of category-leading brands - including Sensodyne, Panadol, Advil,Voltaren, Theraflu,Otrivin, and Centrum - through aunique combination of deep human understanding andtrusted science. What's more, we're achieving it in acompany that we're building together. In an environmentthat we're co-creating. And a culture that's uniquelyours. Care to join us. It isn't a question.
Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success. Why Join Us? To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win. We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a flexible work model (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We're building a more open world. Join us. Strategic Partnership Manager Introduction to the Team Do you want to join a high growth B2B2C partnership focused on driving industry-leading travel products and services? Are you passionate about building enduring relationships? Do you want to make a lasting difference on a growing business that is central to the Expedia Group strategy? If yes, then Expedia Private Label Solutions (PLS) would like to meet you! In this role, you will: As a Strategic Partnerships Manager, you will join a team of Account Managers who manage one of Expedia's largest private label financial institution partners. You will be responsible for owning internal and client-facing operational workstreams specific to the partner's proprietary Hotel programs and Compliance requirements to ensure Expedia is delivering best-in-class services and adhering to our partnership obligations. You will help manage the account to revenue targets as well as identify and drive growth initiatives in collaboration with other Account Managers and Product teams. This is an opportunity to learn in a high-performance environment, in a multi-billion dollar and complex enterprise partnership from the ground up. If you are comfortable building lasting partner relationships and delivering at the highest standards, come build something great with us! Manage and optimize our partnership operations to ensure the highest standards of delivery in the following areas: Hotel Operations: Work closely with internal and partner operations team to ensure best in class operations which includes Work with internal Expedia teams as a knowledge base on our private label partnership Act as primary contact for our private label partner as it relates to hotel operations Day-to-day operations management for our hotel partners Compliance: Work closely with Expedia Security, Servicing and Legal teams to manage our annual information security audit as well as ongoing compliance requests and escalations Find ways to optimize our partner compliance processes (Infosec and other audits, compliance requests, partner escalations, etc ) Manage partnership SLAs Work collaboratively with the partner to identify new business opportunities and drive new business Build strong long-term strategic commercial relationships Resourcing and Budget Management Experience and Qualifications: Have a strong business acumen and financial skillset Have prior experience in client facing roles & building strategic partnerships Have prior experience understanding commercial contracts Have prior experience or understanding of hotel revenue management & operations Have an advanced Microsoft Excel skillset and are comfortable working with data to communicate and make effective business decisions Proactive in identifying and acting on opportunities for improvement Can identify commercial risks and communicate them effectively Comfortable navigating and managing complex organizational structures and people dynamics Have strong written and verbal communication skills Have prior travel industry & tech experience Are comfortable working in a fast pace and complex environment to meet high partner standards 5+ years experience in a consulting/ strategic partnership role Bachelor's degree or equivalent work experience required MBA Preferred The total cash range for this position in Chicago is $90,000.00 to $126,000.00. Employees in this role have the potential to increase their pay up to $144,000.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role. Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual's knowledge, skills, and experience. Pay ranges may be modified in the future. The total cash range for this position in Seattle is $94,000.00 to $131,500.00. Employees in this role have the potential to increase their pay up to $150,500.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.The total cash range for this position in Chicago is $90,000.00 to $126,000.00. Employees in this role have the potential to increase their pay up to $144,000.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role. Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual's knowledge, skills, and experience. Pay ranges may be modified in the future. Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee's passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent ( IATAN ) membership. View our full list of benefits . Accommodation requests If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request . We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others. Expedia Group's family of brands includes: Brand Expedia, Expedia Partner Solutions, Vrbo, trivago, Orbitz, Travelocity, Hotwire, Wotif, ebookers, CheapTickets, Expedia Group Media Solutions, Expedia Local Expert, and Expedia Cruises. 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: -50 Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you're confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain The official website to find and apply for job openings at Expedia Group is . Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.
Aug 13, 2025
Full time
Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success. Why Join Us? To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win. We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a flexible work model (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We're building a more open world. Join us. Strategic Partnership Manager Introduction to the Team Do you want to join a high growth B2B2C partnership focused on driving industry-leading travel products and services? Are you passionate about building enduring relationships? Do you want to make a lasting difference on a growing business that is central to the Expedia Group strategy? If yes, then Expedia Private Label Solutions (PLS) would like to meet you! In this role, you will: As a Strategic Partnerships Manager, you will join a team of Account Managers who manage one of Expedia's largest private label financial institution partners. You will be responsible for owning internal and client-facing operational workstreams specific to the partner's proprietary Hotel programs and Compliance requirements to ensure Expedia is delivering best-in-class services and adhering to our partnership obligations. You will help manage the account to revenue targets as well as identify and drive growth initiatives in collaboration with other Account Managers and Product teams. This is an opportunity to learn in a high-performance environment, in a multi-billion dollar and complex enterprise partnership from the ground up. If you are comfortable building lasting partner relationships and delivering at the highest standards, come build something great with us! Manage and optimize our partnership operations to ensure the highest standards of delivery in the following areas: Hotel Operations: Work closely with internal and partner operations team to ensure best in class operations which includes Work with internal Expedia teams as a knowledge base on our private label partnership Act as primary contact for our private label partner as it relates to hotel operations Day-to-day operations management for our hotel partners Compliance: Work closely with Expedia Security, Servicing and Legal teams to manage our annual information security audit as well as ongoing compliance requests and escalations Find ways to optimize our partner compliance processes (Infosec and other audits, compliance requests, partner escalations, etc ) Manage partnership SLAs Work collaboratively with the partner to identify new business opportunities and drive new business Build strong long-term strategic commercial relationships Resourcing and Budget Management Experience and Qualifications: Have a strong business acumen and financial skillset Have prior experience in client facing roles & building strategic partnerships Have prior experience understanding commercial contracts Have prior experience or understanding of hotel revenue management & operations Have an advanced Microsoft Excel skillset and are comfortable working with data to communicate and make effective business decisions Proactive in identifying and acting on opportunities for improvement Can identify commercial risks and communicate them effectively Comfortable navigating and managing complex organizational structures and people dynamics Have strong written and verbal communication skills Have prior travel industry & tech experience Are comfortable working in a fast pace and complex environment to meet high partner standards 5+ years experience in a consulting/ strategic partnership role Bachelor's degree or equivalent work experience required MBA Preferred The total cash range for this position in Chicago is $90,000.00 to $126,000.00. Employees in this role have the potential to increase their pay up to $144,000.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role. Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual's knowledge, skills, and experience. Pay ranges may be modified in the future. The total cash range for this position in Seattle is $94,000.00 to $131,500.00. Employees in this role have the potential to increase their pay up to $150,500.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.The total cash range for this position in Chicago is $90,000.00 to $126,000.00. Employees in this role have the potential to increase their pay up to $144,000.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role. Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual's knowledge, skills, and experience. Pay ranges may be modified in the future. Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee's passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent ( IATAN ) membership. View our full list of benefits . Accommodation requests If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request . We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others. Expedia Group's family of brands includes: Brand Expedia, Expedia Partner Solutions, Vrbo, trivago, Orbitz, Travelocity, Hotwire, Wotif, ebookers, CheapTickets, Expedia Group Media Solutions, Expedia Local Expert, and Expedia Cruises. 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: -50 Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you're confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain The official website to find and apply for job openings at Expedia Group is . Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.
Information Security Manager 70,000- 75,000 PA Central London Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years. The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements. Responsibilities: Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments Actively contribute to ISO processes, strategies and problem-solving Use prior ISO experience to support certification readiness Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap Handle varied and complex security challenges, from system reviews to high-level risk assessments Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing Requirements: Experience with ISO 27001 is essential Strong background in cyber security management Proven experience in identifying and mitigating security risks# Ability to make actionable recommendations for security improvements Experience with GDPR and data protection, together with knowledge of IS standards Security assessment frameworks (threat modelling, controls assessment, risk assessment) Relevant qualifications; CISSP, CISM or similar would be beneficial. Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation.
Aug 12, 2025
Full time
Information Security Manager 70,000- 75,000 PA Central London Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years. The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements. Responsibilities: Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments Actively contribute to ISO processes, strategies and problem-solving Use prior ISO experience to support certification readiness Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap Handle varied and complex security challenges, from system reviews to high-level risk assessments Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing Requirements: Experience with ISO 27001 is essential Strong background in cyber security management Proven experience in identifying and mitigating security risks# Ability to make actionable recommendations for security improvements Experience with GDPR and data protection, together with knowledge of IS standards Security assessment frameworks (threat modelling, controls assessment, risk assessment) Relevant qualifications; CISSP, CISM or similar would be beneficial. Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation.
We are currently recruiting for aHead of Global Information Security Transformation & EMEA Business Information Security Officer (BISO)to join the A&O Shearman London office. Apply today via the link below or contact for more information. What you will do The Head of Global Information Security Transformation & EMEA Business Information Security Officer (BISO) plays a pivotal role in ensuring the effective and efficient operation of the Information Security (InfoSec) function which is located across the United Kingdom, United States and Singapore. Working closely with our new CISO Yolande Young, the global InfoSec team, the wider IT organization, and other key stakeholders, the incumbent supports all aspects of the InfoSec function to amplify its efficacy, including: Driving communications and engagement on cyber topics across the organization globally. Implementing and maintaining effective management of the portfolio of InfoSec programs, projects and initiatives. Embedding a performance culture through effective team and stakeholder engagement and regular reporting. Overseeing a range of internal processes related to the running of the function. In their capacity as EMEA BISO, they act as a trusted liaison between the core global information security team and EMEA regional leadership, alongside regional Business, IT and information security teams, ensuring that the CISO's directives and initiatives are implemented at the regional level. They will support both the global information security teams and their regional equivalents where region-specific restraints block or prevent the delivery of initiatives or fulfilment of goals, identifying solutions that balance regional constraints with global security objectives. This will include: Operational Oversight Oversee, manage and support the portfolio of global information security transformation programs, projects and initiatives, ensuring alignment with strategic objectives. Oversee financial planning and budget reporting of the global information security function working closely with the IT COO. Assist the CISO in managing dependencies in global information security transformation programs, projects and initiatives within the information security space and more widely. Bring focus, pace, and discipline to transformation projects, driving progress in a consistent and transparent way, identifying opportunities, risks and dependencies, and making interventions where appropriate. Establish and maintain project tracking and reporting, monitoring the status of global information security transformation projects and pipelines of work, including agreed KPIs and KRIs to the CISO, stakeholders and ExCo. Support the CISO with the preparation of business cases, proposals and assistance with high impact presentations. Deputise for the CISO during incident response activities, if they are unavailable to perform their duties in the event of a major live incident. Contribute to regional information security budgeting and resource planning to ensure adequate support for regional strategic initiatives and operational resilience, without undermining the plans and objectives of the global firm. EMEA Regional Advocacy and Strategic Alignment Liaise with the core global information security leadership and regional Partner leadership, IT and information security staff, ensuring that directives and initiatives are implemented at the regional level across all business units in the EMEA region. Build and maintain a strategic roadmap for the region which aligns with both business and client priorities, making use of an intimate understanding of the regional business. Ensure that the firm's overarching information security strategies, goals, and objectives are properly understood at a regional level, and that regional Business and IT stakeholders are aligned in realising these strategies, goals, and objectives. Advocate for the information security initiatives, strategies, and activities mandated by the CISO, ensuring a sufficient level of buy-in from regional Business and IT staff. Serve as a key point of contact and advisor for the firm's Partners and business units within the EMEA region around information security matters, including: The firm's global strategy Emerging threats in the law sector Security initiatives being carried out in other regions Any other developments relevant to information security. EMEA Regional Compliance and Policy Development Assist in the development and maintenance of information security policies, standards, and procedures, ensuring that any EMEA region-specific concerns, policies, or procedures are incorporated into global information security policies (e.g., as an appendix). Ensure compliance with any relevant local information security regulations (e.g., GDPR) and industry standards within the EMEA region, whilst aligning with standards followed by the global firm (to the highest extent possible) by staying up-to-date with changing and evolving regulatory requirements within the region. Ensure that regional business units, IT, and information security staff are compliant with global policies. Provide guidance and support to regional Partners and business units within the EMEA region on security-related compliance matters. Develop and maintain regional security performance metrics and dashboards to track compliance, risk, and awareness levels, and report regularly to global and regional leadership. EMEA Regional Support and Implementation Support both global and regional information security teams where region-specific restraints block or create tensions in the delivery of initiatives or fulfilment of goals by: Ensuring that relevant and legitimate regional concerns around initiatives are heard by global information security leadership in the firm. Finding compromises or solutions which satisfy all parties and keep the firm secure globally. Support the delivery of any region-specific information security initiatives or activities and ensure they are aligned with the firm's strategy, goals and objectives. Advise regional Partner, Business, and IT stakeholders across the EMEA region regarding information security threats, overall risk levels, and emerging threats relevant to the firm at both regional and global levels. Lead the identification, assessment, and mitigation of information security risks across business units within the EMEA region, maintaining a regional risk register and reporting key risks to the CISO and regional leadership. Improve information security awareness across the firm's business units within the EMEA region. Partner with HR and Learning & Development to deliver targeted security training and capability-building programmes across business units in the EMEA region. Act as the regional escalation point for security incidents, coordinating with global incident response teams to ensure timely and effective resolution and post-incident reviews. Support the assessment and monitoring of third-party vendors and partners of business units within the EMEA region to ensure compliance with the firm's information security standards and regulatory obligations. Communication and Engagement for Global security transformation Establish a stakeholder map and plan an appropriate cadence of engagement and proactively network and manage relationships supporting the CISO in building and maintaining trust and confidence amongst colleagues and stakeholders. Effectively communicate the CISO's information security vision and purpose with impact and credibility, both in person and in writing by exploring new and innovative communications methods that respond to feedback and drive engagement and achieve continuous improvement. Collaborate with the CISO and information security leadership to craft key security messages and develop a delivery plan tailored to target audiences and channels. Collaborate with the firm's internal and external comms teams where relevant to shape, align, implement, and execute the CISO comms plan and activities. Enable a high performing team for Global security transformation Manage a broad range of support responsibilities essential for the smooth running of the function, whilst improving operational effectiveness and driving continuous improvement in information security processes and tools. Set the cadence, direction, agenda and flow of Information security meetings, facilitating effective ways of working. Support the CISO in the design and implementation of transformation initiatives. Support the CISO to instantiate key result indicators and key performance indicators for the team for both team and wider business use. Support the onboarding of new joiners to information security team and co-own the people and talent strategy for the team together with the CISO and Leadership Team to enable a consistent approach to staff development plans and learning journeys. Work closely with the CISO and relevant people managers and HR colleagues to progress and respond to people matters including, workforce planning and recruitment. Collaborate with the firm's local recruitment teams to support recruitment activities directly led by the CISO . click apply for full job details
Aug 05, 2025
Full time
We are currently recruiting for aHead of Global Information Security Transformation & EMEA Business Information Security Officer (BISO)to join the A&O Shearman London office. Apply today via the link below or contact for more information. What you will do The Head of Global Information Security Transformation & EMEA Business Information Security Officer (BISO) plays a pivotal role in ensuring the effective and efficient operation of the Information Security (InfoSec) function which is located across the United Kingdom, United States and Singapore. Working closely with our new CISO Yolande Young, the global InfoSec team, the wider IT organization, and other key stakeholders, the incumbent supports all aspects of the InfoSec function to amplify its efficacy, including: Driving communications and engagement on cyber topics across the organization globally. Implementing and maintaining effective management of the portfolio of InfoSec programs, projects and initiatives. Embedding a performance culture through effective team and stakeholder engagement and regular reporting. Overseeing a range of internal processes related to the running of the function. In their capacity as EMEA BISO, they act as a trusted liaison between the core global information security team and EMEA regional leadership, alongside regional Business, IT and information security teams, ensuring that the CISO's directives and initiatives are implemented at the regional level. They will support both the global information security teams and their regional equivalents where region-specific restraints block or prevent the delivery of initiatives or fulfilment of goals, identifying solutions that balance regional constraints with global security objectives. This will include: Operational Oversight Oversee, manage and support the portfolio of global information security transformation programs, projects and initiatives, ensuring alignment with strategic objectives. Oversee financial planning and budget reporting of the global information security function working closely with the IT COO. Assist the CISO in managing dependencies in global information security transformation programs, projects and initiatives within the information security space and more widely. Bring focus, pace, and discipline to transformation projects, driving progress in a consistent and transparent way, identifying opportunities, risks and dependencies, and making interventions where appropriate. Establish and maintain project tracking and reporting, monitoring the status of global information security transformation projects and pipelines of work, including agreed KPIs and KRIs to the CISO, stakeholders and ExCo. Support the CISO with the preparation of business cases, proposals and assistance with high impact presentations. Deputise for the CISO during incident response activities, if they are unavailable to perform their duties in the event of a major live incident. Contribute to regional information security budgeting and resource planning to ensure adequate support for regional strategic initiatives and operational resilience, without undermining the plans and objectives of the global firm. EMEA Regional Advocacy and Strategic Alignment Liaise with the core global information security leadership and regional Partner leadership, IT and information security staff, ensuring that directives and initiatives are implemented at the regional level across all business units in the EMEA region. Build and maintain a strategic roadmap for the region which aligns with both business and client priorities, making use of an intimate understanding of the regional business. Ensure that the firm's overarching information security strategies, goals, and objectives are properly understood at a regional level, and that regional Business and IT stakeholders are aligned in realising these strategies, goals, and objectives. Advocate for the information security initiatives, strategies, and activities mandated by the CISO, ensuring a sufficient level of buy-in from regional Business and IT staff. Serve as a key point of contact and advisor for the firm's Partners and business units within the EMEA region around information security matters, including: The firm's global strategy Emerging threats in the law sector Security initiatives being carried out in other regions Any other developments relevant to information security. EMEA Regional Compliance and Policy Development Assist in the development and maintenance of information security policies, standards, and procedures, ensuring that any EMEA region-specific concerns, policies, or procedures are incorporated into global information security policies (e.g., as an appendix). Ensure compliance with any relevant local information security regulations (e.g., GDPR) and industry standards within the EMEA region, whilst aligning with standards followed by the global firm (to the highest extent possible) by staying up-to-date with changing and evolving regulatory requirements within the region. Ensure that regional business units, IT, and information security staff are compliant with global policies. Provide guidance and support to regional Partners and business units within the EMEA region on security-related compliance matters. Develop and maintain regional security performance metrics and dashboards to track compliance, risk, and awareness levels, and report regularly to global and regional leadership. EMEA Regional Support and Implementation Support both global and regional information security teams where region-specific restraints block or create tensions in the delivery of initiatives or fulfilment of goals by: Ensuring that relevant and legitimate regional concerns around initiatives are heard by global information security leadership in the firm. Finding compromises or solutions which satisfy all parties and keep the firm secure globally. Support the delivery of any region-specific information security initiatives or activities and ensure they are aligned with the firm's strategy, goals and objectives. Advise regional Partner, Business, and IT stakeholders across the EMEA region regarding information security threats, overall risk levels, and emerging threats relevant to the firm at both regional and global levels. Lead the identification, assessment, and mitigation of information security risks across business units within the EMEA region, maintaining a regional risk register and reporting key risks to the CISO and regional leadership. Improve information security awareness across the firm's business units within the EMEA region. Partner with HR and Learning & Development to deliver targeted security training and capability-building programmes across business units in the EMEA region. Act as the regional escalation point for security incidents, coordinating with global incident response teams to ensure timely and effective resolution and post-incident reviews. Support the assessment and monitoring of third-party vendors and partners of business units within the EMEA region to ensure compliance with the firm's information security standards and regulatory obligations. Communication and Engagement for Global security transformation Establish a stakeholder map and plan an appropriate cadence of engagement and proactively network and manage relationships supporting the CISO in building and maintaining trust and confidence amongst colleagues and stakeholders. Effectively communicate the CISO's information security vision and purpose with impact and credibility, both in person and in writing by exploring new and innovative communications methods that respond to feedback and drive engagement and achieve continuous improvement. Collaborate with the CISO and information security leadership to craft key security messages and develop a delivery plan tailored to target audiences and channels. Collaborate with the firm's internal and external comms teams where relevant to shape, align, implement, and execute the CISO comms plan and activities. Enable a high performing team for Global security transformation Manage a broad range of support responsibilities essential for the smooth running of the function, whilst improving operational effectiveness and driving continuous improvement in information security processes and tools. Set the cadence, direction, agenda and flow of Information security meetings, facilitating effective ways of working. Support the CISO in the design and implementation of transformation initiatives. Support the CISO to instantiate key result indicators and key performance indicators for the team for both team and wider business use. Support the onboarding of new joiners to information security team and co-own the people and talent strategy for the team together with the CISO and Leadership Team to enable a consistent approach to staff development plans and learning journeys. Work closely with the CISO and relevant people managers and HR colleagues to progress and respond to people matters including, workforce planning and recruitment. Collaborate with the firm's local recruitment teams to support recruitment activities directly led by the CISO . click apply for full job details
Clinical Systems Engineer We are looking for a clinician with a strong interest in systems design to train as a Clinical Systems Engineer, to drive forward our desire to bring the benefits of Systems Engineering to the healthcare community. This is a strong opportunity for a clinician with NHS experience to access fully funded Masters-level training, alongside developing skills and a career in Systems Engineering. This is a highly varied role giving the successful candidate the opportunity to work across multiple projects and at all stages of the system and software development life cycles. The Role: Synoptix has a huge variety of projects and clients, ranging from: - Designing requirements and architecture across a large, complex naval programme, managing the complexity inherent in programmes. - Developing training and development packages for the NHS around applied systems thinking. - Providing cybersecurity threat modelling and secure-by-design expertise to a large cancer care AI startup. Day to day tasking can include: - Support and work on a number of our projects helping to deliver solutions to our customers. - Coordinate and collaborate with stakeholders to understand their needs and challenges. - Support the development of healthcare domain fluency for other colleagues across the company, including development of internal CPD activities for technical staff. - Support business development activities in the healthcare domain by providing domain-specific expertise. Initially, as Synoptix s healthcare presence is still developing, you would work across Synoptix s wider portfolio, gaining experience as you complete your studies. You may also get involved in Research and Development, including through our academic partnerships. Current research avenues include: - Novel approaches to clinical skills training using behavioural insights generation - Operational-level digital twins of NHS hospital environments. - Safety and behavioural detection at level crossings. - AI for safety of autonomous systems. - AI anomaly detection in operational technology. Synoptix also recognizes the value of the successful candidate maintaining clinical proficiency Key Skills Required: A nationally registered clinician (GMC, NMC, HCPC) with UK NHS experience. All professions will be considered and are welcome to apply. Experience of quality improvement or audit. Strong technical and problem-solving skills. Excellent interpersonal and communication skills, both in-person and digitally. Ability to work collaboratively with diverse teams of multi-disciplinary professionals. Ability to communicate highly technical or complex topics to non-technical or lay audiences. Interest in clinical systems design including digital, organizational and human systems. Enthusiasm to learn and develop into a new discipline. We are interested in any of the following skills, but they are not essential for you to apply: Experience or knowledge of clinical systems governance, healthcare information governance, or digital clinical safety standards. Skills in managing projects, including planning, execution, and monitoring. Interest and/or experience in research and development, particularly around AI or cybersecurity. Training and Development: Synoptix wishes to identify clinical talent who wish to develop engineering skills, forming a rare skillset of a Clinical Systems Engineer. To support and develop the successful candidate, Synoptix will: Fund completion of a Master s degree in Systems Engineering, delivered with one of our world-leading university partners. Synoptix will provide on-the-job time (equivalent to 1 day a week) to complete this programme. Support the candidate through our in-house education and development pipeline, led by expert systems engineers with decades of experience. Provide the candidate with a dedicated mentor, alongside their line manager, who will support them as they transition from clinical practice to engineering. Future development opportunities for this role include training and development to support competence as a Clinical Safety Officer. Benefits: Annual Company Bonus Based on company performance 25 Days holiday not including bank holidays with the option to buy/sell up to 5 days Flexible hybrid working arrangements Continuous professional development including incentives Access to online Udemy training facility to support grade specific learning pathways Electric car scheme Bike to work scheme Private health care (BUPA) Job well done scheme Employer assistance scheme About Us: Synoptix was formed in 2011 to provide engineering solutions across various technical industries. We have evolved from a company established and focussed on Systems Thinking principles into an Engineering company providing solutions and services across three key capabilities: Systems, Cyber & InfoSec and Technology. What makes us stand out is how we engage in the crossover areas between these disciplines, combining our strengths to provide a truly bespoke, market leading approach. Our engineering competence is bolstered by expertise in commercial, legal, financial and resource, thereby ensuring that we uphold excellence in our product and service offerings. Please note that due to the nature of our projects we can only accept Sole UK National candidates who will need to be eligible to obtain UK Security Clearance. By applying to this position, you are confirming that you consent to the retention of your personal data. Your data is held securely on our own premises and under the terms of the Data Protection Act (2018). It will be treated as confidential, and will not be transferred to any third party, or to any other jurisdiction without your consent. We will not hold any data for any longer than is necessary for us to fulfil our obligations and will remove any data at your written request.
Jul 31, 2025
Full time
Clinical Systems Engineer We are looking for a clinician with a strong interest in systems design to train as a Clinical Systems Engineer, to drive forward our desire to bring the benefits of Systems Engineering to the healthcare community. This is a strong opportunity for a clinician with NHS experience to access fully funded Masters-level training, alongside developing skills and a career in Systems Engineering. This is a highly varied role giving the successful candidate the opportunity to work across multiple projects and at all stages of the system and software development life cycles. The Role: Synoptix has a huge variety of projects and clients, ranging from: - Designing requirements and architecture across a large, complex naval programme, managing the complexity inherent in programmes. - Developing training and development packages for the NHS around applied systems thinking. - Providing cybersecurity threat modelling and secure-by-design expertise to a large cancer care AI startup. Day to day tasking can include: - Support and work on a number of our projects helping to deliver solutions to our customers. - Coordinate and collaborate with stakeholders to understand their needs and challenges. - Support the development of healthcare domain fluency for other colleagues across the company, including development of internal CPD activities for technical staff. - Support business development activities in the healthcare domain by providing domain-specific expertise. Initially, as Synoptix s healthcare presence is still developing, you would work across Synoptix s wider portfolio, gaining experience as you complete your studies. You may also get involved in Research and Development, including through our academic partnerships. Current research avenues include: - Novel approaches to clinical skills training using behavioural insights generation - Operational-level digital twins of NHS hospital environments. - Safety and behavioural detection at level crossings. - AI for safety of autonomous systems. - AI anomaly detection in operational technology. Synoptix also recognizes the value of the successful candidate maintaining clinical proficiency Key Skills Required: A nationally registered clinician (GMC, NMC, HCPC) with UK NHS experience. All professions will be considered and are welcome to apply. Experience of quality improvement or audit. Strong technical and problem-solving skills. Excellent interpersonal and communication skills, both in-person and digitally. Ability to work collaboratively with diverse teams of multi-disciplinary professionals. Ability to communicate highly technical or complex topics to non-technical or lay audiences. Interest in clinical systems design including digital, organizational and human systems. Enthusiasm to learn and develop into a new discipline. We are interested in any of the following skills, but they are not essential for you to apply: Experience or knowledge of clinical systems governance, healthcare information governance, or digital clinical safety standards. Skills in managing projects, including planning, execution, and monitoring. Interest and/or experience in research and development, particularly around AI or cybersecurity. Training and Development: Synoptix wishes to identify clinical talent who wish to develop engineering skills, forming a rare skillset of a Clinical Systems Engineer. To support and develop the successful candidate, Synoptix will: Fund completion of a Master s degree in Systems Engineering, delivered with one of our world-leading university partners. Synoptix will provide on-the-job time (equivalent to 1 day a week) to complete this programme. Support the candidate through our in-house education and development pipeline, led by expert systems engineers with decades of experience. Provide the candidate with a dedicated mentor, alongside their line manager, who will support them as they transition from clinical practice to engineering. Future development opportunities for this role include training and development to support competence as a Clinical Safety Officer. Benefits: Annual Company Bonus Based on company performance 25 Days holiday not including bank holidays with the option to buy/sell up to 5 days Flexible hybrid working arrangements Continuous professional development including incentives Access to online Udemy training facility to support grade specific learning pathways Electric car scheme Bike to work scheme Private health care (BUPA) Job well done scheme Employer assistance scheme About Us: Synoptix was formed in 2011 to provide engineering solutions across various technical industries. We have evolved from a company established and focussed on Systems Thinking principles into an Engineering company providing solutions and services across three key capabilities: Systems, Cyber & InfoSec and Technology. What makes us stand out is how we engage in the crossover areas between these disciplines, combining our strengths to provide a truly bespoke, market leading approach. Our engineering competence is bolstered by expertise in commercial, legal, financial and resource, thereby ensuring that we uphold excellence in our product and service offerings. Please note that due to the nature of our projects we can only accept Sole UK National candidates who will need to be eligible to obtain UK Security Clearance. By applying to this position, you are confirming that you consent to the retention of your personal data. Your data is held securely on our own premises and under the terms of the Data Protection Act (2018). It will be treated as confidential, and will not be transferred to any third party, or to any other jurisdiction without your consent. We will not hold any data for any longer than is necessary for us to fulfil our obligations and will remove any data at your written request.
Prevail Partners is seeking an experienced and technically capable Information Security Manager to help lead and grow our security function in a fast-paced and mission-driven organisation. While technically focused, this role offers significant opportunity to contribute to Prevail's strategic information security goals. You will work closely with the Physical Security, Compliance and IT leads, as well as leaders across the business, to ensure our data, systems, infrastructure and people remain secure in dynamic and challenging environments. We are looking for a visible champion of information security with a proactive mindset, able to influence positive change at a senior level. Strong technical acumen and an ability to lead incident response and effectively manage risk is essential. Key Responsibilities Security Strategy & Governance Act as the company's lead advisor on cyber and information security, ensuring risks are identified, prioritised, and addressed with appropriate technical and procedural controls. Shape and embed practical security governance aligned with real-world operational needs - integrating controls, risk assessments, and mitigation into core business activities. Work with the Executive and project leadership to ensure security is represented in commercial proposals, assurance processes, and delivery planning. Maintain strong relationships with relevant external stakeholders (e.g. NCSC, NPSA), monitoring threat intelligence and security guidance. Operational Security & Risk Management Lead the design, implementation, and monitoring of controls across endpoint security, identity and access management, and cloud infrastructure (e.g., AWS). Own and improve the incident response framework, including active participation in investigations, post-incident reviews, and business continuity planning. Run regular tabletop exercises and scenario testing to ensure operational preparedness for cyber-attacks and disruptions. Support secure architecture and infrastructure reviews across projects and services. Risk Management & Security Engineering Conduct and lead structured technical and procedural risk assessments, including threat modelling and security reviews for new projects or systems. Collaborate with IT and engineering teams to identify, address, and continuously improve security control effectiveness. Oversee the management of external security assessments and ensure remediation plans are executed effectively. Maintain relevant security certifications such as Cyber Essentials / Plus and support the business in aligning with broader security frameworks (e.g., NIST CSF, CIS Controls). Awareness & Security Culture Lead internal training, briefings and onboarding sessions to build awareness and support for secure behaviours across the organisation. Act as a security advocate across teams, ensuring people understand their responsibilities and are equipped to play their part in reducing risk. Collaborate with HR, IT, and project teams to identify emerging threats, implement detection mechanisms, and foster a strong security-first culture Compliance & Governance Work in partnership with the Compliance Manager and DPO to ensure security measures support data protection obligations (e.g. UK GDPR). Maintain up-to-date records of security incidents, policies, and audit logs - ensuring documentation is meaningful and accessible. Support leadership with security input into market entry, overseas operations, and client assurance processes. Able to achieve UK security clearance to SC level (resident in UK for minimum of 5 years) At least 5 years' experience in a technical security role, ideally within complex or high-risk operational environments. Practical experience with cloud platforms (e.g. AWS, Azure), endpoint protection, IAM, vulnerability management, and SIEM/logging tools. Strong understanding of cyber threats, insider risk, security engineering principles and network security. Demonstrated experience managing the response to cyber incidents. Familiar with automating tasks with Python or similar programming languages, as well as using SQL to query data at scale. Knowledge of security frameworks such as NIST CSF, CIS Controls, and Cyber Essentials, with working knowledge of ISO 27001 beneficial but not essential. Understanding of UK data protection law and its practical application within a security programme. Security certifications (e.g. CISSP, CISM, CCSP, GIAC/SANS, AWS Security Specialty, or similar) are a plus. Ability to build effective working relationships across technical and non-technical stakeholders. Strong analytical, communication, and problem-solving skills. Experience supporting secure delivery of technology platforms or sensitive services is highly desirable. Us: Prevail Partners delivers high quality intelligence, research and consultancy services to clients ranging from governments and multinational corporations to non-governmental organisations. These services are delivered predominantly across Europe, the Middle East and Africa. We pride ourselves on selecting interesting projects which we believe can genuinely make a difference. You will be joining the company at a time of continued growth, and will be required to support a wide variety of these projects across the whole company. What we offer here at Prevail: Competitive salary, salary sacrifice pension, access to onsite gym facilities, enhanced leave polices, and private healthcare after two years at Prevail.
Jul 24, 2025
Full time
Prevail Partners is seeking an experienced and technically capable Information Security Manager to help lead and grow our security function in a fast-paced and mission-driven organisation. While technically focused, this role offers significant opportunity to contribute to Prevail's strategic information security goals. You will work closely with the Physical Security, Compliance and IT leads, as well as leaders across the business, to ensure our data, systems, infrastructure and people remain secure in dynamic and challenging environments. We are looking for a visible champion of information security with a proactive mindset, able to influence positive change at a senior level. Strong technical acumen and an ability to lead incident response and effectively manage risk is essential. Key Responsibilities Security Strategy & Governance Act as the company's lead advisor on cyber and information security, ensuring risks are identified, prioritised, and addressed with appropriate technical and procedural controls. Shape and embed practical security governance aligned with real-world operational needs - integrating controls, risk assessments, and mitigation into core business activities. Work with the Executive and project leadership to ensure security is represented in commercial proposals, assurance processes, and delivery planning. Maintain strong relationships with relevant external stakeholders (e.g. NCSC, NPSA), monitoring threat intelligence and security guidance. Operational Security & Risk Management Lead the design, implementation, and monitoring of controls across endpoint security, identity and access management, and cloud infrastructure (e.g., AWS). Own and improve the incident response framework, including active participation in investigations, post-incident reviews, and business continuity planning. Run regular tabletop exercises and scenario testing to ensure operational preparedness for cyber-attacks and disruptions. Support secure architecture and infrastructure reviews across projects and services. Risk Management & Security Engineering Conduct and lead structured technical and procedural risk assessments, including threat modelling and security reviews for new projects or systems. Collaborate with IT and engineering teams to identify, address, and continuously improve security control effectiveness. Oversee the management of external security assessments and ensure remediation plans are executed effectively. Maintain relevant security certifications such as Cyber Essentials / Plus and support the business in aligning with broader security frameworks (e.g., NIST CSF, CIS Controls). Awareness & Security Culture Lead internal training, briefings and onboarding sessions to build awareness and support for secure behaviours across the organisation. Act as a security advocate across teams, ensuring people understand their responsibilities and are equipped to play their part in reducing risk. Collaborate with HR, IT, and project teams to identify emerging threats, implement detection mechanisms, and foster a strong security-first culture Compliance & Governance Work in partnership with the Compliance Manager and DPO to ensure security measures support data protection obligations (e.g. UK GDPR). Maintain up-to-date records of security incidents, policies, and audit logs - ensuring documentation is meaningful and accessible. Support leadership with security input into market entry, overseas operations, and client assurance processes. Able to achieve UK security clearance to SC level (resident in UK for minimum of 5 years) At least 5 years' experience in a technical security role, ideally within complex or high-risk operational environments. Practical experience with cloud platforms (e.g. AWS, Azure), endpoint protection, IAM, vulnerability management, and SIEM/logging tools. Strong understanding of cyber threats, insider risk, security engineering principles and network security. Demonstrated experience managing the response to cyber incidents. Familiar with automating tasks with Python or similar programming languages, as well as using SQL to query data at scale. Knowledge of security frameworks such as NIST CSF, CIS Controls, and Cyber Essentials, with working knowledge of ISO 27001 beneficial but not essential. Understanding of UK data protection law and its practical application within a security programme. Security certifications (e.g. CISSP, CISM, CCSP, GIAC/SANS, AWS Security Specialty, or similar) are a plus. Ability to build effective working relationships across technical and non-technical stakeholders. Strong analytical, communication, and problem-solving skills. Experience supporting secure delivery of technology platforms or sensitive services is highly desirable. Us: Prevail Partners delivers high quality intelligence, research and consultancy services to clients ranging from governments and multinational corporations to non-governmental organisations. These services are delivered predominantly across Europe, the Middle East and Africa. We pride ourselves on selecting interesting projects which we believe can genuinely make a difference. You will be joining the company at a time of continued growth, and will be required to support a wide variety of these projects across the whole company. What we offer here at Prevail: Competitive salary, salary sacrifice pension, access to onsite gym facilities, enhanced leave polices, and private healthcare after two years at Prevail.
Technical Infosec Manager Are you ready for an exciting new challenge in your cyber security career? Our client is looking for a Technical Infosec Manager to join their Information Security governance and oversight team. This technically focused role involves delivering Information Security services such as consultancy, assurance reviews, and risk management while providing governance and oversight across the business to manage security risks effectively. Key Responsibilities: Implement and maintain security control frameworks such as ISO27001 and PCI-DSS. Lead governance, oversight, and assurance on technical security controls and design. Act as an Information Security consultant, ensuring security standards are met in key business projects. Develop and maintain technical security patterns and standards. Lead and mature penetration testing and other security testing programmes. Conduct assurance reviews and assessments, including third-party evaluations and new solutions. Assess security risks, proactively developing countermeasures. Perform security risk assessments for change management, processes, and new solutions. Monitor emerging security threats through external research and internal engagement. Enhance information and cyber security maturity across the organisation. Deliver security awareness initiatives and promote best practices. Support the Information Security Incident Response team when required. Ensure compliance with relevant standards and regulations. What We re Looking For: Strong background in cyber and IT security. Experience with Microsoft security technologies, including endpoint security and Azure. Proficiency in security controls and frameworks, particularly in cloud security. Hands-on experience with vulnerability management. Ability to translate security frameworks and standards into detailed control requirements. Experience conducting assurance reviews and identifying security gaps. In-depth understanding of ISO27001, PCI-DSS, and other security frameworks. Strong communication skills, able to explain complex technical concepts to non-technical audiences. Excellent stakeholder management and relationship-building abilities. Analytical mindset with great attention to detail. Qualifications & Experience: Extensive experience in Information & IT Cyber Security. Proven track record in managing and improving penetration testing programmes. Experience working in an Agile change environment. Recognised security certifications such as CRISC, CISM, or CISSP. Benefits: Flexible home or office-based working. Be part of a forward-thinking organisation that values innovation and security excellence. Opportunity to make a real impact. Supportive and collaborative work environment. If you re looking to apply your technical expertise in a dynamic environment and shape a strong security culture, we d love to hear from you! Interested? Please Click Apply Now! Technical Infosec Manager
Mar 18, 2025
Full time
Technical Infosec Manager Are you ready for an exciting new challenge in your cyber security career? Our client is looking for a Technical Infosec Manager to join their Information Security governance and oversight team. This technically focused role involves delivering Information Security services such as consultancy, assurance reviews, and risk management while providing governance and oversight across the business to manage security risks effectively. Key Responsibilities: Implement and maintain security control frameworks such as ISO27001 and PCI-DSS. Lead governance, oversight, and assurance on technical security controls and design. Act as an Information Security consultant, ensuring security standards are met in key business projects. Develop and maintain technical security patterns and standards. Lead and mature penetration testing and other security testing programmes. Conduct assurance reviews and assessments, including third-party evaluations and new solutions. Assess security risks, proactively developing countermeasures. Perform security risk assessments for change management, processes, and new solutions. Monitor emerging security threats through external research and internal engagement. Enhance information and cyber security maturity across the organisation. Deliver security awareness initiatives and promote best practices. Support the Information Security Incident Response team when required. Ensure compliance with relevant standards and regulations. What We re Looking For: Strong background in cyber and IT security. Experience with Microsoft security technologies, including endpoint security and Azure. Proficiency in security controls and frameworks, particularly in cloud security. Hands-on experience with vulnerability management. Ability to translate security frameworks and standards into detailed control requirements. Experience conducting assurance reviews and identifying security gaps. In-depth understanding of ISO27001, PCI-DSS, and other security frameworks. Strong communication skills, able to explain complex technical concepts to non-technical audiences. Excellent stakeholder management and relationship-building abilities. Analytical mindset with great attention to detail. Qualifications & Experience: Extensive experience in Information & IT Cyber Security. Proven track record in managing and improving penetration testing programmes. Experience working in an Agile change environment. Recognised security certifications such as CRISC, CISM, or CISSP. Benefits: Flexible home or office-based working. Be part of a forward-thinking organisation that values innovation and security excellence. Opportunity to make a real impact. Supportive and collaborative work environment. If you re looking to apply your technical expertise in a dynamic environment and shape a strong security culture, we d love to hear from you! Interested? Please Click Apply Now! Technical Infosec Manager
Location: London (3 days per week in office) Salary: £70 - £75 per annum A leading financial services client is seeking a IT Risk and Control Manager to join their Technology Governance, Risk, and Compliance team. This role offers an exciting opportunity to drive compliance and risk reduction initiatives across the organization. Key Responsibilities: Maintain and mature 1st Line of Defence technology Risk and Controls processes Perform controls analysis and testing, providing best practice recommendations Drive risk management activities including analysis, identification, and oversight Support and produce Management Information for committees and stakeholders Lead internal and external audits and support regulatory initiatives Support Third-Party Risk Management (TPRM) Assurance activities Deliver continuous enhancement to support GRC maturity initiatives Manage exceptions against policies and standards Create and deliver InfoSec Assurance awareness briefings Required Qualifications and Skills: University degree in Information/Cyber Security or related field, or equivalent compliance experience Strong stakeholder management skills across multiple business functions Excellent written, verbal, and presentation skills Understanding of security-related KPIs, KRIs, metrics, and reporting Ability to manage multiple projects and deliver timely, effective solutions Rapid understanding of complex business operating environments Applied knowledge of GRC to drive compliance and improve service delivery Preferred Experience: Professional security qualifications (eg, CISM, CRISC, CISSP) Experience in regulated markets or financial services Knowledge of Information Security Domains and frameworks (eg, NIST, CIS) Background in 1st Line of Defence Risk & Control roles or IT/Cyber Architecture Experience in risk management, audit oversight, and TPRM assessments This role offers a competitive salary and the opportunity to work with a prestigious financial services organization. If you're passionate about risk management and compliance in the technology sector, we want to hear from you! Please apply with an updated CV if you think you would be a good fit for this role.
Mar 18, 2025
Full time
Location: London (3 days per week in office) Salary: £70 - £75 per annum A leading financial services client is seeking a IT Risk and Control Manager to join their Technology Governance, Risk, and Compliance team. This role offers an exciting opportunity to drive compliance and risk reduction initiatives across the organization. Key Responsibilities: Maintain and mature 1st Line of Defence technology Risk and Controls processes Perform controls analysis and testing, providing best practice recommendations Drive risk management activities including analysis, identification, and oversight Support and produce Management Information for committees and stakeholders Lead internal and external audits and support regulatory initiatives Support Third-Party Risk Management (TPRM) Assurance activities Deliver continuous enhancement to support GRC maturity initiatives Manage exceptions against policies and standards Create and deliver InfoSec Assurance awareness briefings Required Qualifications and Skills: University degree in Information/Cyber Security or related field, or equivalent compliance experience Strong stakeholder management skills across multiple business functions Excellent written, verbal, and presentation skills Understanding of security-related KPIs, KRIs, metrics, and reporting Ability to manage multiple projects and deliver timely, effective solutions Rapid understanding of complex business operating environments Applied knowledge of GRC to drive compliance and improve service delivery Preferred Experience: Professional security qualifications (eg, CISM, CRISC, CISSP) Experience in regulated markets or financial services Knowledge of Information Security Domains and frameworks (eg, NIST, CIS) Background in 1st Line of Defence Risk & Control roles or IT/Cyber Architecture Experience in risk management, audit oversight, and TPRM assessments This role offers a competitive salary and the opportunity to work with a prestigious financial services organization. If you're passionate about risk management and compliance in the technology sector, we want to hear from you! Please apply with an updated CV if you think you would be a good fit for this role.
My client is a leading and international business, looking for a an experience Cyber Information Security Manager to provide technical and business leadership in all relations to InfoSec policies, procedures and governance as well as well versed in ISO27001, PCI-DSS and Cyber Essential Plus. You will also be working with our Network, Infrastructure, Service Desk and Development teams to provide leadership and expertise in the field of information and cyber security best practices. You will understand the concept of layered security and bring experience regarding vulnerability scanning and threat hunting. You will have proven experience with security investigations, including responding to incidents involving malware, data loss, or network intrusion. You will need to be highly competent and creative in the following creteria Information and Cyber Security Strong Management within a professional environment Continuous improvement, advanced data and evidence management, client management on remediation programmes. Technical skill; Strong technical insight, practical knowledge and specialist capabilities in SIEM solutions such as LogRhythm Endpoint Protection services such as SentinelOne Mimecast and Office 365 Data Loss Prevention ( DLP )tools such as Digital Guardian / Office 365 CASB Nessus Firewalls, Web & Mail filters, UTM devices Application security DCS Recruitment and all associated companies are committed to creating a working environment where diversity is celebrated and everyone is treated fairly, regardless of gender, gender identity, disability, ethnic origin, religion or belief, sexual orientation, marital or transgender status, age, or nationality
Mar 08, 2025
Full time
My client is a leading and international business, looking for a an experience Cyber Information Security Manager to provide technical and business leadership in all relations to InfoSec policies, procedures and governance as well as well versed in ISO27001, PCI-DSS and Cyber Essential Plus. You will also be working with our Network, Infrastructure, Service Desk and Development teams to provide leadership and expertise in the field of information and cyber security best practices. You will understand the concept of layered security and bring experience regarding vulnerability scanning and threat hunting. You will have proven experience with security investigations, including responding to incidents involving malware, data loss, or network intrusion. You will need to be highly competent and creative in the following creteria Information and Cyber Security Strong Management within a professional environment Continuous improvement, advanced data and evidence management, client management on remediation programmes. Technical skill; Strong technical insight, practical knowledge and specialist capabilities in SIEM solutions such as LogRhythm Endpoint Protection services such as SentinelOne Mimecast and Office 365 Data Loss Prevention ( DLP )tools such as Digital Guardian / Office 365 CASB Nessus Firewalls, Web & Mail filters, UTM devices Application security DCS Recruitment and all associated companies are committed to creating a working environment where diversity is celebrated and everyone is treated fairly, regardless of gender, gender identity, disability, ethnic origin, religion or belief, sexual orientation, marital or transgender status, age, or nationality
The primary objective of the Portals Senior Delivery & Release Manager is to facilitate delivery on the Portals Application(s) through the requirement elicitation, technical estimation and design, impact assessment, software engineering delivery, release and in-life support of new features/enhancements. The Senior Delivery Manager is also expected to manage and operate the Product Team, interfacing with the Product Owner to ensure that processes and procedures are continually optimised to provide on-going value to the Business and Rentokil Customers. Responsibilities Managing Feature Funnel - working alongside the Product Owner, Portfolio Owner and Business Teams (across regions) to understand feature requests from several stakeholders to agree (with Product Owner) priorities for delivery considering inter-dependent components and/or complementary features and/or wider IT/Product Strategy alignment. Managing and Owning a Product Delivery Roadmap - taking priorities from the Product Owner and working across the team to produce a milestone deliverable/release plan as a baseline, which is maintained and updated regularly to reflect changing priorities and deliverables. Managing Software Development - utilising technical knowledge to challenge and drive team estimation and managing technical dependencies within the team and external to the team to ensure successful and timely delivery of quality software components into the Product. Engages with other domain SMEs as necessary to validate team approaches and provide audit/governance (e.g. InfoSec for security, Enterprise Architecture for solution design, etc.). Managing Team - utilising Agile delivery experiences to manage the day to day activities of the team, including (but not limited to) running agile ceremonies (standups, planning, grooming, alignment, demos, retros), facilitating workshops, team well-being and the interdependencies of tasks between different team members to ensure alignment to delivery plans. Managing RAIDs - working with the Product team and wider IT organisation to own, manage and maintain a RAID log and proactively action and/or communicate/escalate these to the Product Owner / Portfolio Owner as appropriate and necessary. Managing Releases - ensuring the governance and processes set out at Rentokil are adhered to, including change communication, change control, IT change assessments. Managing Comms - ensuring the Business teams and any applicable other Product teams are engaged and prepared for any Releases into Production and any dependent activities are planned in advance (e.g. smoke testing by downstream products teams). Ensuring the release roadmap is shared and understood by all stakeholders. Continual Development - promoting a culture of continual development and betterment within the Product team. Managing Suppliers & Budgets - working alongside the Product Owner and Portfolio Owner to manage suppliers and partners engaged in the successful delivery within the Product team, including reviewing budgets, capacity, future demand and burndown to ensure that the team's throughput is sustainable. Minimum Requirements Has achieved proficiency at Level 5 in any SFIA Skill, OR: Has gained experience (typically five years) working as a constructive user or supplier of information services with significant exposure to, and knowledge of, a major Service provision Skill and the operational flows of the organisation. Has proven project management and leadership skills. Demonstrates up to date knowledge of the organisation's business environment, culture, policy framework, organisational relationships, business processes, and reporting procedures. Displays good inter-personal skills at all levels of contact and in a wide variety of situations, demonstrates the ability to listen and influence, and to relate to customers in their own language. Demonstrates sound practical knowledge of associated technical disciplines e.g. process re-design, systems development and service delivery. Uses a high level of technical understanding to interpret technical issues for the business and sustain credibility with IT. Educated to bachelor degree level and holds a relevant professional qualification. Skills Familiar with Agile and Lean methodologies (SCRUM, Kanban, SAFe) Impediment management. Taking account of new information or changed circumstances and/or business requirements and modifying response to a problem or situation accordingly. Understanding the needs of the internal or external customer and regularly checking with the customer when taking actions or making decisions. The ability to convey a level of confidence and professionalism, positively influencing and persuading others to take a specific course of action when there is no direct line of command or control. Proficient in the economics of service delivery such as the cost per service line in terms of hardware, software, and manpower used to deliver the service. Proficient in the products and/or services supplied to customers RI, for examples: Pest Control, Hygiene & Wellbeing, Workware. Benefits Competitive salary and bonus scheme Hybrid working Rentokil Initial Reward Scheme 23 days holiday, plus 8 bank holidays Employee Assistance Programme Death in service benefit Healthcare Free parking At Rentokil Initial, our customers and colleagues represent diverse backgrounds and experiences. We take pride in being an equal opportunity employer, actively encouraging applications from individuals from all walks of life. Our belief is that everyone irrespective of age, gender, gender identity, gender expression, ethnicity, sexual orientation, disabilities, religion, or beliefs, has the potential to thrive and contribute. We embrace the differences that make each of our colleagues unique, fostering an inclusive environment where everyone can be their authentic selves and feel a sense of belonging.
Feb 19, 2025
Full time
The primary objective of the Portals Senior Delivery & Release Manager is to facilitate delivery on the Portals Application(s) through the requirement elicitation, technical estimation and design, impact assessment, software engineering delivery, release and in-life support of new features/enhancements. The Senior Delivery Manager is also expected to manage and operate the Product Team, interfacing with the Product Owner to ensure that processes and procedures are continually optimised to provide on-going value to the Business and Rentokil Customers. Responsibilities Managing Feature Funnel - working alongside the Product Owner, Portfolio Owner and Business Teams (across regions) to understand feature requests from several stakeholders to agree (with Product Owner) priorities for delivery considering inter-dependent components and/or complementary features and/or wider IT/Product Strategy alignment. Managing and Owning a Product Delivery Roadmap - taking priorities from the Product Owner and working across the team to produce a milestone deliverable/release plan as a baseline, which is maintained and updated regularly to reflect changing priorities and deliverables. Managing Software Development - utilising technical knowledge to challenge and drive team estimation and managing technical dependencies within the team and external to the team to ensure successful and timely delivery of quality software components into the Product. Engages with other domain SMEs as necessary to validate team approaches and provide audit/governance (e.g. InfoSec for security, Enterprise Architecture for solution design, etc.). Managing Team - utilising Agile delivery experiences to manage the day to day activities of the team, including (but not limited to) running agile ceremonies (standups, planning, grooming, alignment, demos, retros), facilitating workshops, team well-being and the interdependencies of tasks between different team members to ensure alignment to delivery plans. Managing RAIDs - working with the Product team and wider IT organisation to own, manage and maintain a RAID log and proactively action and/or communicate/escalate these to the Product Owner / Portfolio Owner as appropriate and necessary. Managing Releases - ensuring the governance and processes set out at Rentokil are adhered to, including change communication, change control, IT change assessments. Managing Comms - ensuring the Business teams and any applicable other Product teams are engaged and prepared for any Releases into Production and any dependent activities are planned in advance (e.g. smoke testing by downstream products teams). Ensuring the release roadmap is shared and understood by all stakeholders. Continual Development - promoting a culture of continual development and betterment within the Product team. Managing Suppliers & Budgets - working alongside the Product Owner and Portfolio Owner to manage suppliers and partners engaged in the successful delivery within the Product team, including reviewing budgets, capacity, future demand and burndown to ensure that the team's throughput is sustainable. Minimum Requirements Has achieved proficiency at Level 5 in any SFIA Skill, OR: Has gained experience (typically five years) working as a constructive user or supplier of information services with significant exposure to, and knowledge of, a major Service provision Skill and the operational flows of the organisation. Has proven project management and leadership skills. Demonstrates up to date knowledge of the organisation's business environment, culture, policy framework, organisational relationships, business processes, and reporting procedures. Displays good inter-personal skills at all levels of contact and in a wide variety of situations, demonstrates the ability to listen and influence, and to relate to customers in their own language. Demonstrates sound practical knowledge of associated technical disciplines e.g. process re-design, systems development and service delivery. Uses a high level of technical understanding to interpret technical issues for the business and sustain credibility with IT. Educated to bachelor degree level and holds a relevant professional qualification. Skills Familiar with Agile and Lean methodologies (SCRUM, Kanban, SAFe) Impediment management. Taking account of new information or changed circumstances and/or business requirements and modifying response to a problem or situation accordingly. Understanding the needs of the internal or external customer and regularly checking with the customer when taking actions or making decisions. The ability to convey a level of confidence and professionalism, positively influencing and persuading others to take a specific course of action when there is no direct line of command or control. Proficient in the economics of service delivery such as the cost per service line in terms of hardware, software, and manpower used to deliver the service. Proficient in the products and/or services supplied to customers RI, for examples: Pest Control, Hygiene & Wellbeing, Workware. Benefits Competitive salary and bonus scheme Hybrid working Rentokil Initial Reward Scheme 23 days holiday, plus 8 bank holidays Employee Assistance Programme Death in service benefit Healthcare Free parking At Rentokil Initial, our customers and colleagues represent diverse backgrounds and experiences. We take pride in being an equal opportunity employer, actively encouraging applications from individuals from all walks of life. Our belief is that everyone irrespective of age, gender, gender identity, gender expression, ethnicity, sexual orientation, disabilities, religion, or beliefs, has the potential to thrive and contribute. We embrace the differences that make each of our colleagues unique, fostering an inclusive environment where everyone can be their authentic selves and feel a sense of belonging.
Technical Infosec Manager Are you ready for an exciting new challenge in your cyber security career? Our client is looking for a Technical Infosec Manager to join their Information Security governance and oversight team. This technically focused role involves delivering Information Security services such as consultancy, assurance reviews, and risk management while providing governance and oversight across the business to manage security risks effectively. Key Responsibilities: Implement and maintain security control frameworks such as ISO27001 and PCI-DSS. Lead governance, oversight, and assurance on technical security controls and design. Act as an Information Security consultant, ensuring security standards are met in key business projects. Develop and maintain technical security patterns and standards. Lead and mature penetration testing and other security testing programmes. Conduct assurance reviews and assessments, including third-party evaluations and new solutions. Assess security risks, proactively developing countermeasures. Perform security risk assessments for change management, processes, and new solutions. Monitor emerging security threats through external research and internal engagement. Enhance information and cyber security maturity across the organisation. Deliver security awareness initiatives and promote best practices. Support the Information Security Incident Response team when required. Ensure compliance with relevant standards and regulations. What We re Looking For: Strong background in cyber and IT security. Experience with Microsoft security technologies, including endpoint security and Azure. Proficiency in security controls and frameworks, particularly in cloud security. Hands-on experience with vulnerability management. Ability to translate security frameworks and standards into detailed control requirements. Experience conducting assurance reviews and identifying security gaps. In-depth understanding of ISO27001, PCI-DSS, and other security frameworks. Strong communication skills, able to explain complex technical concepts to non-technical audiences. Excellent stakeholder management and relationship-building abilities. Analytical mindset with great attention to detail. Qualifications & Experience: Extensive experience in Information & IT Cyber Security. Proven track record in managing and improving penetration testing programmes. Experience working in an Agile change environment. Recognised security certifications such as CRISC, CISM, or CISSP. Benefits: Flexible home or office-based working. Be part of a forward-thinking organisation that values innovation and security excellence. Opportunity to make a real impact. Supportive and collaborative work environment. If you re looking to apply your technical expertise in a dynamic environment and shape a strong security culture, we d love to hear from you! Interested? Please Click Apply Now! Technical Infosec Manager
Feb 18, 2025
Full time
Technical Infosec Manager Are you ready for an exciting new challenge in your cyber security career? Our client is looking for a Technical Infosec Manager to join their Information Security governance and oversight team. This technically focused role involves delivering Information Security services such as consultancy, assurance reviews, and risk management while providing governance and oversight across the business to manage security risks effectively. Key Responsibilities: Implement and maintain security control frameworks such as ISO27001 and PCI-DSS. Lead governance, oversight, and assurance on technical security controls and design. Act as an Information Security consultant, ensuring security standards are met in key business projects. Develop and maintain technical security patterns and standards. Lead and mature penetration testing and other security testing programmes. Conduct assurance reviews and assessments, including third-party evaluations and new solutions. Assess security risks, proactively developing countermeasures. Perform security risk assessments for change management, processes, and new solutions. Monitor emerging security threats through external research and internal engagement. Enhance information and cyber security maturity across the organisation. Deliver security awareness initiatives and promote best practices. Support the Information Security Incident Response team when required. Ensure compliance with relevant standards and regulations. What We re Looking For: Strong background in cyber and IT security. Experience with Microsoft security technologies, including endpoint security and Azure. Proficiency in security controls and frameworks, particularly in cloud security. Hands-on experience with vulnerability management. Ability to translate security frameworks and standards into detailed control requirements. Experience conducting assurance reviews and identifying security gaps. In-depth understanding of ISO27001, PCI-DSS, and other security frameworks. Strong communication skills, able to explain complex technical concepts to non-technical audiences. Excellent stakeholder management and relationship-building abilities. Analytical mindset with great attention to detail. Qualifications & Experience: Extensive experience in Information & IT Cyber Security. Proven track record in managing and improving penetration testing programmes. Experience working in an Agile change environment. Recognised security certifications such as CRISC, CISM, or CISSP. Benefits: Flexible home or office-based working. Be part of a forward-thinking organisation that values innovation and security excellence. Opportunity to make a real impact. Supportive and collaborative work environment. If you re looking to apply your technical expertise in a dynamic environment and shape a strong security culture, we d love to hear from you! Interested? Please Click Apply Now! Technical Infosec Manager
Business Information Security Manager Apply locations London, United Kingdom time type Full time posted on Posted 2 Days Ago job requisition id R The purpose of this role is to assist the Director of Business Information Security (BISO) in all security matters relating to the oversight of Information Security, Cyber Security and Data Privacy within the Regulatory Reporting business line of LSEG's Post Trade division. The successful candidate will be charged with ensuring that the critical business systems and data assets of Regulatory Reporting are adequately protected, and that all related information security and cyber controls remain effective and within risk appetite and/or have appropriate risk treatment plans in place to bring them back into risk appetite. The role will best suit an experienced Information Security Manager with extensive experience gained from having previously operated within Senior Management level InfoSec/Cyber roles within the FS or FMI industries. The successful candidate must be a subject matter expert in Information Security, as the role demands a very strong knowledge in all areas of information security and cyber security, as well as in-depth knowledge of legacy, existing, and emerging technologies including cloud and security technologies/controls. In addition to a solid foundational Security Governance Risk and Compliance (Security-GRC) skillset, a prior background in information security engineering, security architecture, and security operations will be advantageous in this role given the various levels of stakeholders as well as the tech/cyber projects that the successful candidate will engage with daily. Key responsibilities include: Assisting in the oversight of Information Security by: Reviewing and assessing the information security and cyber controls that enable Regulatory Reporting to conduct its business in a secure manner, and gap analysis of the same. The oversight of InfoSec/Cyber related control gap/risk remediation activities Monitoring and analysing the information security roadmaps, strategies, programmes, and projects within Regulatory Reporting, and identifying and reporting risks, trends and future opportunities for improvement and enhancement. Proactively engaging and working closely with the technology and cyber teams that are delivering technology and cyber services to the firm. Attending risk and governance meetings to provide updates to the Regulatory Reporting stakeholders from the three lines of defence regarding the delivery and progress of the various strategic cyber initiatives and broader cyber programme within LSEG. Working with colleagues from the three lines of defence to define the current risk posture of Regulatory Reporting and collaborating with those stakeholders to remediate identified risks/issues. Engaging with external third parties who provide services to Regulatory Reporting and working closely with the established internal third-party oversight functions to ensure appropriate and contracted levels of security are met. Establish and maintain a Cyber Risk Profile of Regulatory Reporting in line with other areas of LSEG. Assisting with the establishment and maintenance of a Risk Control Assessment (RCA) that focuses on InfoSec/Cyber risks and associated controls, etc. Maintaining the established key performance and key risk indicators and ensuring that all management information (MI) is an accurate reflection of the current control's estate. Maintaining an accurate set of executive level presentation materials that clearly and accurately present the current state of security control within Regulatory Reporting. Assessing the security architecture solution designs and risk position of projects and initiatives undertaken by Regulatory Reporting and working closely with associated SMEs and design authorities to ensure projects are delivered in compliance with Policies and Standards, and with security design principles considered/implemented as key success deliverables. Engagement with the business to: Develop an understanding of business goals and operational risks Identifying key areas for improvement Support the risk management decision processes and risk forums/committees Assisting with the identification of emerging information and cyber security threats to the business, and the subsequent analysis to realise and oversee risk mitigation plans, Build strong relationships within the business to gain an understanding of security-related business risks. Work closely with governance stakeholders in the 1st, 2nd, and 3rd lines of defence on all matters relating to information security, cyber risk, data privacy, including all regulatory and legislative considerations. Embedding Cyber across the firm by: Working closely with all necessary stakeholders in the business and technology areas to ensure compliance with established LSEG policies, standards, and procedures, etc. Constructively and pragmatically challenging established controls to ensure, recommend, and accommodate continuous improvement. Ensuring Regulatory Reporting stakeholders understand their responsibilities in relation to security risk mitigation and remediation. Monitoring industry information security trends and keeping business leadership informed about information security-related issues and activities potentially affecting the organisation and specific business functions. Security Governance, Technical, and Risk Review: The review and documenting of technologies and security controls across the firm, including areas such as; office spaces, data centres and cloud. Executing and concluding security controls maturity assessments against industry standards such as the NIST Cyber Security Framework, ISO27001/2, SOC2, etc Working closely with stakeholders to review all projects and initiatives, assessing them for appropriate/correct levels of security design and controls. Identification of technology and security risks across the firm and the assessment and appropriate risk scoring and presentation of the same. Produce appropriate risk remediation action plans and ability to present and take ownership of risk treatment proposals and action plans. Review and appropriate response to regulatory and legislative matters Produce and present risks and risk postures / cyber maturity to senior/executive bodies. Able to clearly and precisely present complex cyber risk matters to clients and regulators. Partnering with the different business control functions: Build knowledge of business units by assisting them with their security workloads, agendas, and difficulties. Maintaining a balanced relationship with risk, compliance, legal, human resources, and internal and external audit functions. Knowledge of technology, security, and threat landscapes: Staying abreast of emerging technologies, including all security technologies, Sustaining a deep and in-depth knowledge of the cyber threat landscape, Maintain and constantly enriching knowledge of information security and cyber risks as they develop, Being able to propose and explain appropriate cyber risk counter measures clearly and concisely. Remaining informed and knowledgeable on primary global data protection regulations and legislation. Experience and core skill requirements: 10 years minimum experience in senior InfoSec management roles Extensive previous exposure to FS or FMI industry organisations High performance in problem solving, innovating and critical thinking Excellent written/verbal communication and stakeholder management skills Ability to articulate ideas to both technical and non-technical audiences Must be capable of working pragmatically and efficiently in both a team and alone Able to prioritise workloads efficiently and appropriately with minimal supervision Able to work in fast paced, high-volume workload environment, prioritising accordingly Must Have Security Certifications: CISSP Desirable & Advantageous Certifications: CISSP-ISSAP, CISSP-ISSEP, CISM, CCSP, CCSK, CEH Working knowledge of Security Standards / Frameworks: ISO27K, ISF SOGP, NIST CSF, CIS, CSA STAR, CBEST, TIBER-EU, SOC2 LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth. Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions. Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives. We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone's race . click apply for full job details
Feb 18, 2025
Full time
Business Information Security Manager Apply locations London, United Kingdom time type Full time posted on Posted 2 Days Ago job requisition id R The purpose of this role is to assist the Director of Business Information Security (BISO) in all security matters relating to the oversight of Information Security, Cyber Security and Data Privacy within the Regulatory Reporting business line of LSEG's Post Trade division. The successful candidate will be charged with ensuring that the critical business systems and data assets of Regulatory Reporting are adequately protected, and that all related information security and cyber controls remain effective and within risk appetite and/or have appropriate risk treatment plans in place to bring them back into risk appetite. The role will best suit an experienced Information Security Manager with extensive experience gained from having previously operated within Senior Management level InfoSec/Cyber roles within the FS or FMI industries. The successful candidate must be a subject matter expert in Information Security, as the role demands a very strong knowledge in all areas of information security and cyber security, as well as in-depth knowledge of legacy, existing, and emerging technologies including cloud and security technologies/controls. In addition to a solid foundational Security Governance Risk and Compliance (Security-GRC) skillset, a prior background in information security engineering, security architecture, and security operations will be advantageous in this role given the various levels of stakeholders as well as the tech/cyber projects that the successful candidate will engage with daily. Key responsibilities include: Assisting in the oversight of Information Security by: Reviewing and assessing the information security and cyber controls that enable Regulatory Reporting to conduct its business in a secure manner, and gap analysis of the same. The oversight of InfoSec/Cyber related control gap/risk remediation activities Monitoring and analysing the information security roadmaps, strategies, programmes, and projects within Regulatory Reporting, and identifying and reporting risks, trends and future opportunities for improvement and enhancement. Proactively engaging and working closely with the technology and cyber teams that are delivering technology and cyber services to the firm. Attending risk and governance meetings to provide updates to the Regulatory Reporting stakeholders from the three lines of defence regarding the delivery and progress of the various strategic cyber initiatives and broader cyber programme within LSEG. Working with colleagues from the three lines of defence to define the current risk posture of Regulatory Reporting and collaborating with those stakeholders to remediate identified risks/issues. Engaging with external third parties who provide services to Regulatory Reporting and working closely with the established internal third-party oversight functions to ensure appropriate and contracted levels of security are met. Establish and maintain a Cyber Risk Profile of Regulatory Reporting in line with other areas of LSEG. Assisting with the establishment and maintenance of a Risk Control Assessment (RCA) that focuses on InfoSec/Cyber risks and associated controls, etc. Maintaining the established key performance and key risk indicators and ensuring that all management information (MI) is an accurate reflection of the current control's estate. Maintaining an accurate set of executive level presentation materials that clearly and accurately present the current state of security control within Regulatory Reporting. Assessing the security architecture solution designs and risk position of projects and initiatives undertaken by Regulatory Reporting and working closely with associated SMEs and design authorities to ensure projects are delivered in compliance with Policies and Standards, and with security design principles considered/implemented as key success deliverables. Engagement with the business to: Develop an understanding of business goals and operational risks Identifying key areas for improvement Support the risk management decision processes and risk forums/committees Assisting with the identification of emerging information and cyber security threats to the business, and the subsequent analysis to realise and oversee risk mitigation plans, Build strong relationships within the business to gain an understanding of security-related business risks. Work closely with governance stakeholders in the 1st, 2nd, and 3rd lines of defence on all matters relating to information security, cyber risk, data privacy, including all regulatory and legislative considerations. Embedding Cyber across the firm by: Working closely with all necessary stakeholders in the business and technology areas to ensure compliance with established LSEG policies, standards, and procedures, etc. Constructively and pragmatically challenging established controls to ensure, recommend, and accommodate continuous improvement. Ensuring Regulatory Reporting stakeholders understand their responsibilities in relation to security risk mitigation and remediation. Monitoring industry information security trends and keeping business leadership informed about information security-related issues and activities potentially affecting the organisation and specific business functions. Security Governance, Technical, and Risk Review: The review and documenting of technologies and security controls across the firm, including areas such as; office spaces, data centres and cloud. Executing and concluding security controls maturity assessments against industry standards such as the NIST Cyber Security Framework, ISO27001/2, SOC2, etc Working closely with stakeholders to review all projects and initiatives, assessing them for appropriate/correct levels of security design and controls. Identification of technology and security risks across the firm and the assessment and appropriate risk scoring and presentation of the same. Produce appropriate risk remediation action plans and ability to present and take ownership of risk treatment proposals and action plans. Review and appropriate response to regulatory and legislative matters Produce and present risks and risk postures / cyber maturity to senior/executive bodies. Able to clearly and precisely present complex cyber risk matters to clients and regulators. Partnering with the different business control functions: Build knowledge of business units by assisting them with their security workloads, agendas, and difficulties. Maintaining a balanced relationship with risk, compliance, legal, human resources, and internal and external audit functions. Knowledge of technology, security, and threat landscapes: Staying abreast of emerging technologies, including all security technologies, Sustaining a deep and in-depth knowledge of the cyber threat landscape, Maintain and constantly enriching knowledge of information security and cyber risks as they develop, Being able to propose and explain appropriate cyber risk counter measures clearly and concisely. Remaining informed and knowledgeable on primary global data protection regulations and legislation. Experience and core skill requirements: 10 years minimum experience in senior InfoSec management roles Extensive previous exposure to FS or FMI industry organisations High performance in problem solving, innovating and critical thinking Excellent written/verbal communication and stakeholder management skills Ability to articulate ideas to both technical and non-technical audiences Must be capable of working pragmatically and efficiently in both a team and alone Able to prioritise workloads efficiently and appropriately with minimal supervision Able to work in fast paced, high-volume workload environment, prioritising accordingly Must Have Security Certifications: CISSP Desirable & Advantageous Certifications: CISSP-ISSAP, CISSP-ISSEP, CISM, CCSP, CCSK, CEH Working knowledge of Security Standards / Frameworks: ISO27K, ISF SOGP, NIST CSF, CIS, CSA STAR, CBEST, TIBER-EU, SOC2 LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth. Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions. Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives. We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone's race . click apply for full job details
People deserve more from their money. More visibility, more control, and more freedom. Since 2015, Revolut has been on a mission to deliver just that. Our powerhouse of products - including spending, saving, investing, exchanging, travelling, and more - help our 50+ million customers get more from their money every day. As we continue our lightning-fast growth, 2 things are essential to our success: our people and our culture. In recognition of our outstanding employee experience, we've been certified as a Great Place to Work. So far, we have 10,000+ people working around the world, from our offices and remotely, to help us achieve our mission. And we're looking for more brilliant people. People who love building great products, redefining success, and turning the complexity of a chaotic world into the simplicity of a beautiful solution. About the role Our Technology team isn't just one of the best in the industry. It's one of the best in the world. And we're proud of it. It's our driving force - our engine. We're looking for an Information Security Manager to support Revolut Bank in the UK and manage information security in the best way possible. You'll collaborate with service owners, Compliance, and Risk teams to ensure proper documentation and reporting deliverables are accurate and compliant. What you'll be doing Leading Information Security for the UK Bank, driving the maturity, automation, and scalability in collaboration with the Global Information Security team Engaging with a wide range of stakeholders, from senior management to engineers, across both IT and InfoSec domains Developing and executing strategies, methodologies, and training plans to raise awareness and promote a solid Information Security culture within Revolut Reporting on the security status, key incidents, and noteworthy events to senior management, including delivering in-depth briefings to the Board Localising IT and InfoSec policies and procedures for RBUK, ensuring alignment with local regulations and regulator guidance Setting, implementing, and tracking operational and tactical goals to meet strategic KPIs and objectives Building solid working relationships with UK regulators, ensuring compliance and overseeing outsourced activities to group companies Conducting third-party security risk assessments, completing annual CQUEST submissions, and managing additional security reviews Leading annual reviews of onboarded vendors to ensure ongoing compliance and risk management What you'll need 3+ years of experience in information security management, ideally within financial services, banking, or payments Expertise in InfoSec and IT operations with a focus on security risks and mitigation Experience managing intra-group outsourcing of IT and InfoSec services Advanced technical security knowledge and familiarity with regulatory requirements (PCI-DSS, PSD2, GDPR) The ability to deliver localised IT and InfoSec policies to meet UK regulatory standards Expertise in industry standards, like SOX, SOC2, ISO, COBIT, and ITIL The ability to align plans with business goals and set measurable metrics An analytical mindset with great stakeholder management and communication skills Nice to have InfoSec experience at a leading/global consultancy firm Proficiency in SQL and/or Python Building a global financial super app isn't enough. Our Revoluters are a priority, and that's why in 2021 we launched our inaugural D&I Framework, designed to help us thrive and grow every day. We're not just doing this because it's the right thing to do. We're doing it because we know that seeking out diverse talent and creating an inclusive workplace is the way to create exceptional, innovative products and services for our customers. That's why we encourage applications from people with diverse backgrounds and experiences to join this multicultural, hard-working team. Get what you need to succeed Financial benefits that show we value your work Flexibility to work from home, the office or abroad A free Revolut Metal subscription loaded with perks Exciting events year-round so you can get to know your team
Feb 17, 2025
Full time
People deserve more from their money. More visibility, more control, and more freedom. Since 2015, Revolut has been on a mission to deliver just that. Our powerhouse of products - including spending, saving, investing, exchanging, travelling, and more - help our 50+ million customers get more from their money every day. As we continue our lightning-fast growth, 2 things are essential to our success: our people and our culture. In recognition of our outstanding employee experience, we've been certified as a Great Place to Work. So far, we have 10,000+ people working around the world, from our offices and remotely, to help us achieve our mission. And we're looking for more brilliant people. People who love building great products, redefining success, and turning the complexity of a chaotic world into the simplicity of a beautiful solution. About the role Our Technology team isn't just one of the best in the industry. It's one of the best in the world. And we're proud of it. It's our driving force - our engine. We're looking for an Information Security Manager to support Revolut Bank in the UK and manage information security in the best way possible. You'll collaborate with service owners, Compliance, and Risk teams to ensure proper documentation and reporting deliverables are accurate and compliant. What you'll be doing Leading Information Security for the UK Bank, driving the maturity, automation, and scalability in collaboration with the Global Information Security team Engaging with a wide range of stakeholders, from senior management to engineers, across both IT and InfoSec domains Developing and executing strategies, methodologies, and training plans to raise awareness and promote a solid Information Security culture within Revolut Reporting on the security status, key incidents, and noteworthy events to senior management, including delivering in-depth briefings to the Board Localising IT and InfoSec policies and procedures for RBUK, ensuring alignment with local regulations and regulator guidance Setting, implementing, and tracking operational and tactical goals to meet strategic KPIs and objectives Building solid working relationships with UK regulators, ensuring compliance and overseeing outsourced activities to group companies Conducting third-party security risk assessments, completing annual CQUEST submissions, and managing additional security reviews Leading annual reviews of onboarded vendors to ensure ongoing compliance and risk management What you'll need 3+ years of experience in information security management, ideally within financial services, banking, or payments Expertise in InfoSec and IT operations with a focus on security risks and mitigation Experience managing intra-group outsourcing of IT and InfoSec services Advanced technical security knowledge and familiarity with regulatory requirements (PCI-DSS, PSD2, GDPR) The ability to deliver localised IT and InfoSec policies to meet UK regulatory standards Expertise in industry standards, like SOX, SOC2, ISO, COBIT, and ITIL The ability to align plans with business goals and set measurable metrics An analytical mindset with great stakeholder management and communication skills Nice to have InfoSec experience at a leading/global consultancy firm Proficiency in SQL and/or Python Building a global financial super app isn't enough. Our Revoluters are a priority, and that's why in 2021 we launched our inaugural D&I Framework, designed to help us thrive and grow every day. We're not just doing this because it's the right thing to do. We're doing it because we know that seeking out diverse talent and creating an inclusive workplace is the way to create exceptional, innovative products and services for our customers. That's why we encourage applications from people with diverse backgrounds and experiences to join this multicultural, hard-working team. Get what you need to succeed Financial benefits that show we value your work Flexibility to work from home, the office or abroad A free Revolut Metal subscription loaded with perks Exciting events year-round so you can get to know your team
SOC Analyst 12 month contract Based in Stevenage Offering 80ph Inside IR35 Are you an experienced SOC Analyst? Do you have experience with IDS/IPS technologies? Do you want to work with an industry-leading company? If your answers are yes to these, then this could be the role for you! As the SOC Analyst, you will be working alongside a market-leading Defence and Aerospace company who are constantly growing and developing. They are always looking to bring on new talents such as yourself and further develop your skills to enable you to grow within the company and industry! You will be involved in: Conduct proactive Threat Hunting in collaboration with the CTI function Lead Optimisation of the Threat Detection rulesets working with the ISR function Assist with the maintenance of Security technologies Assisting the SOC Team with project activity Supporting the Incident responder with HR and InfoSec investigations Attend routine security meetings Your skillset may include: Background in Cyber Security. Security awareness Experience in all areas of IT Knowledge of IT Security standard methodologies Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools Hands on experience with IDS/IPS technologies and threat hunting activities Experience within Defensive Cyber-attack methodologies and frameworks Understanding of Malware capabilities, attack vectors, propagation, and impact If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further! SOC Analyst 12 month contract Based in Stevenage Offering 80ph Inside IR35 Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission. Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change.
Feb 15, 2025
Contractor
SOC Analyst 12 month contract Based in Stevenage Offering 80ph Inside IR35 Are you an experienced SOC Analyst? Do you have experience with IDS/IPS technologies? Do you want to work with an industry-leading company? If your answers are yes to these, then this could be the role for you! As the SOC Analyst, you will be working alongside a market-leading Defence and Aerospace company who are constantly growing and developing. They are always looking to bring on new talents such as yourself and further develop your skills to enable you to grow within the company and industry! You will be involved in: Conduct proactive Threat Hunting in collaboration with the CTI function Lead Optimisation of the Threat Detection rulesets working with the ISR function Assist with the maintenance of Security technologies Assisting the SOC Team with project activity Supporting the Incident responder with HR and InfoSec investigations Attend routine security meetings Your skillset may include: Background in Cyber Security. Security awareness Experience in all areas of IT Knowledge of IT Security standard methodologies Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools Hands on experience with IDS/IPS technologies and threat hunting activities Experience within Defensive Cyber-attack methodologies and frameworks Understanding of Malware capabilities, attack vectors, propagation, and impact If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further! SOC Analyst 12 month contract Based in Stevenage Offering 80ph Inside IR35 Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission. Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change.
World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 2x SOC Threat Detection Analyst subcontractors on an initial 12 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: 81.35 per hour Contract Duration: 12 Months Shift pattern: 6.00am - 2.00pm & 2.00pm - 10.00pm / 5 days a week on site. SOC Threat Detection Analyst Job Description: An opportunity has arisen in the Cyber Security Operations Centre (SOC) within Information Management (IM) for a Cyber Threat Operations specialist. Supporting the Active Defence & Incident Response Manger in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat hunting, detection and analysis within the 24x7 SOC. Responsibilities: To support the Active Defence Incident Response Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover Threat hunting, analysis, monitoring, Optimising, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The Cyber Threat Operations specialist reports to the Active Defence & Incident Response Manager. The Cyber Threat Operations specialist conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The Cyber Threat Operations specialist key responsibilities are: Conduct proactive Threat Hunting in collaboration with the CTI function Lead Optimisation of the Threat Detection rulesets working with the ISR function Assist with the maintenance of Security technologies Assisting the SOC Team with project activity Supporting the Incident responder with HR and InfoSec related investigations Attend routine security meetings Skillset/experience required: A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Demonstrable experience with YARA and Sigma rulesets Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers.
Feb 15, 2025
Contractor
World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 2x SOC Threat Detection Analyst subcontractors on an initial 12 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: 81.35 per hour Contract Duration: 12 Months Shift pattern: 6.00am - 2.00pm & 2.00pm - 10.00pm / 5 days a week on site. SOC Threat Detection Analyst Job Description: An opportunity has arisen in the Cyber Security Operations Centre (SOC) within Information Management (IM) for a Cyber Threat Operations specialist. Supporting the Active Defence & Incident Response Manger in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat hunting, detection and analysis within the 24x7 SOC. Responsibilities: To support the Active Defence Incident Response Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover Threat hunting, analysis, monitoring, Optimising, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The Cyber Threat Operations specialist reports to the Active Defence & Incident Response Manager. The Cyber Threat Operations specialist conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The Cyber Threat Operations specialist key responsibilities are: Conduct proactive Threat Hunting in collaboration with the CTI function Lead Optimisation of the Threat Detection rulesets working with the ISR function Assist with the maintenance of Security technologies Assisting the SOC Team with project activity Supporting the Incident responder with HR and InfoSec related investigations Attend routine security meetings Skillset/experience required: A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Demonstrable experience with YARA and Sigma rulesets Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers.
An SOC Threat Detection Analyst is required for a full time on-site contract assignment based in Stevenage for a multi-national defence company. Candidates will need to be cleared to SC UK EYES ONLY level prior to start and be eligible and willing to undergo subsequent DV clearance. Two shift system 6am to 2pm and 2pm to 10pm five days per week. Overview of department: An opportunity has arisen in the cyber security operations centre (SOC) within Information Management (IM) for a SOC Threat Detection Analyst. Supporting the Senior SOC analysts in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: To support the SOC Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of Security technologies Assisting the SOC Solutions Lead with project activity Conduct proactive threat hunting in collaboration with the CTI function Conduct HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Skillset/experience required: A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Feb 14, 2025
Contractor
An SOC Threat Detection Analyst is required for a full time on-site contract assignment based in Stevenage for a multi-national defence company. Candidates will need to be cleared to SC UK EYES ONLY level prior to start and be eligible and willing to undergo subsequent DV clearance. Two shift system 6am to 2pm and 2pm to 10pm five days per week. Overview of department: An opportunity has arisen in the cyber security operations centre (SOC) within Information Management (IM) for a SOC Threat Detection Analyst. Supporting the Senior SOC analysts in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: To support the SOC Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of Security technologies Assisting the SOC Solutions Lead with project activity Conduct proactive threat hunting in collaboration with the CTI function Conduct HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Skillset/experience required: A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Senior Audit and Compliance Consultant Alfa are currently recruiting a Senior Audit and Compliance Consultant to contribute all information security auditing activities along with supporting day-to-day information security governance, risk and compliance (InfoSec GRC) activities. Key Responsibilities/Activities: Collaborate with the Information Security team to ensure Alfa's ISMS is compliant with ISO 27001:2022 and ISO 27018:2019, and meets the requirements of the AICPA Statement on Standards for Attestation Engagements 18 (SSAE 18) / International Standard on Assurance Engagements No. 3402 (ISAE 3402) System and Organization Controls (SOC) 1 Type 2 and SSAE18 System and Organization Controls (SOC) 2 Type 2. Contribute to the audit cycles for all of Alfa's Information Security auditing requirements (including client audits, internal audits and statutory audits). Conduct periodic review and maintenance of Alfa's Information Security Management System (ISMS) policies, procedures and processes. Identify opportunities for improvements in information security controls to contribute to Alfa's growth and development. Contribute to the planning of internal, external and client audit requirements including the collection of evidence. Conduct physical security audits to ensure that Alfa's operational locations are compliant with the ISMS. Contribute to the completeness of security questionnaires for existing and prospective clients. Contribute to the performance of Root Cause Analysis (RCA) for incidents and audit findings. Provide consultancy, information security advice and guidance to teams and projects at Alfa. Develop improvement plans from continuous internal IT security audits and threat modelling exercises. Engage with third-party vendors, establishing and maintaining relationships with those third parties (as required). Integrate and collaborate with other project and delivery teams at Alfa, such as: Technical Operations, Internal Solutions, Hosting Operations, Finance and Sales. Comply with any other requirements set out in the information security roles and responsibilities. Required Experience/Qualifications: Bachelor's degree (or equivalent) from a top university. Associate Chartered Accountant (ACA) qualification offered by the Institute of Chartered Accountants in England and Wales (ICAEW) (fully qualified). Good knowledge and experience of SOC 1 and SOC 2 examination and attestation requirements. Experience with both internal and external IT assurance projects/engagements. Good knowledge of IT audit techniques. Capable of working independently. Strong analytical and interpersonal skills with the ability to communicate complex and technical issues clearly and succinctly. Eligible to work in the UK without restriction. Minimum 3 years experience in related roles. This experience can be from an organisation which is SOC 1 and SOC 2 certified or from working in a major audit firm conducting SOC 1 and SOC 2 audits. Preferred Experience/Qualifications: Awareness of EU/UK legislation/regulation, such as: Digital Operational Resilience Act (DORA) and Digital Services Act (DSA). Application of ISO 27001:2022 Information security, cybersecurity and privacy protection - Information security management systems - Requirements . Familiarity with ISO 27001 certification audit process/requirements. Application of ISO 27005:2022 Information security, cybersecurity and privacy protection - Guidance on managing information security risks or NIST Risk Management Framework. Application of ISO 27018:2019 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors . Awareness of data privacy legislation including GDPR and e-Privacy Regulation. Understanding and experience of the 'Three Lines of Defence' model environment. Achievement of ISACA Certified Information Security Auditor (CISA), ISACA Certified Information Security Manager (CISM) or equivalent. About Us We're Alfa, a leading provider of software and services to the global asset finance industry. Our class-leading technology platform, Alfa Systems, is at the heart of some of the world's largest and most innovative providers of asset and auto finance, such as Santander, John Deere, Mercedes-Benz and Toyota. Established in 1990 and with over 470 employees worldwide, we are headquartered in London with projects all over Europe, the Americas and Asia-Pacific.
Feb 13, 2025
Full time
Senior Audit and Compliance Consultant Alfa are currently recruiting a Senior Audit and Compliance Consultant to contribute all information security auditing activities along with supporting day-to-day information security governance, risk and compliance (InfoSec GRC) activities. Key Responsibilities/Activities: Collaborate with the Information Security team to ensure Alfa's ISMS is compliant with ISO 27001:2022 and ISO 27018:2019, and meets the requirements of the AICPA Statement on Standards for Attestation Engagements 18 (SSAE 18) / International Standard on Assurance Engagements No. 3402 (ISAE 3402) System and Organization Controls (SOC) 1 Type 2 and SSAE18 System and Organization Controls (SOC) 2 Type 2. Contribute to the audit cycles for all of Alfa's Information Security auditing requirements (including client audits, internal audits and statutory audits). Conduct periodic review and maintenance of Alfa's Information Security Management System (ISMS) policies, procedures and processes. Identify opportunities for improvements in information security controls to contribute to Alfa's growth and development. Contribute to the planning of internal, external and client audit requirements including the collection of evidence. Conduct physical security audits to ensure that Alfa's operational locations are compliant with the ISMS. Contribute to the completeness of security questionnaires for existing and prospective clients. Contribute to the performance of Root Cause Analysis (RCA) for incidents and audit findings. Provide consultancy, information security advice and guidance to teams and projects at Alfa. Develop improvement plans from continuous internal IT security audits and threat modelling exercises. Engage with third-party vendors, establishing and maintaining relationships with those third parties (as required). Integrate and collaborate with other project and delivery teams at Alfa, such as: Technical Operations, Internal Solutions, Hosting Operations, Finance and Sales. Comply with any other requirements set out in the information security roles and responsibilities. Required Experience/Qualifications: Bachelor's degree (or equivalent) from a top university. Associate Chartered Accountant (ACA) qualification offered by the Institute of Chartered Accountants in England and Wales (ICAEW) (fully qualified). Good knowledge and experience of SOC 1 and SOC 2 examination and attestation requirements. Experience with both internal and external IT assurance projects/engagements. Good knowledge of IT audit techniques. Capable of working independently. Strong analytical and interpersonal skills with the ability to communicate complex and technical issues clearly and succinctly. Eligible to work in the UK without restriction. Minimum 3 years experience in related roles. This experience can be from an organisation which is SOC 1 and SOC 2 certified or from working in a major audit firm conducting SOC 1 and SOC 2 audits. Preferred Experience/Qualifications: Awareness of EU/UK legislation/regulation, such as: Digital Operational Resilience Act (DORA) and Digital Services Act (DSA). Application of ISO 27001:2022 Information security, cybersecurity and privacy protection - Information security management systems - Requirements . Familiarity with ISO 27001 certification audit process/requirements. Application of ISO 27005:2022 Information security, cybersecurity and privacy protection - Guidance on managing information security risks or NIST Risk Management Framework. Application of ISO 27018:2019 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors . Awareness of data privacy legislation including GDPR and e-Privacy Regulation. Understanding and experience of the 'Three Lines of Defence' model environment. Achievement of ISACA Certified Information Security Auditor (CISA), ISACA Certified Information Security Manager (CISM) or equivalent. About Us We're Alfa, a leading provider of software and services to the global asset finance industry. Our class-leading technology platform, Alfa Systems, is at the heart of some of the world's largest and most innovative providers of asset and auto finance, such as Santander, John Deere, Mercedes-Benz and Toyota. Established in 1990 and with over 470 employees worldwide, we are headquartered in London with projects all over Europe, the Americas and Asia-Pacific.
Are you an experienced Information Security Manager looking for your next challenge? I'm currently working with a leading company in the energy sector who are looking for an Information Security Manager to join the team and lead them through a number of new projects. They are looking to innovate and drive the future of energy, ensuring safety, security, and efficiency in everything they do. As the Information Security Manager you will oversee the risk management and IT security governance. In this role, you'll develop and implement security processes and policies, ensuring their systems are secure and compliant with industry standards. What you'll do: Manage risk and IT security governance, including compliance with standards like ISO27001. Conduct technical and non-technical risk assessments and monitor compliance with security policies. Lead internal and external audits, ensuring timely resolution of any issues. Develop business continuity plans, working with emergency planning teams. Regularly review and update security policies and procedures. Manage relationships with security vendors and contractors. Support the delivery of security regulatory and project assurance. Continually improve security processes and compliance initiatives. Deputise for the Head of Cyber Security when needed. What you'll need: Knowledge of information security risk management (e.g. ISO27001). IT/IS security qualifications such as CISSP. Certified Information Systems Auditor (CISA). Experience with ISO27001, ISO27002, and GDPR. Understanding of security controls and their effectiveness. Familiarity with assurance frameworks. Experience in delivering information security certification and maintaining compliance. Experience in creating and reviewing IS security policies. High-level understanding of operational technology systems and their risks. Ability to obtain UK security clearance and have been a UK resident for 5 years or more. What you'll get: Up to 75,000 salary DOE. Annual bonus up to 15%. Flexible hours and hybrid working. Up to 12% Employer contribution pension. 25 days holiday (increases with service). Car allowance/company car scheme. And many more such as healthcare, course fees etc. Clearance Requirements: Due to the nature of this role, the successful candidate must be eligible for security clearance. To qualify, you must have lived permanently in the UK for 5 years or more. If you meet a handful of the above requirements and are interest in the role then please apply and I will be in touch shortly to discuss the role in more detail. To find out more about Computer Futures please visit (url removed) Computer Futures, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy Registered office 8 Bishopsgate, London, EC2N 4BQ, United Kingdom Partnership Number OC(phone number removed) England and Wales
Feb 13, 2025
Full time
Are you an experienced Information Security Manager looking for your next challenge? I'm currently working with a leading company in the energy sector who are looking for an Information Security Manager to join the team and lead them through a number of new projects. They are looking to innovate and drive the future of energy, ensuring safety, security, and efficiency in everything they do. As the Information Security Manager you will oversee the risk management and IT security governance. In this role, you'll develop and implement security processes and policies, ensuring their systems are secure and compliant with industry standards. What you'll do: Manage risk and IT security governance, including compliance with standards like ISO27001. Conduct technical and non-technical risk assessments and monitor compliance with security policies. Lead internal and external audits, ensuring timely resolution of any issues. Develop business continuity plans, working with emergency planning teams. Regularly review and update security policies and procedures. Manage relationships with security vendors and contractors. Support the delivery of security regulatory and project assurance. Continually improve security processes and compliance initiatives. Deputise for the Head of Cyber Security when needed. What you'll need: Knowledge of information security risk management (e.g. ISO27001). IT/IS security qualifications such as CISSP. Certified Information Systems Auditor (CISA). Experience with ISO27001, ISO27002, and GDPR. Understanding of security controls and their effectiveness. Familiarity with assurance frameworks. Experience in delivering information security certification and maintaining compliance. Experience in creating and reviewing IS security policies. High-level understanding of operational technology systems and their risks. Ability to obtain UK security clearance and have been a UK resident for 5 years or more. What you'll get: Up to 75,000 salary DOE. Annual bonus up to 15%. Flexible hours and hybrid working. Up to 12% Employer contribution pension. 25 days holiday (increases with service). Car allowance/company car scheme. And many more such as healthcare, course fees etc. Clearance Requirements: Due to the nature of this role, the successful candidate must be eligible for security clearance. To qualify, you must have lived permanently in the UK for 5 years or more. If you meet a handful of the above requirements and are interest in the role then please apply and I will be in touch shortly to discuss the role in more detail. To find out more about Computer Futures please visit (url removed) Computer Futures, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy Registered office 8 Bishopsgate, London, EC2N 4BQ, United Kingdom Partnership Number OC(phone number removed) England and Wales
Are you an experienced Information Security Manager looking for your next challenge? I'm currently working with a leading company in the energy sector who are looking for an Information Security Manager to join the team and lead them through a number of new projects. They are looking to innovate and drive the future of energy, ensuring safety, security, and efficiency in everything they do. As the Information Security Manager you will oversee the risk management and IT security governance. In this role, you'll develop and implement security processes and policies, ensuring their systems are secure and compliant with industry standards. What you'll do: Manage risk and IT security governance, including compliance with standards like ISO27001. Conduct technical and non-technical risk assessments and monitor compliance with security policies. Lead internal and external audits, ensuring timely resolution of any issues. Develop business continuity plans, working with emergency planning teams. Regularly review and update security policies and procedures. Manage relationships with security vendors and contractors. Support the delivery of security regulatory and project assurance. Continually improve security processes and compliance initiatives. Deputise for the Head of Cyber Security when needed. What you'll need: Knowledge of information security risk management (e.g. ISO27001). IT/IS security qualifications such as CISSP. Certified Information Systems Auditor (CISA). Experience with ISO27001, ISO27002, and GDPR. Understanding of security controls and their effectiveness. Familiarity with assurance frameworks. Experience in delivering information security certification and maintaining compliance. Experience in creating and reviewing IS security policies. High-level understanding of operational technology systems and their risks. Ability to obtain UK security clearance and have been a UK resident for 5 years or more. What you'll get: Up to 75,000 salary DOE. Annual bonus up to 15%. Flexible hours and hybrid working. Up to 12% Employer contribution pension. 25 days holiday (increases with service). Car allowance/company car scheme. And many more such as healthcare, course fees etc. Clearance Requirements: Due to the nature of this role, the successful candidate must be eligible for security clearance. To qualify, you must have lived permanently in the UK for 5 years or more. If you meet a handful of the above requirements and are interest in the role then please apply and I will be in touch shortly to discuss the role in more detail. To find out more about Computer Futures please visit (url removed) Computer Futures, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy Registered office 8 Bishopsgate, London, EC2N 4BQ, United Kingdom Partnership Number OC(phone number removed) England and Wales
Feb 13, 2025
Full time
Are you an experienced Information Security Manager looking for your next challenge? I'm currently working with a leading company in the energy sector who are looking for an Information Security Manager to join the team and lead them through a number of new projects. They are looking to innovate and drive the future of energy, ensuring safety, security, and efficiency in everything they do. As the Information Security Manager you will oversee the risk management and IT security governance. In this role, you'll develop and implement security processes and policies, ensuring their systems are secure and compliant with industry standards. What you'll do: Manage risk and IT security governance, including compliance with standards like ISO27001. Conduct technical and non-technical risk assessments and monitor compliance with security policies. Lead internal and external audits, ensuring timely resolution of any issues. Develop business continuity plans, working with emergency planning teams. Regularly review and update security policies and procedures. Manage relationships with security vendors and contractors. Support the delivery of security regulatory and project assurance. Continually improve security processes and compliance initiatives. Deputise for the Head of Cyber Security when needed. What you'll need: Knowledge of information security risk management (e.g. ISO27001). IT/IS security qualifications such as CISSP. Certified Information Systems Auditor (CISA). Experience with ISO27001, ISO27002, and GDPR. Understanding of security controls and their effectiveness. Familiarity with assurance frameworks. Experience in delivering information security certification and maintaining compliance. Experience in creating and reviewing IS security policies. High-level understanding of operational technology systems and their risks. Ability to obtain UK security clearance and have been a UK resident for 5 years or more. What you'll get: Up to 75,000 salary DOE. Annual bonus up to 15%. Flexible hours and hybrid working. Up to 12% Employer contribution pension. 25 days holiday (increases with service). Car allowance/company car scheme. And many more such as healthcare, course fees etc. Clearance Requirements: Due to the nature of this role, the successful candidate must be eligible for security clearance. To qualify, you must have lived permanently in the UK for 5 years or more. If you meet a handful of the above requirements and are interest in the role then please apply and I will be in touch shortly to discuss the role in more detail. To find out more about Computer Futures please visit (url removed) Computer Futures, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy Registered office 8 Bishopsgate, London, EC2N 4BQ, United Kingdom Partnership Number OC(phone number removed) England and Wales
