We are hiring a Head of Information Security to lead our cyber security team, create and deliver a security roadmap, deliver training and encourage continuous improvement across the business. This is a chance to support and grow the capability of our cyber security team, to help them ensure that we are meeting compliance standards, gathering threat intelligence and protecting the business from any attacks.
The ideal candidate must have experience in a lead or managerial role in cyber security in a retail environment. They would have coached and mentored teams to be resilient and ensure that security is at the heart of everything that we do. They will be hands-on and good at managing direct reports and 3rd parties. They will be experienced of working with development, infrastructure and data teams to implement security practices and governance early in the process. They will have a clear understanding in the importance of the DPO role and ensure that GDPR rules are being adhered to.
They will have worked with external suppliers to co-ordinate security testing and to ensure that systems are updated and patched against known vulnerabilities. They will have a strong understanding and several years experience of a SIEM and must have worked with an external SOC team before.
They will manage a risk register and report on the actions taken to mitigate and remove risks from the business.
We have been going through a digital transformation, changing how we deliver value to our business. A big part of this change is fostering a culture of trust, collaboration, open, honest and inclusive behaviour, enabling psychology safety and creating a place for teams to do their best work and have fun.
With us, you will have the opportunity to influence our decisions, help define standards across the teams and contribute to a healthy and happy working environment.
Within your current role, you are someone who can bring people and teams together to focus on problems. You guide teams to the right decisions based on your past experiences. You will have great organisational and planning skills and an ability to make all work visible to the business and key stakeholders. Your teams see you as a leader, coach and mentor. Always there to help, support and encourage ideas along with ensuing no-one is left behind on the journey.
You will be very analytical in your approach to ensure that all risks are uncovered, and all tasks are planned and delivered to the business. You will have built relationships with suppliers to help deliver a security roadmap.
Should an incident occur, you will be the person to take ownership of the situation, capture actions and timelines, create action plans and manage the communication within the business and any external parties such as ICO.
You will have a broad experience in IT including infrastructure, support, data, QA and development. You will ideally be certified against security and IT frameworks such as ISO27001, NIST, CSF or ITIL.
You have vast experience of working with stakeholders from various levels of a business to ensure there is a shared understanding of the why, what, when and how. You are happy to lead retrospectives across the department and even with 3rd party suppliers to ensure any lessons learnt are shared across all functions.
You support those around you, you are constantly learning and work in a kind, considerate and collaborative manner with a keen interest in new ways of working.
We are offering up to £60,000 for the right person, which we assess based on your own experiences, technical skills and against the principles of our department and our ways of working.
We recognise and value the importance of diversity to help make sure we have lots of different perspectives when we are building products and services. We know that this will help us build useful and accessible things which our customers will love. This is great news for our business. Diversity for us is also, importantly, about building happy teams full of people that want to learn and want to be inspired by each other and our different experiences.
With the COVID-19 situation our teams are all working remotely, adjusting to this new way of working as best we can - and as such we'll help make the interview process as clear and stress-free as possible, giving you the same opportunity as if we were meeting face to face.
We review applications on an individual basis, and if we feel you would be a good fit we'll invite you to meet with the leadership team for an informal chat about the role, and to see if we are a good fit for you.
The interview process will be a review of your suitability, a phone call with our internal recruitment team, a face to face interview with senior members of the tech team and a short presentation based around a typical challenge faced in cyber security.