Find your next tech and IT Job or contract Risk management in England

What you’ll do: Cybersecurity Risk Assessment : conduct and manage comprehensive risk assessments of suppliers, vendors, and partners to identify and mitigate cybersecurity threats in the supply chain Service Team Collaboration : support and assist Service Teams with the security aspects of their procurement needs, ensuring that appropriate information and cyber security requirements are included in tender documents, specifications and contracts Liaise with Commercial and Legal functions to ensure the requirements are included in tender and contract documentation Vendor Due Diligence : collaborate with procurement and legal teams to assess vendor security practices during onboarding and throughout the vendor lifecycle ensure third-party vendors comply with the organisation’s cybersecurity policies and standards Supply Chain Risk Management (SCRM) : develop and maintain a robust cybersecurity supply chain risk management (SCRM) program, including standardised supply chain risk logging, continuous monitoring, auditing, and evaluating third-party risk exposure individually, by category and in aggregate Compliance and Standards : ensure supply chain activities comply with relevant cybersecurity frameworks and regulations (e.g., NCSC Cyber Assessment Framework, GovS007, ISO 27001, GDPR/DPA18) Implement best practices from industry standards to secure supply chain operations Third-Party Contract Management : work with the legal and commercial teams to ensure cybersecurity clauses are included in supplier contracts Define key performance indicators (KPIs) and service level agreements (SLAs) around vendor cybersecurity responsibilities Periodically audit contracts for security terms, in order to understand any gaps in live contracts Incident Response : support the development of processes and protocols for managing third-party cybersecurity incidents, including coordinating with vendors during a breach, ensuring timely communication, and mitigating the impact on the organisation Vendor Cybersecurity Audits : lead or co-ordinate periodic cybersecurity audits of vendors and third parties to ensure they maintain high security standards Identify gaps and work with vendors to implement remediation plans Training and Awareness : provide training and support to internal stakeholders on supply chain cybersecurity risks and vendor management best practices Increase awareness of supply chain threats and trends within the organisation Collaboration and Communication : work closely with IT, risk, and procurement teams to communicate findings and recommended mitigations Ensure transparency and alignment between teams on cybersecurity risks and strategies ‘Intelligent customer’ supply chain management : contribute to the working relationship and management of inter-government supply chain, for example, internal services provided by another government department Supply Chain Resilience : develop strategies to ensure supply chain resilience in the face of cybersecurity threats, including supply chain mapping and diversification to mitigate risk Monitoring and Reporting : continuously monitor the security posture of the supply chain and provide regular reports to leadership on third-party risk exposure, incidents, and mitigation efforts

Head of IT Infrastructure and Security In summary we are looking to recruit an all-round individual with expert knowledge and hands-on experience of IT Infrastructure coupled with Security, Compliance & Risk Management You must have upwards of 10 years hands-on expertise in IT Infrastructure combined with Security and Risk – ideally from within the banking or insurance sector. The Head of IT Infrastructure and Security Lead is responsible for overseeing the organisation’s IT operations, ensuring the stability, continuity, security, and efficiency of its technology platforms within a global commercial insurance environment. Some of the key points to consider for this role are: Define and enforce cloud security policies, identity management, and access controls to protect systems, networks, and data. Oversee the adoption of zero-trust security principles to enhance protection across cloud platforms. Manage identity and access management (IAM) in a cloud-first environment, including Azure AD, MFA, Conditional Access, SSO, and Privileged Access Management (PAM). Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). Technology: Microsoft Azure Infrastructure design and administration, including topology, Azure networking, services, and component knowledge, Microsoft AD (Entra), Server and SQL experience, O365 administration and design Microsoft 365 & Azure: Strong experience managing Microsoft 365 (Exchange, SharePoint, Teams), Azure cloud infrastructure, and security tools such as Microsoft Defender and Sentinel. Security & Compliance: Deep knowledge of security frameworks (ISO 27001, NIST, CIS), compliance requirements (GDPR, SOC2), and risk management best practices. Summary: Problem-Solving & Decision-Making: Capable of making informed decisions and resolving complex IT issues in a fast-paced environment. Stakeholder Engagement: Ability to communicate effectively with technical and non-technical stakeholders, including senior leadership and business users. The role will involve managing a Cloud environment in a team of 4 Technical people. Managing 6 different suppliers which include Security, IT Networks, Hosting and Servers and 3 party software. The aim of the role is to bring the MSP’s (suppliers of hardware and software) to the same page for the stakeholders and the Board and ensure technology is running smoothly. The Client is a financial organisation based in the City of London. This is a hybrid position with 3 days in the office. Must have a Bachelor’s degree in IT or similar. The salary for this role will be in the range £85K - £95K plus Excellent Benefits. Do send your CV to us in Word format along with your salary and notice period.

Key Responsibilities Fulfil the Principal Designer role in line with CDM Regulations. Plan, manage, and coordinate health and safety during pre‑construction. Identify and manage design‑related risks through effective risk management. Chair HAZID reviews and ensure mitigation actions are implemented. Coordinate with the Principal Contractor to maintain CDM compliance during construction. Ensure designers meet their CDM duties and collaborate with the project team. Advise on client CDM responsibilities. Engage with contractors and stakeholders to promote safe design and delivery. Maintain compliance records and documentation. Develop internal CDM procedures, tools, and templates. Provide safety‑in‑design guidance and training. Operate as a billable resource and support continuous improvement in safety and compliance. RequirementsQualifications & Experience Relevant degree or equivalent experience. Health & Safety qualification (e.g. NEBOSH or equivalent). Strong knowledge of CDM Regulations 2015. Experience acting as Principal Designer or in a similar CDM role. Background in design risk management and construction safety. Experience working within multi‑disciplinary teams. Skills & Competencies Strong knowledge of UK health and safety legislation. Effective communication and stakeholder management skills. Ability to manage multiple projects concurrently. Commercial awareness and experience delivering billable services. Proactive, detail‑focused, and solution‑oriented approach. Ability to promote a positive safety culture. Desirable Chartered membership of a relevant professional body. Experience delivering health and safety training or mentoring. Experience in a client‑facing consultancy environment. Please click to find out more about our Key Information Documents. Please note that the documents provided contain generic information. If we are successful in finding you an assignment, you will receive a Key Information Document which will be specific to the vendor set-up you have chosen and your placement. To find out more about Progressive please visit Progressive Recruitment, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy | Registered office | 8 Bishopsgate, London, EC2N 4BQ, United Kingdom | Partnership Number | OC387148 England and Wales

IT Operations Platforms and Security Lead In summary the Client is looking to recruit an all-round individual with expert knowledge and hands-on experience of IT Infrastructure coupled with Security, Compliance & Risk Management You must have upwards of 10 years hands-on expertise in IT Infrastructure combined with Security and Risk – ideally from within the banking or insurance sector. The IT Operational Platform and Security Lead is responsible for overseeing the organisation’s IT operations, ensuring the stability, continuity, security, and efficiency of its technology platforms within a global commercial insurance environment. While Microsoft technologies (Microsoft 365, Azure, Exchange Online) form a core part of the infrastructure, the role also encompasses broader enterprise IT systems, multi layered networking, security, data management, and third-party platforms that support global business operations and the associated applications estate. The role requires a proactive leader who can drive IT operational excellence, manage security risks, focus on continual service improvement, drive transformational delivery projects, and work effectively with internal stakeholders and third-party vendors to deliver a high-quality Global IT services. Working in line with the Architecture defined IT principle of a "buy before build" environment, the individual will need to ensure that outsourced and cloud-based services are robust, cost-effective, and aligned with business needs and the Strategic IT vision. They will also play a key role in enhancing cybersecurity, protecting data and systems, driving transformative operational change, enhancing IT processes and ensuring compliance with governance bodies and industry regulations. Due to the nature of the role, complexity of the estate, current transformation activities and team size, the role requires the functional capability and proficiency to technically augment the team capabilities (when required) and have a detailed knowledge of technical IT support roles/services as a requirement, across multiple technical areas. Security, Compliance & Risk Management Define and enforce cloud security policies, identity management, and access controls to protect systems, networks, and data. Oversee the adoption of zero-trust security principles to enhance protection across cloud platforms. Manage identity and access management (IAM) in a cloud-first environment, including Azure AD, MFA, Conditional Access, SSO, and Privileged Access Management (PAM). Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). Conduct regular security risk assessments, penetration tests, and vulnerability management across cloud services. Oversee endpoint security, cloud network and API security for robust protection across all assets Define, manage and maintain accurate DR and BCP plans for the infrastructure area with biannual tests. Technical Experience Microsoft Azure Infrastructure design and administration, including topology, Azure networking, services, and component knowledge, Microsoft AD (Entra), Server and SQL experience, O365 administration and design Global Software Patching and estate management via Intune Firewall (Azure, CheckPoint and Cloudflare), DNS, VPN, WIFI and Local Area Network design & administration experience Software Defined Networking (Cisco, Meraki, Versa) Key Skills Microsoft 365 & Azure: Strong experience managing Microsoft 365 (Exchange, SharePoint, Teams), Azure cloud infrastructure, and security tools such as Microsoft Defender and Sentinel. Security & Compliance: Deep knowledge of security frameworks (ISO 27001, NIST, CIS), compliance requirements (GDPR, SOC2), and risk management best practices. Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). Threat Management & Incident Response: Ability to detect, respond to, and mitigate cyber threats using SIEM, endpoint security, and vulnerability management tools. Networking & Infrastructure Security: Understanding of firewalls, VPNs, SD-WAN, DNS security, endpoint protection, and cloud security controls. IT Service Management & Automation: Experience implementing ITIL-based service management, automating operational tasks, and optimising service delivery. Operational & Leadership Skills: IT Operations & Service Continuity: Ability to ensure IT systems are highly available, resilient, and fit for purpose, with a strong focus on business continuity and disaster recovery. Supplier & Vendor Management: Experience managing third-party IT vendors, MSPs, and SaaS providers, ensuring service levels, performance, and cost-effectiveness. Project Leadership & Change Management: Ability to lead technology projects, system upgrades, and platform migrations, ensuring smooth execution and minimal business disruption. Process Improvement & Automation: Strong analytical mindset to identify inefficiencies, automate workflows, and enhance security controls. Skills & Mindset: Problem-Solving & Decision-Making: Capable of making informed decisions and resolving complex IT issues in a fast-paced environment. Stakeholder Engagement: Ability to communicate effectively with technical and non-technical stakeholders, including senior leadership and business users. Resilience & Adaptability: Comfortable working in an evolving technology landscape, with a proactive and security-first approach. The Client is a financial organisation based in the City of London. This is a hybrid position with 3 days in the office. Must have a Bachelor’s degree in IT or similar. The salary for this role will be in the range £85K - £95K plus Benefits. Do send your CV to us in Word format along with your salary and notice period.