Group Information Security Manager

About Us

Having started in 2006 with just three team members, we've evolved into a multi-brand, ecommerce giant with offices worldwide and a passionate team of over 4,000. In the past year alone, we've achieved remarkable milestones including automating our Sheffield distribution centre, launching our US warehouse, and initiating our tech re-platforming.

In Tech, we’re proud to support every function. We’re a digital-first company that is totally cloud native. We embrace change and future-proof the business, delivering critical customer facing and internal stakeholder facing systems. Everything from colleague tech to frontend websites and apps, buying and merchandising tooling, and all that’s in-between, we take care of it. Our ideas support and drive the Group’s agenda.

The Role

As the Group Information Security Manager at boohoo group, you will play a crucial role in ensuring the security and integrity of our systems, infrastructure, and data. You will join the biggest online fashion retailer in the industry, where you will have the opportunity to contribute to our success story and be part of a vibrant and fast-paced work environment. At boohoo group, we value creativity, innovation, and teamwork, and we believe in providing endless opportunities for our employees to grow and excel.

In this role, you will be responsible for developing, implementing, and managing comprehensive security strategies, policies, and procedures to ensure the confidentiality, integrity, and availability of our information assets. Working collaboratively with cross-functional teams, you will implement best practices to identify and mitigate security risks. You will have the opportunity to work on diverse projects and collaborate with talented professionals across the organization. This role offers a rewarding and fulfilling opportunity for individuals who are passionate about information security and thrive in a dynamic, ever-changing environment.

Your Team

Your peer group are a range of driven and dynamic individuals who see security as important as their own domains. In addition, your team are a passionate set of individuals, keen to continue to grow and improve the security posture of the Group. You will have a team of Cyber Security Analysts and GRC Analyst helping deliver the Cyber Security Strategy.

Responsibilities

• Acting as the operational lead for Information Security, including Security Operations, Threat and Vulnerability Management, and GRC functions.
• Establishing and maintaining effective security policies, standards, and procedures.
• Developing and overseeing the threat and vulnerability management program, including threat hunting, penetration testing, and remediation activities.
• Developing and executing cyber incident response plans to improve the handling and mitigation of security incidents.
• Conducting regular risk assessments to identify vulnerabilities and threats and developing strategies to mitigate them.
• Horizon scanning to monitor emerging risks, changes to regulations, standards, and best practices.
• Collaborating with senior leadership to align security initiatives with business objectives and priorities.
• Managing budgetary requirements and forecasting, including stakeholder and vendor relationships.
• Developing and delivering information security awareness and training programs to educate employees about security policies, procedures, and best practices.
• Promoting a culture of security awareness and accountability throughout the organisation.
• Providing guidance and expertise in designing, developing, and implementing secure architectures and solutions.
• Reviewing and evaluating proposed IT projects and systems to ensure compliance with security requirements and best practices.
• Assessing the security posture of third-party vendors and service providers to identify and mitigate potential security risks.
• Establishing and maintaining security requirements and standards for third-party contracts and agreements.

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field.  Advanced degree or professional certifications (e.g., CISSP, CISM, CISA) preferred.
• Proven experience of working in information security, and experience in a managerial or leadership role.
• Experience in leading a team of security professionals, providing guidance, mentoring and cultivating their development.
• Strong knowledge of information security principles, standards, and best practices, including a thorough understanding of OWASP 10 for Web App and API security.
• Experience with security risk management, incident response, and security awareness training.
• Hands-on experience with security technologies, such as firewalls, intrusion detection/prevention systems, SIEM, and endpoint security solutions.
• Excellent communication, leadership, and interpersonal skills.
• Ability to work effectively in a fast-paced, dynamic environment and collaborate with cross-functional teams.
• Ability to coordinate and lead security audits, assessments, and compliance reviews.
• Demonstrable technical ability in web application, network, and cloud security.
• Knowledge of regulatory requirements such as UK GDPR and PCI DSS.
• Expert understanding of Secure by Design, Shift Left, and the CI/CD Pipeline.

Benefits

We offer them some amazing benefits:

• 25 days holiday
• Free on-site gym with daily classes (due to current restrictions, live PT sessions)
• Discretionary Bonus Scheme
• Company shares schemes - including a ' Save As You Earn' scheme
• Up to 40% staff discount (including PLT, Boohoo, Boohoo MAN, Nasty Gal, Coast, Warehouse, Misspap)
• Social events (including pay day drinks, Employee Appreciation Day etc.)
• Salary sacrifice pension scheme with employer contribution
• Flexible working hours
• Cycle to work scheme
• Childcare support through the Government
• Health cash plan
• Personal development opportunities to learn and grow at work

#LI-GS1 #LI-ONSITE