Senior IT Security Design Manager

INTRODUCTION

Founded in 1856, Burberry today remains quintessentially British, with outerwear at its core.  Digital luxury positioning and intensive focus on design innovation, quality and heritage icons ensure continued brand purity and relevance globally across genders and generations. Burberry believes that in order to be a great brand it must also be a great company and constantly leverages the energy of its compassionate and creative thinking culture to continually innovate and drive the brand forward. Headquartered in London, Burberry is a design, marketing and retail led business with a global reputation for innovative product design, digital marketing initiatives and dynamic retail strategies.

JOB PURPOSE

Lead the Security Design function to embed security & privacy requirements into IT and business projects from the outset, ensuring risks are managed effectively and that security & privacy by design is consistently applied.

RESPONSIBILITIES

• Act as the primary point of contact for business stakeholders, ensuring all new projects and initiatives undergo appropriate security assessment and receive pragmatic, risk-based design and solution advice.
• Define, embed, and oversee security & privacy requirements within project methodologies, ensuring alignment with stage-gate processes.
• Provide governance and oversight for high-profile projects, reporting on risks and ensuring adequate controls are implemented.
• Continuously refine and optimise the IT Security Framework to deliver consistent, scalable, and effective security input across projects, services, and solutions.
• Lead and manage a team of Security Design consultants conducting security risk assessments and defining control requirements for projects.
• Manage consultancy resources to align with project delivery demands.
• Collaborate with IT, business, and architecture teams to ensure a unified and consistent approach to embedding security by design.
• Implement and maintain tools and platforms that support the team’s mission and improve efficiency in security design and governance.

PERSONAL PROFILE

• Industry-recognised qualifications such as CISSP or CISM.
• Broad experience and knowledge of information security processes and technologies across networks, applications, cloud, mobile, and web platforms (including web applications, APIs, and service-oriented architectures).
• Familiarity with agile methodologies and modern development practices.
• Proven experience informing cyber security strategy at an enterprise level.
• Knowledge and practical experience of securing emerging technologies including Artificial Intelligence (AI) and Machine Learning, Cloud-native platforms and architectures.
• Excellent verbal and written communication skills; able to simplify the complex for executive stakeholders with strong influencing skills
• Proven leadership, management, and interpersonal skills with experience leading security-focused teams.
• Strong analytical, organisational, and problem-solving capabilities.
• Demonstrated ability to work independently and deliver to high standards.
• Commercial experience as an IT Security Consultant and/or Manager.

Desirable:

• Experience with industry frameworks and standards such as CIS Controls (CIS20), ISO 27001, NIST CSF, PCI DSS, and global data protection regulations (e.g., GDPR).
• Sector-specific experience (e.g., retail, e-commerce, or digital environments).
• Previous experience in Big 4 or global consulting roles.
• Hands-on experience in Solution Architecture and Enterprise Security.