Search by job title or keyword
Information and Cyber Security Consultant
We’ve been reinventing shopping experiences for over a century. Technology has played a huge part in that, helping us transition from catalogues’ to pureplay online retail, but we’re not the finished article.
As the UK's largest integrated retail and financial services provider, we have a pretty unique position across three huge industries (retail, technology and credit) and our ambition is bold, to build the number one shopping destination for shoppers who value credit anywhere online. But we believe with our passion and track record for reinvention, we can improve how the world pays and shops for the things they love. Think you can help us? Read on...
In this role you will be responsible for the provision of expert advice on the selection, justification, implementation, operation and assurance of group wide information security controls, processes and management strategies to maintain the confidentiality, integrity, availability, and accountability of company assets in line with applicable legislation, regulation and relevant best practice standards.
You'll be in leadership position in relation to Information and Cyber Security matters and works effectively with business functions at all management levels to provide authoritative advice and guidance on the requirements for security controls and best practices.
Here you can help develops methodologies to support agile working practices to enable tribes to comply with confidentiality, integrity and availability requirements and work with our project teams and agile squads to assure best practice and regulatory adherence.
There is Accountable for implementing the security strategy and mitigation activities across the Group, partners and third party suppliers to ensure that Information Security is relevant and cost-effective.
This role impacts on all areas of the Group, including: regulators, customers, employees, third parties and contractors. It involves being responsible for the implementation of new security defences and the operation of existing in accordance with best practices, company policy and regulatory requirements.
In this role you'll interact, influence and provide support and leadership to the following teams:
- Head of Info Sec
- Technology heads
- The wider information security team and associated I.T. departments.
- Group risk team, GLT and Exec as required
- An excellent broad understanding of the Information Security industry and specifically, a solid understanding of UK regulations and compliance.
- Ability to communicate complex information to board level execs and senior management.
- Experience of contributing and improving the Information Security agenda within a corporate organisation
- Good commercial knowledge with the ability to understand and integrate business and security strategies.
- Information Security and /or Information Technology industry qualification strongly preferred (such as CISSP or CISM) or equivalent time served
- Experience of agile methods of working
- Good understanding and experience of threat and risk modelling (STRIDE, DREAD)
- Good understanding and experience of the Secure Software Development Lifecycle
- Knowledge of latest trends, technologies and threats
- Good technical understanding of development and operational platforms including Cloud platforms
Day to day responsibilities:
- Leading, managing and developing Information and Cyber Security consulting functions.
- Staying abreast with Information and Cyber Security issues, and legal and regulatory changes affecting UK financial services.
- Engaging in continuing professional development to maintain professional skills and knowledge essential to the position.
- Reviewing, updating and delivering the group wide Information Security risk framework and maintaining and improving the Information Security policy and associated standards and guidelines
- Protection of the group’s assets (people, physical, informational and IT systems) from identified risk by implementing and gaining assurance on appropriate security controls.
- Ensuring necessary Vulnerability assessment and Penetration testing are carried out.
- Conducting Information Security Risk Assessments on new business applications, IT changes, and group projects, identifies residual risk and recommends appropriate mitigating action.
- Providing an expert point of contact for security champions.
- Ensuring security reviews are conducted on relevant third parties and recommends appropriate mitigating action
- Conducts and reports on IT and Information Security policy assurance activities
- Assists in continuous group wide threat assessments to identify and report on risk appetite position.
- Identifies, tracks and reports IT and Information Security risk and mitigating options.
- Generous and competitive starting salary
- Regular salary reviews and career progression
- Flexible benefits allowance £6,500 (can take a part as salary uplift)
- Bonus up to 20%
- Matched pension at 6%
- 1x Life Assurance / Private Medical
- Brand discount up to 25%
- Cycle to work scheme
- 30 days holiday + bank holidays
- Free on-site parking *subject to post code
- Free on-site gym
- Discounted coffee houses and food outlets
- Flexible working*
How to apply.
If you're interested to find out more please contact Steven Williams in the talent acquisition team at The Very Group or apply online.
If you are an internal candidate looking to refer someone in please follow the referrals process and guidelines
Please note that the talent acquisition team are managing this vacancy directly, and if successful in securing this position, you may be required to undertake a credit, CIFAS and CRB check.
We're an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.