Head of Information Security
London, England, United Kingdom
Job Title: Head of Information Security
Line Manager: Head of Technology
Location: London (Old Street)
Contract Type: Full Time, Permanent
Travel Required: Visits to European offices, warehouses and showrooms from time to time
Type: Hybrid (50:50 office:remote)
Who we are
At MADE.com we believe that everyone should have access to great design. So, we’ve taken a unique approach to making and selling furniture - no middlemen, no agents or importers. Instead we work directly with designers and manufacturers so we can offer high-end furniture and homewares at a fair price. It’s not an easy task – it takes a creative and dedicated team to make it happen where everyone has an important part to play.
What you'll be doing
As the Head of Information Security, you will join an innovative and experienced Technology team at MADE.COM. You will be working within the Technology & Security Services team, managing your team while closely working with Corporate IT, Engineering, Legal, and Finance teams as well as interacting with stakeholders across the business. By applying your experience and organisational skills you will bring best practice and rigour to our Information Security, Governance, Risk and Compliance programmes.
This is a fantastic opportunity to influence the security posture of a growing company with access to cutting edge technical tooling and systems.
Initial areas of responsibility will include
- Extend, augment, and monitor MADE.com’s Information Security Management System (ISMS).
- Manage an established team of security professionals delivering security services and consultancy.
- Partner with business stakeholders across the company to raise awareness of risk management concerns.
- Manage Risk and Asset management processes, Corrective Action Plans, and reporting overall ISMS performance against agreed metrics to senior management.
- Work directly with MADE.com’s business units to facilitate risk assessment and risk management processes.
- Develop and review MADE.com's threat models and manage changes to the business to counter exploitation.
- Deliver and augment our existing security awareness training programme for internal staff and support the on-going Security and Privacy education needs of the business.
- Take ownership for on-going compliance programmes, such as continued compliance to the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI/DSS), and our internal security controls.
- Act and as a member of a group of incident managers, measure the effectiveness of the incident management process and adapt the policies and produces accordingly.
- Assist with process improvement, data capture and output review during company responses to Data Subject Access Requests.
- Further develop and maintain our security policies and procedures to effectively address an evolving threat landscape.
- Take responsibility for the continuous monitoring and auditing of our corporate and production systems for vulnerabilities and non-conformities.
- Manage the company Asset Register, including working with stakeholders across the business, to ensure new assets are captured and periodic reviews are taking place.
- Manage third party audits of the MADE.com supplier and partnership ecosystem.
- Act as a subject matter expert within MADE.com to help guide and consult stakeholders to ensure continuous security maturity and improvement of our security posture.
- Leading an information security function within a tech first high growth organisation.
- Mentoring and fostering security professionals.
- Being part of a well established and business-valued security function.
- Extend your skillset and expand our usage of cutting-edge cyber security systems.
- Scope to grow the role as the company grows further internationally.
- Help us build internal tools and systems in a fresh new direction to support security management.
- Influence senior staff including the Executive and Board members.
What you'll need
- Line management experience in a technical or security-orientated role.
- An ability to build relationships and communicate effectively with technical, commercial and customer stakeholders.
- You are well-organised, detail-oriented and able to handle and effectively prioritise multiple tasks under pressure.
- Articulate in both verbal and written communication with the ability to make measured arguments.
- Like us, you're enthusiastic, driven, and motivated by constant improvement.
- Extensive proven experience in a Security position within a cyber-threat environment.
- IT security technologies experience (vulnerability management, security information and event management, intrusion detection, access auditing etc.)
- Experience managing complex projects.
- Experience of working within a PCI-DSS environment.
- Experience of the GDPR and overseeing a privacy management process.
- Desirable qualifications include ISO27001 Auditor/implementer, CISM, CISSP, ITIL.
- Experience with the AWS and/or Azure ecosystem would be a benefit but is not essential.
- Experience of Crowdstrike and Darktrace, or similar technologies covering endpoint and network monitoring.
- Experience of Atlassian's platform or similar to assist in the management of workflows.
- Knowledge or willingness to learn scripting languages to automate security oriented tasks.
- Supporting your team members in researching new possibilities of automating and leveraging technologies to assist the security function.
What we offer
- Great opportunities to make the role your own and get involved with exciting projects in a fast-paced, creative and fun office environment.
- We’re proud of our diverse, supportive company and culture. Our very own in-house Culture Club plans a variety of activities from our annual parties, Friday drinks, social events and more.
- Temptingly good employee discounts on MADE.com (30% for you and 15% for your family & friends).
- 25 days holiday per year (on top of bank holidays), plus an extra holiday day for every year, served up to a ceiling of 30 days.
- We know that flexibility is important. Our Everyday Flex policy enables you to determine your start and finish times, and we’re open to discussing other flexible working arrangements too.
- Free, unlimited access to over 13,000 eLearning courses to support your development.
- We believe it’s important to give back, so we give you one paid day off each year to get involved in any community or charity volunteering activity of your choice.
- Excellent employee benefits including private healthcare (with discounted gym membership), pension, life insurance, eyecare vouchers, cycle to work scheme and season ticket loan to name but a few.
Up your street? Apply for the opportunity to join our growing team!
MADE is committed to creating a diverse and inclusive work environment, where all of our employees have equal access to opportunities and everyone’s voices are heard. We respect and value all differences (seen and unseen) and encourage applications from all backgrounds, which will be considered regardless of race, colour, religion or belief, gender expression, sexual orientation, national origin, pregnancy and maternity, disability or age.
Other jobs like this
Head of Security Operations & ResponseAutomation AWS CompTIA EDR Exploits Finance Incident response Intrusion detection Malware Monitoring +10
Career development Health care Startup environment
Information Security LeadCISM CISSP Finance Governance Incident response Monitoring NIST Privacy Risk management SOC2 +1
Career development Competitive pay Flex hours Health care Medical leave +2
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Staff Security Engineer jobs
- Open Head of Information Security jobs
- Open Lead Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Cloud Security Operations Lead jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Open Source-related jobs
- Open Threat detection-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open Machine Learning-related jobs
- Open DevSecOps-related jobs