Business Information Security Officer (BISO) at Engine by Starling | London

Starling Bank is a digital bank based in the UK, with teams in London, Southampton, Cardiff, and Manchester. The company combines technology-driven innovation with the reliability of a fully licensed bank. Over 3,000 professionals work together at Starling, guided by values like Listen, Keep It Simple, Do The Right Thing, Own It, and Aim For Greatness. Role Overview The Director of Information Security will report to the Chief Information Security Officer (CISO) and lead the Office of the CISO. This position manages a team of Information Security analysts and plays a central role in strengthening Starling’s security capabilities and governance. This role suits an experienced information security leader with a track record in building teams and driving improvement. Candidates interested in progressing toward a future CISO role will find room to grow here. Main Responsibilities Oversee the Information Security Policy Framework, ensuring it meets the needs of Starling Group and its stakeholders while staying compliant with legislation and industry standards. Develop and maintain standards for implementing security controls and procedures. Work closely with external organizations and regulatory bodies to strengthen Starling’s security posture. Location This position is based in London, England, United Kingdom.

Join Smartdesc as an Information Security ConsultantLocation: Field-based, primarily in the London areaEmployment Type: Full-timeSalary: £70,000 - £80,000As an Information Security Consultant at Smartdesc, you will collaborate with the Information Security and technical delivery teams to implement robust security solutions for our clients.Your role will involve providing strategic guidance on Information Security, aiding clients in enhancing their security posture, and overseeing a variety of security projects. This includes assisting clients in implementing security controls, conducting assessments based on industry best practices, and delivering assessment reports to Senior Leadership Teams to bolster their security measures.The position encompasses a diverse array of responsibilities, from strategic governance and risk management to advising non-profit organizations on maximizing the value of Microsoft Business Premium, E3, and E5 security solutions. You should be comfortable presenting security information to varied audiences, from part-time volunteers to executive boards.This customer-facing role demands a meticulous eye for detail and a proven track record in delivering exemplary Information Security practices.Key ResponsibilitiesAssess and identify steps organizations must take to enhance their security posture, creating roadmaps for continuous improvement while maximizing existing Microsoft licensing.Align security practices with frameworks and standards such as Cyber Essentials, NCSC CAF, and ISO 27001.Own or oversee key Information Security processes and procedures.Manage the Smartdesc MDR management service.Implement and oversee Information Security Risk Management programs.Identify and manage remediation actions to mitigate risks.Develop and maintain Information Security Policies.Create and deliver general and role-specific Information Security Training and Awareness programs.Raise, investigate, and manage IT Security incidents, ensuring appropriate follow-up actions.Provide IT security support to various business functions, including digital teams, IT infrastructure, and IT Service Desk.Develop and oversee Information Security Internal Audit programs.Supervise ongoing security testing, reviews, and audits.

Kroo Bank is redefining banking by creating a customer-centric experience that prioritizes responsible financial management and leverages technology to simplify, democratize, and enhance transparency in everyday banking. As a fully regulated UK bank, we are supported by dedicated investors and are on a mission to grow our customer base while pursuing ambitious goals. Our commitment to excellence is evident in our fast-paced operations, thoughtful decision-making, and adherence to the highest standards of service, product development, risk management, and employee care.Job Overview:We are seeking a dynamic Head of Information Security (HoIS) to lead our IT security strategy and safeguard the organization against security threats targeting our digital assets. In this role, you will direct the security strategy, oversee operations, and drive product development to protect our enterprise information. Your responsibilities will include fostering security awareness, managing security operations, and ensuring robust policies and procedures are in place.Key Responsibilities:Oversee the daily operations and execution of the information security strategy.Design and maintain a proactive security roadmap encompassing cloud, mobile, AI, and software platforms.Work collaboratively with technology leaders to implement innovative security technologies and next-generation solutions.Guarantee secure configurations and ensure continuous compliance across IaaS, PaaS, and SaaS environments.Conduct ongoing assessments of existing security practices and systems, identifying and addressing areas for enhancement.Perform security audits and risk assessments, providing recommendations to mitigate threats and vulnerabilities.Manage the Information Security Management System (ISMS) and uphold ISO 27001 certification.Ensure adherence to relevant compliance and governance standards.Collaborate with operational teams to develop, implement, and test business continuity plans for security breaches and disaster recovery scenarios.Safeguard the organization's intellectual property consistently.Monitor security vulnerabilities and potential hacking threats across network and host systems.Lead security operations, including Managed SOC, threat intelligence, detection, and response capabilities.Establish KPIs and KRIs to measure security maturity and provide consistent security reporting to Executive and Board stakeholders.Manage and nurture the information security team.Promote and educate the organization on the latest security strategies and technologies.Oversee the IT security budget and communicate effectively with stakeholders.

AJ Bell seeks an Information Security Architect to safeguard digital assets and advance security practices. This hybrid role is available in either Manchester or London. Key responsibilities Design and implement security frameworks that protect company systems and sensitive data. Identify vulnerabilities across digital platforms, providing recommendations to address risks. Ensure security measures align with industry standards and compliance requirements. Collaborate with teams throughout the business to shape security strategies that support organizational objectives. Location This position offers a hybrid work model, with the option to be based in Manchester or London.

AJ Bell seeks a Senior Information Security Engineer to strengthen the protection of company information systems and support compliance initiatives. The position is offered as a hybrid role, with the option to work from either the Manchester or London office and some flexibility for remote work. Key responsibilities Identify and assess security vulnerabilities within company systems Implement and maintain security controls to protect data and infrastructure Collaborate with teams across the business to promote effective security practices Assist in maintaining compliance with relevant regulations and internal policies Location This role is based in Manchester or London with a hybrid work arrangement, allowing for both office presence and remote work.

Role overview The Chief Information Security Officer at mangroup will lead information security efforts from the London office. This executive position carries responsibility for shaping the overall security strategy, protecting digital assets, and managing risks throughout the company. Key responsibilities Direct the creation and rollout of cybersecurity programs Safeguard company data and digital systems from security threats Identify, evaluate, and manage information security risks Work closely with senior leadership to ensure security initiatives support business objectives Maintain compliance with applicable regulations and industry standards Location This position is based in London.

Join Palantir Technologies as an Information Security Engineer in London, where you will play a critical role in safeguarding our cutting-edge technology and sensitive data. Your expertise will help us develop and implement robust security strategies, ensuring that our platforms remain secure against evolving threats.

Isomorphic Labs is looking for an Information Security Engineer based in either Lausanne or London. This role centers on safeguarding digital assets and upholding effective security practices throughout the company. Key responsibilities Collaborate with teams across departments to design and implement security controls Monitor systems and workflows to identify and address security threats Keep up to date with emerging security risks and trends Location This position is available in both Lausanne and London.

Join our dynamic team at bmlltech as a Senior Information Security Analyst specializing in ISMS Management. You will play a crucial role in safeguarding the integrity and confidentiality of our information assets. Your expertise will help us to establish, implement, and maintain an effective Information Security Management System (ISMS) that aligns with international standards.As part of your responsibilities, you will conduct risk assessments, develop security policies, and collaborate with cross-functional teams to ensure compliance with data protection regulations. You will also lead security awareness initiatives and provide guidance on best practices to enhance our security posture.

The impact you'll make:As the Information Security Team Lead, you will spearhead the daily operations and enhancement of Elliptic's information and cyber security initiatives. Your role will involve driving the adoption of SSDLC v2.0, strengthening our cloud and SaaS security frameworks, and ensuring readiness for external audits and customer due diligence. Collaborate closely with Engineering, Platform, Legal, Procurement, and Customer teams to mitigate risks while facilitating delivery and revenue, including the implementation of Enterprise Tier security features.Your responsibilities will include:Programme Ownership and ExecutionLead the execution of the InfoSec roadmap and performance metrics. Transform strategic objectives into actionable quarterly plans with quantifiable results.Establish necessary gates, controls, and reporting mechanisms for SSDLC v2.0 across build and deployment pipelines.Direct the baselining of CSPM/SSPM and the targeted reduction of misconfigurations and vulnerabilities.Risk Management, Assurance, and Audit PreparednessOversee ISMS processes in compliance with ISO 27001. Organize evidence collection for customer audits and external assurances (e.g., penetration testing, TPOs).Lead or contribute to risk management forums. Ensure prompt remediation, risk acceptance, and tracking of exceptions.Cloud and SaaS Security EnhancementsCollaborate with the Platform team to fortify AWS (IAM, KMS, network segmentation, Security Hub, GuardDuty, logging).Enhance endpoint security, identity and access management, vulnerability management, and logging throughout the organization.Leadership and Team CollaborationProvide daily guidance to TISO, Analysts, and cross-functional contributors.Foster a pragmatic, developer-friendly security culture through enablement, playbooks, and training.Vendor Management and Data GovernanceManage vendor security due diligence with defined SLAs and documentation trails. Assist data protection and BC/DR control owners.Required Qualifications:Demonstrated experience leading security initiatives in a cloud-native product environment.Deep understanding of security frameworks and compliance standards.Strong communication skills with the ability to collaborate effectively across teams.

Role Overview Evelyn Partners is looking for an Information Security Compliance Analyst in London. This position helps ensure the company’s security policies and procedures meet government regulations and industry standards. The analyst works closely with teams across the business to strengthen security practices. What You Will Do Monitor and assess compliance with security policies and procedures Support risk assessments and internal audits Participate in compliance reviews to identify gaps and recommend improvements Work with other departments to build awareness and improve security controls

POSITION OVERVIEW:The Medical Information department is a vital, client-facing role that facilitates the safe and effective utilization of pharmaceutical products by delivering timely, scientifically accurate, and evidence-based information in response to inquiries from healthcare professionals, patients, caregivers, and payers. Our team also plays a pivotal role in managing adverse events and product complaints. As a member of the Medical Information Contact Center (MICC), the Associate Director is responsible for ensuring client satisfaction through the management of assigned accounts, overseeing implementation, ongoing support, and regular meetings. This role necessitates a deep understanding of client requirements to ensure that deliverables align with expectations, including key performance indicators (KPIs). The Associate Director will also lead and support the professional development of direct reports, providing guidance on MICC operations and client/project management.This is a full-time position based from home, ideally suited for candidates located in Poland, Ireland, the UK, Italy, Portugal, Germany, or Spain. The successful candidate must have the legal right to work within the European Union or the UK.

Trainline connects millions of travelers with rail and coach tickets, offering a range of options through its app, website, and B2B channels. With a focus on making travel simpler and more sustainable, Trainline partners with over 270 transport companies in 40 countries. The company processes more than 135 million visits monthly and handles £6.3 billion in ticket sales each year. Headquartered in London and present in major European cities, Trainline's team includes more than 1,000 people from 50+ nationalities. The Security team works to strengthen risk management as technology and AI risks change. Collaboration with teams across the business helps keep systems and data secure. Role overview The Senior Information Security Risk Analyst, based in London and reporting to the GRC Manager, will play a key role in advancing Trainline’s security risk management program. This position focuses on addressing both established and emerging risks, particularly those related to AI and cloud technologies. What you will do Manage information security risks, including traditional cyber threats and AI-specific risks such as data quality and model bias. Align risk management activities with Trainline’s business risk appetite. Work with Engineering, Data Science, Legal, and Internal Audit teams to maintain a broad perspective on information, cyber, and AI risks. Promote strong risk governance in a cloud-first, AI-driven environment. Conduct risk assessments for both existing and new AI use cases. Collaboration This role requires frequent interaction with both technical and business teams. The aim is to make sure risk management practices are practical and integrated into daily operations.

Join Trustpilot as an Information Security Governance, Risk, and Compliance Analyst, where you'll play a pivotal role in enhancing our security posture. In this dynamic position, you will be responsible for identifying, assessing, and managing security risks while ensuring compliance with relevant regulations and best practices. You'll collaborate with cross-functional teams to promote a culture of security awareness and implement effective governance frameworks.

Join the Collibra Field Security TeamThe Field Security team serves as a vital connection between our Field teams and customers, prioritizing customer trust above all. We collaborate with Sales, Product, and Engineering to implement security initiatives that not only add business value but also enhance customer satisfaction and loyalty.Our customers guide our decisions, and we embody this by working closely with key clients to resolve significant and business-critical security challenges.This is a hybrid position based in our London office. Our hybrid model requires you to work from the office at least two days a week, fostering collaboration and team progress.

Role overview The Information Security Governance, Risk, and Compliance (GRC) Manager at AJ Bell will manage and strengthen the company’s information security policies. Based in either Manchester or London, this hybrid role centers on ensuring ongoing compliance with industry regulations and standards. Main responsibilities Develop and maintain the information security GRC framework. Assess risks across the business and implement mitigation strategies. Monitor and support adherence to industry standards and regulatory requirements. Lead internal audits and conduct compliance reviews. Report findings and progress to senior management. Work with teams throughout the organization to encourage security awareness and advance risk management initiatives. Work location This position is available in Manchester or London, with a hybrid working arrangement.

airapps is hiring a Security Engineer to help safeguard digital assets and infrastructure in the London Metropolitan Area. This role centers on identifying weaknesses, managing security risks, and ensuring strong security measures are in place. Key responsibilities Identify vulnerabilities throughout information systems Reduce and address security risks as they arise Implement and maintain effective security protocols Support efforts to comply with relevant industry standards Help strengthen the company’s overall security posture Location This position is based in the London Metropolitan Area.

Begin your journey. Elevate your career.We are actively looking for a Security Associate Director to join our dynamic Security and Technology Engineering team. This role offers an exciting opportunity to significantly influence future construction initiatives in major urban areas across Europe and beyond.The AECOM Security & Technology Engineering team is a specialized unit within the Building Engineering division, providing tailored Security and Technology design and support services that enhance the overall design activities of our building engineering teams.Our Buildings Engineering team comprises approximately 400 engineers who are engaged in large-scale construction projects, focusing on various specializations in London and globally. We operate in multiple sectors, including major commercial developments, extensive mixed-use projects, Critical National Infrastructure (CNI), and many more.Your ResponsibilitiesIn this role, you will oversee high-level technical and strategic security engineering services for new construction and fit-out projects throughout the RIBA stages, including:Conducting comprehensive risk assessments, formulating mitigation strategies, and drafting operational requirements.Leading master planning initiatives, from city-level strategies to mixed-use developments.Designing physical security solutions, encompassing electronic lock systems, walling, glazing, doors, barriers, and fencing.Crafting electronic security designs for video surveillance, access control systems, intruder detection, and intercom installations.Providing expert counter-terrorism guidance, including Hostile Vehicle Mitigation (HVM), bomb blast, and ballistic measures in collaboration with specialists.Join Us in Shaping the FutureAt AECOM, we offer a variety of core and customizable benefits designed to support your future and well-being, tailored to fit your lifestyle. You will have access to professional development opportunities, a flexible hybrid working model to maintain an optimal work-life balance, technical practice networks, AECOM University, and volunteer days.

Director of Corporate Safety and SecurityAbout Our TeamAt Deliveroo, we are proud to be one of the world's most reliable on-demand logistics platforms. Our Global Safety and Security team is dedicated to maintaining this trust by safeguarding our people, assets, operations, brand, and reputation across all regions we operate in. We effectively manage risk and create value through nimbleness, innovative technology, and a commitment to a people-centric approach. With the combined strength of our Deliveroo, DoorDash, and Wolt brands, we have expanded our presence to over 40 countries, multiple offices, and tens of thousands of employees. This rapid growth necessitates a robust Corporate Safety and Security function to match our ambition.About the RoleWe are seeking an accomplished Director to spearhead the development of our global Corporate Safety and Security function for Deliveroo, DoorDash, and Wolt. This is a unique opportunity to build from the ground up while reporting directly to the Senior Director of Global Safety and Security. You will be responsible for creating a comprehensive corporate physical security strategy that spans all our global operations, establishing the necessary standards, infrastructure, and team to realize this vision.The function centers around five core pillars: physical security infrastructure and operations; emergency preparedness and response; threat assessment and workplace violence prevention; safety, compliance, and risk management; and security awareness, training, and culture. Your mission will be to simultaneously build and manage all five pillars on a global scale.You will define the strategic vision, create the global roadmap for corporate physical security, establish high-performing international teams, and drive measurable results across each of the pillars. This role combines strategic leadership with hands-on operational execution. You will design the operational playbook, allocate resources effectively, nurture your team, and set the priorities, standards, and direction for the function. Success in your first year will be marked by a well-defined operating model, an evolving team structure, and tangible progress across all five pillars.This position requires deep expertise in safety and security, strong business acumen, and the ability to influence senior leaders within a dynamic, globally dispersed organization. You will collaborate closely with teams in Real Estate, Facilities, Workforce Strategy, IT, HR, Legal, and various business leaders to integrate physical security seamlessly into Deliveroo's operations. The role demands executive presence, operational discipline, and a proven track record of building programs from the ground up. Significant international travel will be required, especially in the initial phases of development, and the position is expected to be based in our London office full-time. The EMEA region hosts our highest concentration of offices worldwide, with London serving as the primary base.