Head of Security

Company Description

Tesco Bengaluru: We are a multi-disciplinary team creating a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility, providing cutting-edge technological solutions and empowering our colleagues to do ever more for our customers. With cross-functional expertise in Global Business Services and Retail Technology & Engineering, a wide network of teams and strong governance we reduce complexity thereby offering high quality services for our customers. Tesco Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 4,40,000 colleagues.
Tesco Technology consists of people from a number of different backgrounds, but having a common purpose to serve our shoppers a little better every day with our retail technological solutions. We shared a common interest in harnessing innovations in technology to enhance their shopping experience at Tesco stores. Whether making products, software or systems, our teams focuses on various aspects from taking strategic ownership of the architecture to delivering technological solutions such as design, testing, deployment, infrastructure, operation and security of the systems to ensure agile, smooth and safe operations. These help us to deliver the maximum business impact. Teams refine their internal processes to best fit their own needs, working to build core capabilities in application and services. We collaborate globally across teams to build end-to-end customer-facing solutions, as well as to share knowledge, experience, tools and techniques.
At Tesco, inclusion means that Everyone?s Welcome. Everyone is treated fairly and with respect; by valuing individuality and uniqueness we create a sense of belonging.
Diversity and inclusion have always been at the heart of Tesco. It is embedded in our values: we treat people how they want to be treated. We always want our colleagues to feel they can be themselves at work and we are committed to helping them be at their best.
Across the Tesco group we are building an inclusive workplace, a place to actively celebrate the cultures, personalities and preferences of our colleagues ? who in turn help to build the success of our business and reflect the diversity of the communities we serve.

Job Description

• As the Lead Security Partner, you will build and lead a team of security partners and engineers assigned to Enabling functions domain. You will engage with the tech director and leadership to drive security partnership and all initiatives top-down. You have higher sphere of influence. You understand the threat landscape and the business appetite to make
  the right decisions. You possess the required diversity of experience and the depth of knowledge.
• Developing strong security partnerships for Tesco Technology
  These roles are about transforming the way security is delivered to our technology domains and software engineering teams. As our software and enterprise APIs continue to move to cloud, we have different security challenges, and this role is to help teams navigate that change successfully. The boundary between infrastructure and application has virtually
  disappeared and being secure means supporting through the entire SDLC – from threat modelling during design, to development, then through production and ops.
  The enabling functions comprises of finance, people and property domains offering plethora of internal services for the enterprise. Mostly made of backend services, the teams use Java and other advanced frameworks for development of their micro services on Cloud.

 

• Job accountabilities
  As the lead partner, you will
  • Build a good understanding of the business domain, its strategies, investments, technology diversities and the appetite for risks.
  • Work closely with tech director and leadership to drive security initiatives across the domain and various product verticals.
  • Understand the threat landscape and use them in the context of the business.
  • Develop security acumen and ability to negotiate and challenge.
  • Facilitate prioritization; you help the business make informed decisions.
  • Be the key stakeholder in all exception grant process.
  • Drive adoption/deployment of security capabilities into engineering teams.
  • Develop annual/quarterly roadmaps, plan them with product and engineering functions.
  • Produce insightful metrics at the macro-level on initiatives taken and its effectiveness.
  • Be the advocate to security, take part in strengthening our internal standards and  guidelines.
  • Align overall security activities to the Technology group’s cyber security goals.

 

• As the manager, you will
  • Manage activities for the members of your team and team performance.
  • Develop the internal backlog and aid the team to execute in alignment with engineering teams.
  • Provide guidance and direction whilst challenge the status-quo.3
  • Manage individual performances and play a vital role in their personal development plans.
  • Effectively manage cross-functional collaboration, communications and escalations.
  • Promote team work, value and recognise key contributions regularly.
  • Mentor and lead the team from front.
  • Be the advocate for change and push boundaries.
  Longer-term, the nature of the role also means you are expected to identify new problem spaces, propose solutions and engage across disciplines. In other words, we want you to innovate and will give you the room to do so. If you can think of ways to do security, faster,more accurately, with greater consistency and at scale while minimising friction, you’ll be supported all the way.
• What the role isn’t…
  You won’t be selecting and deploying commercial endpoint solutions, building SOC (Security Operations Centre) or other capabilities. We have engineering and operational teams for all those sorts of things. We have a security architecture framework to work within, but you
  won’t get told how to perform the role, it’s yours to shape in whatever way works best for your product and engineering stakeholders

Qualifications

To excel in this position, we expect you to have the following:
• 15+ years of work experience with a bachelor degree or at least 12 years of work experience
with an master degree in relevant area.
• Work experience in several industry segments; should have delivered security programs
with management and engineering functions.
• Solid experience in many security domains, understand the wider threat landscape and
business risks.
• Solid experience with customer-facing solutions, large enterprise deployments, microservice architecture, distributed computing, REST APIs, integration patterns, modern
application frameworks, container based development and deployments.
• Solid experience with complex Azure and AWS architectures with exposure to managed
Kubernetes, popular PaaS and SaaS services.
• Excellent interpersonal, facilitation, and leadership skills along with effective
communication (both written and verbal) skills.
• Very good understanding of software security, network and infrastructure architecture with
knowledge of security appliances.
• Hands-on experience in implementing security principles, privacy principles, industry
standards such as NIST, ISO27001, CIS, MITRE framework.
• Hands-on experience with developing threat models and attack trees.
• Good understanding of application security and dev(sec)ops, the shift-left culture.
• Some coding experience is always a plus, either with Java, JavaScript, C#, bash, python or
PowerShell.
• One or more certifications such as CISSP, CISM, CISA, CompTIA, and similar is a plus.

Additional Information

Important Notice: 

On behalf of Tesco Bengaluru, we must caution all job seekers and educational institutions that Tesco Bengaluru does not authorise any third parties to release employment offers or conduct recruitment drives via a third party. Hence, beware of inauthentic and fraudulent job offers or recruitment drives from any individuals or websites purporting to represent Tesco. Further, Tesco Bengaluru does not charge any fee or other emoluments for any reason (including without limitation, visa fees) or seek compensation from educational institutions to participate in recruitment events. 

Accordingly, please check the authenticity of any such offers before acting on them and where acted upon, you do so at your own risk. Tesco Bengaluru shall neither be responsible for honouring or making good the promises made by fraudulent third parties, nor for any monetary or any other loss incurred by the aggrieved individual or educational institution. 

In the event that you come across any fraudulent activities in the name of Tesco Bengaluru, please feel free report the incident at recruitment_compliance_india@tesco.com