Information Security Risk Manager

Department:  IT
City:  Leeds
Location:  GB

INTRODUCTION

At Burberry, we believe creativity opens spaces. Our purpose is to unlock the power of imagination to push boundaries and open new possibilities for our people, our customers and our communities. This is the core belief that has guided Burberry since it was founded in 1856 and is central to how we operate as a company today.  

We aim to provide an environment for creative minds from different backgrounds to thrive, bringing a wide range of skills and experiences to everything we do. As a purposeful, values-driven brand, we are committed to being a force for good in the world as well, creating the next generation of sustainable luxury for customers, driving industry change and championing our communities.

JOB PURPOSE

The Information Security Risk Manager has a global remit and is an integral member of the Information Security team. The Information Security Risk Manager will conduct cyber security risk assessments to inform the cyber security strategy, influence investment into cyber security improvements through risk analysis, and provide a foundation for security control for projects.

The Information Security Risk Manager will drive the delivery of the core Information Security risk services, and take day-to-day responsibility for the team activities, ranging from 3rd Party Supplier security assessments, cyber risk reviews, and input to the annual Information Security Risk Assessment report.

This role can be based from either of our Leeds or London offices with flexible hybrid style of working.

Life At Burberry

We believe creativity opens spaces. Our purpose is to unlock the power of imagination to push boundaries and open new possibilities for our people, our customers, and our communities. Grounded in our heritage and culture, it underpins the choices we make for Burberry today and informs our long-term goals.

At Burberry, we have always sought to build a culture that is open and inclusive, where all perspectives are valued, and our 10,000 colleagues representing 120 nationalities across 34 countries can find a real sense of belonging. We are focused on attracting and retaining a broad range of the best talent, supporting our core belief that diversity of thought, experience, and voices opens spaces for new ideas to thrive, fuelling creativity and enabling us to truly fulfil our purpose.

From blazing a trail with innovative technology and designing beautiful retail stores, to recruiting the best talent that helps to nourish and bring our creative ideas to life, our business areas work together to redefine the future of luxury fashion.

RESPONSIBILITIES

  • Managing team plans, overseeing activities of Security Risk Analysts and able to manage 3rd party security vendors, playing a key part in the procurement process.
  • Identifying and evaluating cyber risks and developing relevant methods for remediation
  • Maintaining the risk register whilst having the ability to clearly and concisely articulate risks to key stakeholders (technical and non-technical), and ability to prepare Board and Executive level materials.
  • Performing Information Security Governance activities including, but not limited to, conducting BAU cyber Risk Assessments, authoring information security policies and standards, supporting contract reviews, driving compliance around Third Party Security due diligence activities.
  • Driving a culture change of understanding and awareness around cyber security risks throughout IT and the business.

PERSONAL PROFILE

The candidate must successfully engage key stakeholders, and as such excellent communication, stakeholder management and relationship management skills are required, as is a very broad knowledge of information and cyber security, including all aspects of technical security, cyber risk management and security best practices, standards, policy and governance.

Critical to success in this position is an ability to grasp complex technical processes/challenges and using entrepreneurial thinking to create solutions that are pragmatic.

In addition the candidate should have the following skills:

· Proven manager with the experience of mentoring and developing teams

· Previous experience of embedding cyber security requirements into contracts and projects

· Ability to manage conflicting priorities and multiple tasks

· Experience of authoring cyber risk reports, suitable for Executives and Board level members

 

QUALIFICATIONS

· Relevant work experience in the field of cyber security and risk management

· Professional qualifications in Information Security and Risk, e.g. Certified Information Systems Security Professional (CISSP), ISO27001 Lead Auditor / Implementor, or Certified in Risk and Information Systems Control (CRISC)

FOOTER

Burberry is an Equal Opportunities Employer and as such, treats all applications equally and recruits purely on the basis of skills and experience.

#LI-HQ1

Posting Notes: United Kingdom || Not Applicable || Leeds || IT || INFORMATION SECURITY || n/a ||


Job Segment: Information Security, Information Technology, IT Manager, Relationship Manager, Information Systems, Technology, Customer Service