Information Security Manager - Retail
We are looking for an experienced Information Security Manager who will be responsible for to defining, influencing and owning the security control landscape. While this role will predominantly be focussed on management of risk and control, there will be occasional requirement to support the organisation technically in the achievement of the control objectives. This is a great opportunity to join a leading UK retailer.
- You will have a technical background in either, infrastructure, applications or EUC including hands on experience and expertise in these area(s).
- ISC2 CISSP, CISA or CISM qualification or the equivalent proven experience.
- Knowledge of security frameworks such as PCI-DSS, ISO27001, CIS CCFv7, NIST, and will have experience in the delivery and/or management of at least one of them.
- Knowledge and experience of cloud platforms such as Microsoft 365, Azure, AWS & G-Suite and the associated security models available.
- Experience working with and managing the deliverables from third party specialists within the cyber industry such as service providers in the Penetration testing industry.
- Able to manage multiple stakeholders at different levels of the organisation often with conflicting priorities.
- The identification and alignment with relevant legislative and regulatory frameworks applicable to the organisations operating models and territories.
- Interfacing with management across the organisation to understand their technology and business process requirements in order to ensure that adequate security is developed and maintained.
- The identification and management of new risks based on the ever-changing external threat landscape and their appropriate allocation of ownership within the organisation.
- The management of the organisation's information assets and alignment with appropriate data protection frameworks such as GDPR/DPOv2.
- The ongoing reporting and KPI development for Information security in order to report its effectiveness within the organisation to the management team.
- The review of technology & service proposals from the business to ensure that they do not compromise the existing security model and have adequate security built in.
- The management of the annual Threat and Vulnerability management programme for the organisation.
- The management of the ongoing Security Awareness and Cultural engagement programme for the organisation.
- Managing third party security specialists from partners / vendors to aid in the delivery of the overall security programme and its objectives.
- Management of the security exceptions process, associated risks and violations.
- Supporting the daily operations and running of the technical teams through advice and information relevant to the business from the external security threat landscape.
- Management of information security incidents and the associated business impacts.
- Management of the ongoing Security Monitoring and Alerting programme.
- Management of the day to day security controls within the estate such as those protecting EUC, Servers, Infrastructure and other aspects of the Organisations attack surface.
- To undertake other reasonable duties as required by the management team.
- Retail industry experience
If you feel your skill set matches the above requirements, please send your CV through or contact Chris on firstname.lastname@example.org.
Handle actively welcomes applicants from under-represented backgrounds
PLEASE NOTE: Due to the high volume of applications we receive we are unable to respond to everyone. If you have not heard from us within 5 working days of sending your CV then unfortunately you have not been shortlisted for the position you have applied for.