CrawlJobs Logo

External Security Certifications Analyst

United Kingdom, Northampton · Job Posted April 05, 2026
Apply Position
Job Link Share

Job Description

We are seeking an experienced ISO27001 auditor to join our globally expanding External Security Certifications team. In this role, you will support the internal and external ISO27001 audit program and BSI Kitemark & Cyber Essentials recertification projects. As part of an expanding scope you will be required to travel and support audit within the UK, with potential for international travel based on requirements. You’ll work closely with an experienced team to support vulnerability management, plan and perform audit functions and represent the bank to external auditors.

Job Responsibility

  • Allocation of the correct risk rating and remediation prioritisation to a vulnerability based on industry standards for assessment, available threat intelligence concerning exploitation, the reachability of the host (or asset) and the value of the service(s) running on the impacted host
  • Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting. Element owner of the Vulnerability Management Standard including Issues Management and Regulatory alignment
  • Communication of vulnerabilities to relevant parties including senior stakeholders, vendors, external security partners and affect business units using reports and dashboards and provide recommendations for improvement in vulnerability management practices
  • Collaboration with Threat intelligence and Cyber Operations teams to assess and contextualise exposure to latest threat trends and exploits and set appropriate remediation timescales
  • Definition of requirements and acceptance criteria for the implementation and maintenance of automation tools to streamline vulnerability management processes within operating systems and applications
  • Reporting of remediation status of Security Assurance Specialist team findings against Key Risk Indicators

Requirements

  • ISMS ISO27001 Internal Auditor – Ability to plan, deliver and report on an Information Security Management System internal continual assessment of a site location, function or process
  • Understanding of technical requirements and passing criteria as laid down by the UK National Cyber Security Centre for Cyber Essentials Plus
  • Understanding of technical requirements and passing criteria for BSI Kitemark certifications

Nice to have

  • ISMS ISO27001 Lead Auditor – Ability to plan, deliver and report on an Information Security Management System internal and external continual assessment of a site location, function or process
  • CISM certification or similar Cyber Security Management experience
  • Clear articulation of Cyber, IT & Information Security certifications, tools and functions within Barclays and the services and product set of the Group to meet certification criteria

What we offer

  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

External Security Certifications Analyst

8 matching positions

Senior Information Security Cyber Security Data Analyst

Senior Information Security Cyber Security Data Analyst – Assistant Vice Preside...
Location
Location
India , Pune
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8-12 years of relevant experience in Cyber Security, Information security, primarily into building data pipelines, Data collection and management, Data transformation etc.
  • Building Data Pipelines: Creating systems for collecting, storing, and transforming data from various sources. Impala, Hive
  • Data Collection and Management: Data engineers are responsible for gathering data from various sources, ensuring its quality, and making it accessible for analysis.
  • Data Transformation: They convert raw data into usable formats, often using ETL (Extract, Transform, Load) processes, to big data platform of Hadoop, Cloud technologies like DataBricks and Snowflake to make it suitable for analysis and reporting.
  • Applicable Certifications or willingness to earn within 12 months of joining
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor’s degree/University degree or equivalent experience
Job Responsibility
Job Responsibility
  • Identify potential information security (IS) risks and make recommendations for enhancement
  • Collect and analyze security risk evidence and coordinate with internal and external compliance and auditing agencies / officials
  • Execute meetings and communicate complex security topics and safe IS practices with all levels of the organization
  • Ensure that controls are utilized daily and that non-compliance remediation is addressed
  • Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts
  • Assist with defining and implementing IS standards to align procedures and practices in compliance with Citi standards
  • Educate and advise on safe information security practices and current, changing, and/or recommended information security requirements
  • Validate compliance with IS policies, practices, and procedures, and resolve a variety of IS related issues in coordination with the business
  • Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members
  • Has the ability to operate with a limited level of direct supervision.
  • Fulltime
Read More
Arrow Right
New

Information Security Analyst

Responsible for supporting Lulu Retail's information security governance, risk, ...
Location
Location
India , Kochi-Kerala
Salary
Salary:
Not provided
mantlesolutions.in Logo
Mantle Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in information security, Cybersecurity, Computer Science, or a related field
  • 2 years of experience in information security governance, risk, and compliance
  • Experience supporting ISO 27001, PCI-DSS, NIST, IT audits, or regulatory compliance programs is preferred
  • Good understanding of information security principles, risk management methodologies, and security frameworks
  • Professional certifications such as ISO 27001 LA, CISA, Security+ are desirable
  • Strong communication skills with the ability to explain technical concepts to non-technical stakeholders
  • Strong organizational and time management skills
  • Ability to work independently and collaboratively within a team
Job Responsibility
Job Responsibility
  • Assist in the development, maintenance, review, and communication of information security policies, standards, procedures, and guidelines
  • Conduct information security risk assessments for systems, applications, cloud services, projects, and business processes, and track remediation of identified risks
  • Monitor and maintain compliance with applicable regulatory, legal, and industry requirements, including ISO 27001, NIST, PCI-DSS, GDPR, PDPL, and internal security policies
  • Coordinate and support internal and external audits, security assessments, and regulatory reviews, including evidence collection, stakeholder coordination, documentation, and remediation tracking
  • Monitor security governance, risk, and compliance activities and prepare periodic reports, dashboards, metrics, and management presentations on security posture and compliance status
  • Support information security awareness and training initiatives, including awareness campaigns, phishing simulations, and monitoring employee participation and effectiveness
  • Collaborate with IT, application, cloud, and security teams to ensure security controls are implemented, maintained, and aligned with organizational policies, regulatory obligations, and project requirements
  • Support third-party and vendor security risk assessments, including due diligence reviews, security evaluations, and follow-up on remediation actions
  • Fulltime
Read More
Arrow Right

Information Security Analyst

We are looking for an Information Security Analyst to join our Risk, Legal and C...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
lgt.com Logo
LGT Gruppe Holding AG
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in security operations or related IT functions, such as networking or IT systems engineering
  • Strong understanding of security concepts such as server hardening & patching, M365 & Azure configuration, Endpoint Protection solutions, Vulnerability Management, Firewall configuration, user access management, data loss prevention
  • Strong understanding of security architecture concepts across on-premises, cloud, and SaaS environments
  • Experience assessing solution designs and identifying security risks at an architectural level
  • Ability to translate complex technical and policy-driven security requirements into business-friendly language
  • Strong pragmatic, risk-based mindset with the ability to balance security, usability, cost, and delivery timelines
  • Experience engaging in business projects, conduct threat modelling, risk assessments, controls design as well as validating the design and implementation of key controls
  • Experience driving security initiatives to align technical services with security policies
  • Strong problem-solving abilities, with a logical and methodical approach to tasks
  • Excellent communication skills, able to translate technical concepts for non-technical stakeholders
Job Responsibility
Job Responsibility
  • Responsible for maintaining a strong security environment, reducing cyber risk exposure, and supporting security operations, monitoring, and reporting
  • Contributes to LGT WM's information security strategy and risk framework while embedding security requirements into key business projects from the outset
  • Participates in initiatives to ensure compliance with privacy laws and external regulatory obligations, including GS 007
  • Support the cyber security assurance program, assisting audit activities and owning the remediation of findings
  • Support an effective cyber security assurance strategy over third parties / suppliers, enabling the business to engage with strategic partners without taking excessive risk
  • Conduct third party reviews when required
  • Actively participate in cyber security strategy formulation, prioritizing the protection of mission critical digital assets and maximizing the value of security investments
  • Participate in project delivery teams to provide security input throughout the solution lifecycle, from early design through to implementation and go-live
  • Participate in operational change management and ensure security related changes are adequately tested prior and post implementation, to reduce business impacts
  • Fulltime
Read More
Arrow Right

Analyst, Security Compliance

As a Compliance Analyst, you will play an important role in supporting Teradata'...
Location
Location
United States , California
Salary
Salary:
76400.00 - 114500.00 USD / Year
teradata.com Logo
Teradata
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must be a U.S. person located in the United States
  • A bachelor's degree in Information Security, Information Systems, or a related field, or equivalent experience, plus 1 to 3 years of experience in security, compliance, IT audit, or a related role
  • Foundational knowledge of security and privacy frameworks like ISO 27001, ISO 42001, SOC 1/2, HITRUST, and PCI DSS
  • Familiarity with FedRAMP (NIST SP 800-53), CMMC, and NIST SP 800-171 is strongly preferred
  • Experience supporting audits, risk assessments, or evidence collection activities
  • Strong organizational skills and the ability to manage multiple priorities in a deadline-driven environment
  • Effective communication skills, with the ability to work collaboratively across technical and non-technical teams
  • A working understanding of cloud security concepts and controls across environments such as AWS, Microsoft Azure, or Google Cloud Platform (GCP)
  • Familiarity with technologies and controls spanning hosts, databases, networking, and applications
  • Exposure to federal compliance artifacts and activities (SSP, SAR, POA&M, ConMon reporting) is a strong plus
Job Responsibility
Job Responsibility
  • Support day-to-day operations of Teradata's FedRAMP Moderate authorization, including continuous monitoring (ConMon) deliverables, POA&M management and remediation tracking, significant change documentation, and 3PAO annual assessment support
  • Assist with Teradata's CMMC compliance activities, including evidence collection and control mapping aligned to NIST SP 800-171
  • Gather, organize, and provide evidence of Teradata's security controls to support internal and external audits and certification activities
  • Coordinate with internal stakeholders to support compliance initiatives across the broader framework portfolio, including ISO 27001, SOC 2 Type 2, PCI DSS, HIPAA, and HITRUST
  • Respond to customer and prospect security requests, including security documentation packages, questionnaires, and audit support
  • Develop and maintain compliance metrics to track program health and support continuous improvement reporting
What we offer
What we offer
  • Healthcare
  • Life and disability insurance plans
  • 401(k)-retirement savings plan
  • Time-off programs
  • Fulltime
Read More
Arrow Right

Vulnerability Management Senior Cyber Security Analyst

Location (Primary) - Noida / Chennai (Secondary) GCF Level - 2A(01 nos) & 2B(01 ...
Location
Location
India , Noida
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must hands on experience with detection and monitoring tools (Microsoft Defender for Endpoint EDR/XDR, WIZ, NESSUS PRO, Dynatrace)
  • Experience information system management and mapping tools (CMDB, VISIT)
  • Good knowledge of software distribution tools (SCCM, Intune, Satellite, Ansible, etc.), and reporting and analysis tools (PowerBI)
  • Experience with ServiceNow (SNOW), specifically the SECOPS module
  • Strong understanding of - On-prem infrastructure, SaaS / IaaS / Cloud workloads, Application vulnerability context
  • Ability to enrich findings using CMDB / asset mapping tools
  • Working knowledge of - SCCM, Intune, Ansible, Satellite
  • Stakeholder & Coordination Skills
  • Documentation & Effective Communication - Clear communication (EN/FR preferred) with structured documentation mindset
  • Process & Continuous Improvement Mindset
Job Responsibility
Job Responsibility
  • Oversee the receipt, analysis, and tracking of vulnerabilities from various sources (CERT, scanning tools, division reports)
  • manage backlog processing, and create or update vulnerability tickets using multiple detection and asset management tools
  • Assess and identify impacted assets across various environments
  • Qualify vulnerabilities by evaluating exposure, versions, severity, attack vectors, and client context
  • Enhance asset information using CMDB, and promptly issue alerts for critical vulnerabilities
  • Develop, implement, and coordinate remediation plans by analyzing security advisories and scan reports
  • Defining tailored action strategies (including patches, workarounds, and updates)
  • Prioritizing tasks, tracking requests in ServiceNow
  • Sending criticality-based reminders, and supporting remediation teams
  • Monitor and validate patch application by ensuring timely verification
  • Fulltime
Read More
Arrow Right

Information Security Analyst

The Early–Mid Level Information Security Analyst supports MasTec’s security prog...
Location
Location
United States , Coral Gables
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience
  • Foundational knowledge of cloud platforms (AWS, Azure, or GCP)
  • Working knowledge of basic security concepts (IAM, encryption, networking, logging, least privilege)
  • Certifications: Security+, CC, AZ‑900, AWS Cloud Practitioner
Job Responsibility
Job Responsibility
  • Monitor security alerts across SIEM, SOAR, and cloud-native tools (AWS, Azure, GCP)
  • Perform investigation and triage of security incidents in an on-call 24/7/365 day environment
  • Support maintenance and tuning of SIEM/SOAR detection rules and automated playbooks
  • Contribute to threat hunting efforts using behavior analytics and AI-assisted tooling
  • Perform routine access reviews and support IT General Controls (ITGC) testing
  • Assist with internal and external audit requests, including evidence gathering
  • Support cloud security posture assessments and basic misconfiguration remediation
  • Assist in creating and maintaining security and DR policies and procedures
  • Participate in business continuity and disaster recovery exercises
  • Deliver or support security awareness training initiatives
What we offer
What we offer
  • Medical
  • Vision
  • Dental
  • Life and disability insurance
  • 401(k) plan
  • Fulltime
Read More
Arrow Right

IoT Security Analyst

At Vodafone, we’re not just shaping the future of connectivity for our customers...
Location
Location
Portugal , Lisboa
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • University degree as relevant to the role
  • Technical product development / product owner experience
  • Strong understanding of enterprise IT security principles, compliance frameworks, and risk management
  • Strong collaboration, communication, team working and influencing skills
  • Relevant product, platforms and technology experience with exposure to Platform Eco-systems
  • Ability to build E2E technology plans specific to products and platforms
  • Customer-centric focus ideally with experience defining capabilities and features through customer co-creation
  • In-life technology management and KPI performance relevant to products
  • Experience building technical specifications for products and in turn user stories, service models, in conjunction with business and technology teams
  • Backlog management and prioritization
Job Responsibility
Job Responsibility
  • Manage the interface to the IoT Line of Business (LoB) and to the Business Product Manager associated with your products/platform/developments
  • Negotiate, manage and agree demand into the practice for these products and manage the backlog, new features definition, roadmap prioritisation, operational governance and reporting
  • Work with wider practice leads, vendors, technology and operations teams to build the technology plan to inform and deliver the product/platform strategy and roadmap
  • Understand the technology, cyber security and compliance for the IoT products that are to be delivered
  • Work on the creation of capabilities and product feature requirements for developments related to security working jointly with the business product managers
  • Translate these into lower-level product/platform/operating model requirements ensuring these are underpinned by an E2E technical architecture (including user journeys and service models) working with other roles in Technology teams
  • Own and prioritise the security/compliance related features backlog using SAFe principles and WSJF scoring
  • Ensure compliance with internal and external security standards and regulatory requirements
  • Identify and manage security risks across IoT platforms, implementing proactive measures working with technology leads to drive and prioritize risk reduction
  • Collaborate with security architects and compliance teams to embed security into designs and delivery
What we offer
What we offer
  • Hybrid Work Model - Flexible hybrid work model with 8-10 in-office days per month, managed by team leaders
  • Vodafone Products and Services - Employees get a mobile phone, free communication plan, data card, and various discounts on services and products
  • Recognition - Recognition programs for innovative, creative, high-potential employees and exemplary behaviors
  • Health and Well-being - Well-being Program offers nutrition and psychological consultations, webinars, workshops, and discounts on various services and products
  • Learning - Access to Communities of Practice and a customizable digital training platform with high-quality content (namely Harvard Business Publishing and Skillsoft)
  • Local and International Mobility - Internal recruitment with local and international rotation opportunities across departments and roles
  • Fulltime
Read More
Arrow Right

Cloud Security Analyst

The Cloud Security Analyst will support the organization’s cloud security progra...
Location
Location
United States , East Rutherford
Salary
Salary:
Not provided
rennerbrown.com Logo
Renner Brown
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Preferred certifications include Security+ or relevant security-AWS certifications.
  • Bachelor’s Degree in Computer Science, Information Systems, or other related field. Or equivalent work experience.
  • Typically has 4 to 6 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, database design and administration
  • 2 to 4 years of experience with information security.
  • Must be familiar with general security controls and incident management.
  • History of ensuring compliance with both SOX and PCI.
  • Articulate and maintain a solid understanding of various technology capabilities present in Amazon Web Services (AWS), Microsoft Azure, or other similar providers.
  • Knowledge of "AWS" Platform preferably 2+ years AWS/Kubernetes experience or container-based technology
  • Strong hands-on experience with AWS services (EC2, S3, IAM, VPC, Lambda, etc.)
  • Familiarity with monitoring tools (CloudWatch, Prometheus, Grafana).
Job Responsibility
Job Responsibility
  • Design, implement, and maintain secure cloud foundations and landing zones with transferable governance across cloud providers, primarily in AWS & Azure. Support cloud migration projects from on-premises environments.
  • Design and develop cloud security strategy, standards and requirements alongside security best practices.
  • Deploy and manage cloud security technologies such as CASB, cloud security posture management (CSPM), and other cloud-native security controls to improve visibility and enforce security policies across cloud environments
  • Govern cloud identity and access management (IAM) including role-based access controls, service accounts, privileged access management, and integration with enterprise identity providers
  • Work closely with application teams, infrastructure engineers, and solution architects to design, build, and operate secure, scalable cloud platforms. Provide technical guidance throughout cloud adoption and modernization efforts.
  • Work with both internal and external auditors to ensure compliance with all relevant regulations including, but not limited to, SOX and PCI
  • Securely guide Saas solutions to meet security and business requirements, ensuring compliance with cloud security, identity management, encryption, and responsible AI guidelines
  • Evaluating new cloud services, platform capabilities, and AI infrastructure tooling for adoption
  • Provide Tier 3 support for cloud-related security incidents, partnering with Security Operations to investigate suspicious activity, validate detections, and remediate security issues within cloud platforms
Read More
Arrow Right