14 jobs found

HackerOne is a global leader in Continuous Threat Exposure Management (CTEM). The HackerOne Platform unites agentic AI solutions with the ingenuity of the world's largest community of security researchers to continuously discover, validate, prioritize, and remediate exposures across code, cloud, and AI systems. Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming, and code security, HackerOne delivers measurable, continuous reduction of cyber risk for enterprises. Industry leaders, including Anthropic, General Motors, Goldman Sachs, Lufthansa, Uber, UK Ministry of Defence, and the U.S. Department of Defense, trust HackerOne to safeguard their digital ecosystems. HackerOne was recognized in Gartner's Emerging Tech Impact Radar: AI Cybersecurity Ecosystem report for its leadership in AI Security Testing and has been named a Most Loved Workplace for Young Professionals (2024). HackerOne is at a pivotal inflection point in the security industry. Offensive security is no longer optional - it is the standard for forward-thinking companies that want to build trust and resilience in a world where AI-driven innovation and adversaries are moving faster than ever. With the industry shifting, HackerOne stands apart: we combine the ingenuity of the largest security research community with a best-in-class AI-powered platform, trusted by the world's top organizations. HackerOne Values HackerOne is dedicated to fostering a strong and inclusive culture. HackerOne is Customer Obsessed and prioritizes customer outcomes in our decisions and actions. We Default to Disclosure by operating with transparency and integrity, ensuring trust and accountability. Employees, researchers, customers, and partners Win Together by fostering empowerment, inclusion, respect, and accountability. Privacy Counsel Remote Location: United Kingdom Position Summary HackerOne is seeking a Privacy Counsel to join our Privacy function to support the growing volume and complexity of global data protection, AI governance, and commercial contracting needs across the business. In this role, you will help accelerate product development, sales motions, internal procurement and cross-border data operations by providing thoughtful, practical, and globally relevant privacy support. In addition to our legal and privacy teams, you will work closely with colleagues in our Product, Security, Compliance, Engineering, and Sales to deliver clear guidance, supporting privacy assessments, and review customer and vendor agreements to help us move quickly and responsibly as we grow. This is an individual contributor role ideal for a privacy lawyer who enjoys hands on work, cross functional collaboration, and applying structured legal thinking to emerging technologies. What You Will Do Apply an AI-First approach by using AI tools responsibly to improve research quality, drafting efficiency, and privacy assessment workflows. Demonstrate Change Agility by adapting quickly to evolving global privacy and AI regulations, adjusting guidance as new risks, tools, or requirements emerge. Use First Principles Problem Solving to simplify complex privacy questions, clarify assumptions, and provide clear, structured recommendations. Leverage Data-Driven Decision Making during DPIAs, and related assessments by grounding evaluations in evidence, criteria, and regulatory expectations. Support the current Privacy function with global privacy assessments, including DPIAs, AI DPIAs, TIAs, LIAs, and other structured risk reviews. Review new and existing product features, AI capabilities, and data practices as part of privacy-by-design, identifying risks and opportunities early in development. Draft, review, and negotiate data processing agreements (DPAs), privacy terms, and commercial contracts to support global sales and procurement. Maintain and update privacy contractual documentation and internal templates and policies. Create and deliver internal training on privacy and AI governance. As part of the Privacy function, support internal and external privacy audits, coordinate with external advisors, and ensure alignment across business functions on assessment findings and remediation. Monitor evolving privacy laws, case law, AI governance frameworks, and regulatory trends, sharing key insights with stakeholders to maintain compliance and anticipate future requirements. Minimum Qualifications Qualified lawyer (UK or EU) with GDPR experience PQE 5+ years (mix of in house or private practice experience). Years matter less to us than impact. If you have relevant specialist experience, apply even if you don't quite hit the 5+ years. Strong knowledge of EU/UK GDPR and familiarity with global privacy laws (US, Middle East, Asia). Experience drafting and negotiating data processing agreements and handling privacy related issues in a global business context. Proven ability to manage data breaches, regulatory notifications and privacy audits. Excellent communication skills with the ability to simplify complex legal concepts for non legal audiences. Strong understanding of AI technologies, their ethical implications, and related legal frameworks. Excellent analytical, problem solving, and decision making skills with the ability to provide practical and strategic legal advice. Experience in using privacy management systems such as OneTrust is required. Ability to manage multiple priorities and work collaboratively across diverse teams. Comfortable working independently in a fast paced, global environment Preferred Qualifications Certified Information Privacy Professional (CIPP), Artificial Intelligence Governance Professional (AIGP) and other relevant certifications, German language proficiency. Experience in cybersecurity, offensive security, or SaaS environments. Compensation Band UK Tier: £80K - £100K • Offers Equity Job Benefits: Health (medical, vision, dental), life, and disability insurance Equity stock options Retirement plans Paid public holidays and unlimited PTO Paid maternity and parental leave Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act) Employee Assistance Program Flexible Work Stipend Eligibility may differ by country We're committed to building a global team! For certain roles outside the United States, India, the U.K., and the Netherlands, we partner with as our Employer of Record (EOR). Visa/work permit sponsorship is not available. Employment at HackerOne is contingent on a background check. HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws. This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time. For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.

Role: Location: Reading Contract: Contract Working Model: Hybrid Overview We are seeking an experienced Cloud Vulnerability Specialist to lead and mature end-to-end vulnerability management for a complex, cloud-first environment click apply for full job details

What We Are Looking For As a Red Team Specialist focused on GenAI models, you will play a critical role in safeguarding the security and integrity of commercial cutting-edge AI technologies. Your primary responsibility will be to analyze and test commercial GenAI systems including, but not limited to, language models, image generation models, and related infrastructure. The objective is to identify vulnerabilities, assess risks, and deliver actionable insights that strengthen AI models and guardrails against potential threats. Key Responsibilities Execute sophisticated and comprehensive attacks on generative foundational models and agentic frameworks. Assess the security posture of AI models and infrastructure, identifying weaknesses and potential threats. Collaborate with security teams to design and implement effective risk mitigation strategies that enhance model resilience. Apply innovative testing methodologies to ensure state-of-the-art security practices. Document all red team activities, findings, and recommendations with precision and clarity. Requirements Must-Have Proven track record in AI vulnerability analysis. Strong understanding of AI technologies and underlying architectures, especially generative models and frameworks. Minimum of 5 years of experience in offensive cybersecurity, with a focus on cloud and API security. Familiarity with agentic frameworks and hands-on experience in agentic development. Proficiency in Python. Exceptional analytical, problem-solving, and communication skills. Ability to thrive in a fast-paced, dynamic environment. Nice-to-Have Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Demonstrated experience building production-quality pipelines and automations. Hands-on experience with machine learning development frameworks and environments. Advanced certifications in offensive cybersecurity (e.g., OSWE, OSCE3, SEC542, SEC522). Certifications or background in DevOps/ML domains. Webint / OSINT experience. About ActiveFence ActiveFence is the leading provider of security and safety solutions for online experiences, safeguarding more than 3 billion users, top foundation models, and the world's largest enterprises and tech platforms every day. As a trusted ally to major technology firms and Fortune 500 brands that build user-generated and GenAI products, ActiveFence empowers security, AI, and policy teams with low-latency Real-Time Guardrails and a continuous Red Teaming program that pressure-tests systems with adversarial prompts and emerging threat techniques. Powered by deep threat intelligence, unmatched harmful-content detection, and coverage of 117+ languages, ActiveFence enables organizations to deliver engaging and trustworthy experiences at global scale while operating safely and responsibly across all threat landscapes.

Security Incident Specialist page is loaded Security Incident Specialistlocations: Lisbona: Milano - Martesana: Madrid: London: Edinburghtime type: Full timeposted on: Posted 30+ Days Agojob requisition id: RR Security Incident Specialist (Open) We're Nadara. We work harmoniously with the power of nature and the communities around us to power lifetimes to come. We call our approach 'living energy'. We don't just produce renewable energy, we live it - recognising our relationship with the people touched by our business and supporting social, educational, cultural, and environmental initiatives that contribute to the development of the communities we work alongside. Discover more about our business here: Nadara is an innovative place to work. We work in a stimulating and challenging environment, where every day we explore the unknown with curiosity, make decisions with quality and take action and deliver with courage. For us diversity is a real value, and we encourage in connecting different perspectives with respect. Discover more about our culture and approach here: Job Description Summary: The Security Incident Specialist is responsible for ensuring robust incident management by investigating and addressing security incidents reported by or assigned to the SOC. This role involves leading incident response efforts, escalating issues to designated owners when necessary, and coordinating the implementation of Azure Security Solutions, including Azure DLP, Defender, and Defender for Cloud. Additionally, the specialist will support the development and refinement of policies and procedures to enhance Security Incident Management and Cybersecurity practices. Job Description: The Security Incident Specialist is responsible for ensuring robust incident management by investigating and addressing security incidents reported by or assigned to the SOC. This role involves leading incident response efforts, escalating issues to designated owners when necessary, and coordinating the implementation of Azure Security Solutions, including Azure DLP, Defender, and Defender for Cloud. Additionally, the specialist will support the development and refinement of policies and procedures to enhance Security Incident Management and Cybersecurity practices.Reporting to the Cybersecurity Manager, the Security Incident Specialist is responsible for maintaining, measuring, and improving the overall Incident Management process within the assigned scope, budget, and timeline. Key responsibilities include: Demonstrating familiarity with Microsoft Security Solutions (Defender, Sentinel, Azure, Entra, etc.). Implementing Azure Security Solutions to strengthen the organization's security posture and optimize incident handling processes. Maintaining and developing the company's security monitoring systems and ensuring efficient SIEM ingestion (Sentinel). Ensuring the proper collection of logs, alerts, and incidents for effective monitoring and response. Reviewing and developing analytics and playbooks for incident classification, assignment, and response automation. Reporting the status and outcomes of incidents and investigations to company stakeholders. Writing clear and comprehensive incident reports, combining logs and evidence, tailored for both C-level executives and technical teams. Coordinating the Incident Management process with Vulnerability Management to ensure cohesive security operations. Supporting initiatives to enhance secure architectures, reducing the potential threat landscape. Aligning the Incident Management process with organizational policies, procedures, and security guidelines. Key Requirements Master/Bachelor Degree on cybersecurity or computer science and 3y+ as SOC analyst, or undergraduate and 5y+ as SOC analystExcellent practice on SIEM/SOAR (Sentinel) maintenance and development Log collection, analysis and correlation Incidents investigations and response Malware analysis Phishing analysis File system checks and memory dump Ioc editing and searching Good practice on: Evidence acquisition and retention Secops scripting (bash, vbscript, Powershell, python) Threat intelligence and OSINT. Support the cybersecurity policies and procedures definition (especially Security Incident Management)Eager to learn, curious mind to find threats, discover backdoors, find attack vectors, talented to build and show samples for scratchHighly effective communication skills and be capable of presenting data clearly to various audienceExcellent written and verbal EnglishAbility to work within complex teams and in an international environment. Desirable Requirements Certifications: Blue Team Level 1 (BTL1), Blue Team Level 2 (BTL2), eCTHP, eCIR, GCIH, SC-200 AZ-500, AZ-900, Certified CyberDefender (CCD) or similar.Experience in cybersecurity governance, including the development and alignment of policies, frameworks and compliance strategies. A stimulating international environment. You will never get bored! People - centric approach. This is our one and only way of thinking! Stimulating challenges and growing opportunities The possibility to work in a team where people are passionate about their job Location: Lisbona Time Type: Full time Worker Subtype: Regular

IT Security Tooling Specialist - Luton page is loaded IT Security Tooling Specialist - Lutonlocations: GBR Client Site (CSC Location)time type: Full timeposted on: Posted Yesterdayjob requisition id: Job Description: Hybrid/Onsite - Luton Suitable candidates for this role must be able to work Hyrbrid minimum 2 days per week in Luton and be eligible for SC Clearance.At DXC Technology, delivering excellence for our customers and colleagues is more than just a motto, it's something we strive towards constantly through our work. Every day we deliver mission critical services in a secure environment whilst promoting our people first agenda, a real sense of community and a healthy work-life balance. Our consistently positive customer feedback and continuous growth helps us cement our place as one of the world's leading IT solutions enterprises, helping us deliver services and solutions in both challenging and exciting situations.We are seeking a skilled and proactive IT Security Tooling Specialist to support the maintenance, and optimization of security tools across the organization. This role is pivotal in ensuring our security infrastructure is robust, well-integrated, and aligned with industry best practices. The successful candidate will work closely with security operations, infrastructure, and application teams to ensure tooling supports threat detection, incident response, and compliance requirements. Key Tools and Experience: McAfee EPO ForcePoint Zscaler Pulse VPN IPSEC/SSL Nagios Key Responsibilities: Administer and maintain security tools such as SIEM, endpoint protection, vulnerability scanners, and identity & access management platforms. Assist in the deployment and configuration of new security technologies and integrations. Monitor tool performance and ensure data quality, coverage, and alerting accuracy. Collaborate with internal teams to ensure tools are aligned with business and security objectives. Support incident response activities by ensuring tooling provides actionable insights and forensic data. Document configurations, procedures, and tool usage guidelines. Participate in tool evaluations and proof-of-concept initiatives. Provide technical support and troubleshooting for security tooling issues. Stay current with emerging security technologies and recommend improvements.At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We're committed to fostering an inclusive environment where everyone can thrive.Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available . locations: GBR Client Site (CSC Location)time type: Full timeposted on: Posted 19 Days Agolocations: GBR Client Site (CSC Location)time type: Full timeposted on: Posted 19 Days AgoDXC Technology (NYSE: DXC) helps global companies run their mission-critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability across public, private and hybrid clouds. The world's largest companies and public sector organizations trust DXC to deploy services to drive new levels of performance, competitiveness, and customer experience across their IT estates. Learn more about how we deliver excellence for our customers and colleagues at .

Overview As a Red Team Specialist focused on GenAI models, you will play a critical role in safeguarding the security and integrity of commercial cutting-edge AI technologies. Your primary responsibility will be to analyze and test commercial GenAI systems including, but not limited to, language models, image generation models, and related infrastructure. The objective is to identify vulnerabilities, assess risks, and deliver actionable insights that strengthen AI models and guardrails against potential threats. Responsibilities Execute sophisticated and comprehensive attacks on generative foundational models and agentic frameworks. Assess the security posture of AI models and infrastructure, identifying weaknesses and potential threats. Collaborate with security teams to design and implement effective risk mitigation strategies that enhance model resilience. Apply innovative testing methodologies to ensure state-of-the-art security practices. Document all red team activities, findings, and recommendations with precision and clarity. Requirements Must-Have Proven track record in AI vulnerability analysis. Strong understanding of AI technologies and underlying architectures, especially generative models and frameworks. Minimum of 5 years of experience in offensive cybersecurity, with a focus on cloud and API security. Familiarity with agentic frameworks and hands-on experience in agentic development. Proficiency in Python. Exceptional analytical, problem-solving, and communication skills. Ability to thrive in a fast-paced, dynamic environment. Nice-to-Have Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Demonstrated experience building production-quality pipelines and automations. Hands-on experience with machine learning development frameworks and environments. Advanced certifications in offensive cybersecurity (e.g., OSWE, OSCE3, SEC542, SEC522). Certifications or background in DevOps/ML domains. Webint / OSINT experience. About ActiveFence ActiveFence is the leading provider of security and safety solutions for online experiences, safeguarding more than 3 billion users, top foundation models, and the world's largest enterprises and tech platforms every day. As a trusted ally to major technology firms and Fortune 500 brands that build user-generated and GenAI products, ActiveFence empowers security, AI, and policy teams with low-latency Real-Time Guardrails and a continuous Red Teaming program that pressure-tests systems with adversarial prompts and emerging threat techniques. Powered by deep threat intelligence, unmatched harmful-content detection, and coverage of 117+ languages, ActiveFence enables organizations to deliver engaging and trustworthy experiences at global scale while operating safely and responsibly across all threat landscapes.

Deep Understanding of Prompt injection, an evolving LLM vulnerability that allows attackers to embed conflicting or deceptive instructions into user inputs that override system prompts - often to extract sensitive data and subvert AI behavior. Understanding of Sensitive information disclosure (PII Leakage) and Data & model poisoning Model tampering and extraction Supply chain and third-party risks Risk mitigation and best practices Familiarity with OWASP top 10 for LLMs and MITRE ATLAS frameworks Knowledge of APIs, HTTP request/response structure and token based authentication Ability to build scripts and integrations with REST APIs in at least one supported language (Python, Node.js, or others) explain request shaping, authentication and error handling Containerization and docker knowledge Kubernetes and container orchestration Cloud Provider tools (AWS, Azure, GCP), setup systems and manage networking Cloud Provider IAM Moderate DevOps skills and troubleshooting A background in sales engineering, professional services, or technical support, with the ability to engage both technical and business audiences. Proven success working in distributed, remote-first environments. We're looking for a colleague with a great compassion for taking care of prospective customers and their challenges combined with well-rounded technical, analytical, and sales skills. You appreciate the importance of teamwork, but will also benefit from your proactive approach to solving challenges and helping external and internal parties. Experience with log management, SIEM, and EDR is a significant bonus. Ideally, you've participated in one or more of the common sales processes such as MEDDPICC, Challenger Selling, or Value Selling in a presales or architect role. Ability to adapt, thrive and excel in a fast-moving, nimble environment. Comfortable in a team selling environment, working in close collaboration with peers in the CrowdStrike sales organization. You take a consultative sales approach - ability to challenge companies/businesses to think differently. Strength in evangelizing technology and new account acquisition (hunting) - ability to discover and uncover new opportunities with prospects and existing business customers. Highly motivated and professional, with excellent verbal communication and interpersonal skills. Outstanding organizational skills with the attested ability to prioritize and complete multiple tasks to meet deadlines. Self-starter able to work independently but also team oriented - work together win together attitude. Excellent problem resolution skills - resourceful and constructive. Willingly experiment with new technologies, techniques, and approaches to understand and communicate the unique value of CrowdStrike's solutions. Remote-friendly and flexible work culture Market leader in compensation and equity awards Comprehensive physical and mental wellness programs Competitive vacation and holidays for recharge Paid parental and adoption leaves Professional development opportunities for all employees regardless of level or role Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections Vibrant office culture with world class amenities Great Place to Work Certified across the globe

Cybersecurity Specialist page is loaded Cybersecurity Specialistlocations: UK - London, White City: UK - Stevenagetime type: Full timeposted on: Posted Todaytime left to apply: End Date: January 30, 2026 (30+ days left to apply)job requisition id: JR100070 Work with us Our team are passionate in the pursuit of excellence and in pushing the boundaries of cancer therapy and Autoimmune disease to deliver life-changing treatments to patients.Whilst working at Autolus you will enjoy a flexible, diverse and dynamic working environment which actively promotes creativity, leadership and teamwork - together we are ONE Autolus. Job Description: Key Responsibilities# Ensure continuously monitoring of networks and systems for security breaches, suspicious activity, and anomalies using SIEM service/tools. Review existing configurations, identity areas for cybersecurity improvements and implement security controls to strengthen the overall security posture. Ensure security alerts and incidents are investigated to determine the scope and impact and coordinate timely responses and mitigation. Conduct regular vulnerability assessments and scans, prioritize risks, and recommend remediation steps. Assist in audits, ensure compliance with industry standards (e.g., ISO 27001, NIST, GDPR), and maintain documentation. Analyses threat intelligence feeds to stay informed about the latest threats, vulnerabilities, and threat actors. Contribute to security training programs and promote awareness of cybersecurity best practices among employees. Work closely with Cybersecurity Architect, infrastructure team, digital workplace team and other stakeholders to strengthen overall security posture. Maintain detailed records of incidents, risk assessments, and changes to security systems; prepare regular reports for management. Demonstrated skills and competencies E - Essential P - Preferred Experience E: Minimum of 5 years of experience in cybersecurity. E: Minimum of 2 years in security operations. P: Minimum of 2 years in validated pharmaceutical industry. Qualifications E: Bachelor's degree E: Relevant cybersecurity certifications (e.g. CompTIA Security+, CEH, ISC2 SSCP) E: Microsoft security certifications (e.g. SC-900, SC-200, SC-300, AZ-500) P: CISSP Certification (Certified Information Systems Security Professional) P: CISM Certification (Certified Information Security Manager) Skills/Specialist knowledge E: Hands-on experience working with security tools (e.g. EDR, XDR, SIEM, SOAR etc.) and advanced KQL expertise for threat detection and response. E: Strong knowledge of network protocols and device hardening (macOS, Linux, Windows) E: Knowledge of security technologies: DLP, IAM, encryption, SSO and, PAM and cloud security. E: Ability to work with internal and external security auditors P: Proficiency in cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001, CIS Controls, Microsoft Cloud Security benchmark, COBIT). P: PowerShell for automation of BAU tasks in Microsoft environmentAutolus' success is driven by equality and inclusion; we believe all voices are of equal value and must be heard.Whilst operating with focus and integrity, we are committed to improving diversity and inclusion within our business and our industry. Get In TouchIntroduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match.

Acuiti Labs is a specialist Global SAP consulting firm headquartered in London, UK, servicing clients globally for 'Consume to Cash' process transformation and optimization. We solve business challenges and problems using the most appropriate solution architecture, technology which fits into the client's requirements and provides optimum functionalities, build tech platforms, and enable market-winning digital strategies. Our core expertise and experience are in technology R&D, digital and business strategy. We deploy efficient and effective talent solutions to enable innovation and build software products and solutions in a robust and economic manner. We also have innovative business engagement models to suit the needs of each client. For moreinformation, please visit our website. Most Innovative Companies in The UK - 2024 Great Place to Work Certified - 2022, 2023, 2024 & 2025 What we believe in: We take pride in having a diverse and talented workforce spread across various geographical locations. We are a gender-neutral organization and we strongly believe in Diversity and Inclusion. Our core values include - Integrity Learning Organizational pride Respect What We Do: Innovation is at the heart of everything that Acuiti Labs offer. As an SAP Silver Partner, and an SAP BRIM company, Acuiti Labs has been delivering business technology solutions & digital transformation deploying SAP BRIM (Billing) on S/4HANA and cloud-based applications such as Subscription Billing, CPQ & Entitlement Management. Acuiti Labs come with the experience of multiple industry use cases to support the subscription and consumption-based Target Operating Models. This includes Mobility-as-a-Service (Travel using Public Transport and Private Vehicles), Tourism-as-a-Service (Hotels, Entertainment Parks), Ports-as-a-Service (Airports and Seaports), Postal-as-a-Service, Telco-as-a -service, and Software-as-a-Service. "Our core expertise and experience lie in providing reliable technology, enabling digital transformation for an intelligent enterprise, and offering business strategy consulting, and deploying innovative and efficient solutions. What we offer you: We are proud to be an organization that firmly believes in having a company culture that is friendly,motivating, nurturing, and challenging at the same time. we enthusiastically promote new policies and practices that ensures wellbeing of our employees. We offer comprehensive benefits including life insurance, group medical coverage for you and your family, and personal accident protection. Enjoy a supportive work-life balance with flexible hours, paid time off, and various lifestyle perks. Be recognized with monthly rewards, spot bonuses, and growth shares, while advancing your career with training, global exposure, and onsite opportunities. We're committed to your development, diversity, and well-being. Role Overview TheInformation Security Officer (ISO)will be responsible for establishing, implementing, monitoring, and improving Acuiti Labs'Information Security Management System (ISMS)andData Protection frameworkin alignment withISO/IEC 27001:2013,ISO/IEC 27001:2022, andISO/IEC 27701:2019standards. This role combines strategic planning, risk management, compliance oversight, and hands on execution to ensure robust protection of Acuiti Labs' information assets and adherence to regulatory and client requirements. Key Responsibilities 1. Planning Define information security goals and objectives aligned with Acuiti Labs' business strategy. Establish the scope and boundaries of the organization's ISMS. Develop and maintain information security policies, standards, and guidelines. Create classification policies for information assets and ensure appropriate handling procedures. Plan and implement ISMS in compliance withISO/IEC 27001standards. Develop risk management and security implementation frameworks with measurable KPIs. Define and maintain a process for continuous review and improvement of security policies and procedures. 2. Information Security Management Maintain and improve the organization-wideInformation Security and Risk Management Plan. Ensure integration of security principles into all business and IT processes. Conduct regularrisk assessments, vulnerability analyses, and impact assessments. Define and implementrisk treatmentandresidual risk evaluationmeasures. Oversee incident response, including documentation, analysis, and remediation of security breaches. Monitor compliance with legal, regulatory, and contractual requirements. Lead organization-widesecurity awareness and training programsand measure their effectiveness. DriveBusiness Continuity and Disaster Recovery Planning (BCP/DR)initiatives, including periodic drills and updates. Manage change control processes for ISMS and IT infrastructure updates. Ensure vendor and contractor compliance with organizational security standards. 3. Data Protection Officer Responsibilities Serve as the primary point of contact fordata privacy and protection matters. Ensure compliance withISO/IEC 27701:2019,GDPR, and other relevant data protection laws. Maintain detailed records of all data processing activities. Conduct periodicdata protection impact assessments (DPIAs). Respond todata subject requestsand coordinate with supervisory authorities as needed. Monitor changes in privacy laws and update internal practices accordingly. 4. Information Security Auditing Conduct internalISMS auditsat least annually or after significant infrastructure changes. Evaluate compliance withlegal, regulatory, and organizational information security requirements. Prepare and present audit reports with actionable recommendations to senior management. Lead remediation efforts and ensure timely closure of audit findings. Qualifications Bachelor's or Master's degree in Information Technology, Computer Science, or related field. Relevant certifications such asCISSP, CISM, CISA, or CRISCare highly desirable. 5-10 years of progressive experience in Information Security, Risk Management, or IT Governance, ideally within theIT or SAP consulting industry. Proven experience implementing or maintainingISO/IEC 27001andISO/IEC 27701standards. Strong understanding ofIT audit principles,cybersecurity frameworks, andrisk assessment methodologies. Desired Skills and Competencies In-depth understanding ofinfrastructure security,cloud platforms (AWS, Azure),network security, andidentity management. Experience withMicrosoft technologies(Windows Server, Active Directory, M365) andServiceNow. Strong knowledge ofSAP ecosystemsecurity considerations preferred. Exceptional communication, leadership, and stakeholder management skills. Ability to work independently, manage multiple priorities, and drive cross functional collaboration. Strong ethical standards, analytical mindset, and commitment to continuous improvement. Awareness of global data privacy regulations and cybersecurity trends.