Head of Information Security

Job Title: Head of Information Security

Department/Group: Technology

Line Manager: Head of Technology

Location: London (Old Street)

Contract Type: Full Time, Permanent

Travel Required: Visits to European offices, warehouses and showrooms from time to time

Type: Hybrid (50:50 office:remote)

Who we are

At MADE.com we believe that everyone should have access to great design. So, we’ve taken a unique approach to making and selling furniture - no middlemen, no agents or importers. Instead we work directly with designers and manufacturers so we can offer high-end furniture and homewares at a fair price. It’s not an easy task – it takes a creative and dedicated team to make it happen where everyone has an important part to play.

What you'll be doing

As the Head of Information Security, you will join an innovative and experienced Technology team at MADE.COM. You will be working within the Technology & Security Services team, managing your team while closely working with Corporate IT, Engineering, Legal, and Finance teams as well as interacting with stakeholders across the business. By applying your experience and organisational skills you will bring best practice and rigour to our Information Security, Governance, Risk and Compliance programmes.

This is a fantastic opportunity to influence the security posture of a growing company with access to cutting edge technical tooling and systems.

Initial areas of responsibility will include

• Extend, augment, and monitor MADE.com’s Information Security Management System (ISMS).
• Manage an established team of security professionals delivering security services and consultancy.
• Partner with business stakeholders across the company to raise awareness of risk management concerns.
• Manage Risk and Asset management processes, Corrective Action Plans, and reporting overall ISMS performance against agreed metrics to senior management.
• Work directly with MADE.com’s business units to facilitate risk assessment and risk management processes.
• Manage the privacy management process providing guidance on Data Processing Agreements with third parties, Data Privacy Policy updates, and data retention policies.
• Develop and review MADE.com's threat models and manage changes to the business to counter exploitation.
• Deliver and augment our existing security awareness training programme for internal staff and support the on-going Security and Privacy education needs of the business.
• Take ownership for on-going compliance programmes, such as continued compliance to the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI/DSS), and our internal security controls.
• Act and as a member of a group of incident managers, measure the effectiveness of the incident management process and adapt the policies and produces accordingly.
• Assist with process improvement, data capture and output review during company responses to Data Subject Access Requests.
• Further develop and maintain our security policies and procedures to effectively address an evolving threat landscape.
• Take responsibility for the continuous monitoring and auditing of our corporate and production systems for vulnerabilities and non-conformities.
• Manage the company Asset Register, including working with stakeholders across the business, to ensure new assets are captured and periodic reviews are taking place.
• Manage third party audits of the MADE.com supplier and partnership ecosystem.
• Act as a subject matter expert within MADE.com to help guide and consult stakeholders to ensure continuous security maturity and improvement of our security posture.
  

Opportunity

• Leading an information security function within a tech first high growth organisation.
• Mentoring and fostering security professionals.
• Being part of a well established and business-valued security function.
• Extend your skillset and expand our usage of cutting-edge cyber security systems.
• Scope to grow the role as the company grows further internationally.
• Help us build internal tools and systems in a fresh new direction to support security management.
• Influence senior staff including the Executive and Board members.

Requirements

What you'll need

• Line management experience in a technical or security-orientated role.
• An ability to build relationships and communicate effectively with technical, commercial and customer stakeholders.
• You are well-organised, detail-oriented and able to handle and effectively prioritise multiple tasks under pressure.
• Articulate in both verbal and written communication with the ability to make measured arguments.
• Like us, you're enthusiastic, driven, and motivated by constant improvement.
• Extensive proven experience in a Security position within a cyber-threat environment.
• IT security technologies experience (vulnerability management, security information and event management, intrusion detection, access auditing etc.)
• Experience managing complex projects.
• Experience of working within a PCI-DSS environment.
• Experience of the GDPR and overseeing a privacy management process.
• Desirable qualifications include ISO27001 Auditor/implementer, CISM, CISSP, ITIL.
• Experience with the AWS and/or Azure ecosystem would be a benefit but is not essential.
• Experience of Crowdstrike and Darktrace, or similar technologies covering endpoint and network monitoring.
• Experience of Atlassian's platform or similar to assist in the management of workflows.
• Knowledge or willingness to learn scripting languages to automate security oriented tasks.
• Supporting your team members in researching new possibilities of automating and leveraging technologies to assist the security function.

Benefits

What we offer

• Great opportunities to make the role your own and get involved with exciting projects in a fast-paced, creative and fun office environment.
• We’re proud of our diverse, supportive company and culture. Our very own in-house Culture Club plans a variety of activities from our annual parties, Friday drinks, social events and more.
• Temptingly good employee discounts on MADE.com (30% for you and 15% for your family & friends).
• 25 days holiday per year (on top of bank holidays), plus an extra holiday day for every year, served up to a ceiling of 30 days.
• We know that flexibility is important. Our Everyday Flex policy enables you to determine your start and finish times, and we’re open to discussing other flexible working arrangements too.
• Free, unlimited access to over 13,000 eLearning courses to support your development.
• We believe it’s important to give back, so we give you one paid day off each year to get involved in any community or charity volunteering activity of your choice.
• Excellent employee benefits including private healthcare (with discounted gym membership), pension, life insurance, eyecare vouchers, cycle to work scheme and season ticket loan to name but a few.

Up your street? Apply for the opportunity to join our growing team!

MADE is committed to creating a diverse and inclusive work environment, where all of our employees have equal access to opportunities and everyone’s voices are heard. We respect and value all differences (seen and unseen) and encourage applications from all backgrounds, which will be considered regardless of race, colour, religion or belief, gender expression, sexual orientation, national origin, pregnancy and maternity, disability or age.