Information Security Manager

Job title:

Information Security Manager

Company

Sainsbury’s

Job description

Job Description:

In a nutshell

The Information Security Manager is responsible for assessing and managing the security posture of Business Applications and will lead a small team of colleagues. They provide security support and consultancy directly to business functions who are delivering products/projects and change outside of the Technology function.

The role has the following responsibilities:

• Building strong relationships with colleagues across multiple areas, working collaboratively and proactively to ensure security and governance requirements are effectively embedded in all business owned products/projects and programmes.
• Provide end to end engagement on a wide range of Products ensuring that security is built in by design, are delivered securely, and data is protected appropriately.
• Provide Information Security subject matter expertise to business functions & Sainsburys Tech.
• Educate Business Stakeholders to ensure they are aware of formal governance processes to engage with. Escalate where this is not being followed.
• Work closely with the DGIS Business Contracts Manager/team to ensure business owned initiatives follow the correct governance relating to InfoSec contract schedules.
• Work closely with DGIS Supplier Assurance team to ensure business owned initiatives follow the correct assessment processes and support the remediation of any identified supplier risks.

The role will require you to continually drive improvements within the teams, measure and evolve our capability to ensure our services are delivered effectively and in line with Sainsbury’s future ways of working.

What you need to do

• Line management of a small team of colleagues.
• Assuring that security controls are met in conjunction with our Product Assurance Framework through the product lifecycle.
• Articulating risk in technical and non-technical terminology so that it can be interpreted by IT and Business individuals alike.
• Provide clear and concise updates to key stakeholders, escalate issues and take ownership of actions until fully delivered.
• Work closely with Tech and DGIS Product Assurance to ensure they are engaged for any integrations to existing Tech managed products for example Single Sign on.
• Lead on and with facilitating and coordinating penetration testing for business owned products. Ensure tests are scoped and vulnerabilities are remediated in line with SLA. Work with business and external suppliers.
• Track and manage the delivery of actions for example vulnerability mitigation for business owned & managed products.

What you need to know and show

• Demonstrative experience of providing InfoSec consultancy to business teams who are procuring technical solutions such as Cloud SAAS.
• Demonstrative experience in Information Security and/or Information Governance
• Extensive knowledge of good security practice ensuring that all aspects of Confidentiality, Integrity and Availability are adhered to.
• Understanding of Data and Cyber related risks in a complex organisation (including regulatory requirements)
• Experience of people management of small teams including setting team strategy.
• Ability to motivate a small team of individuals to be high performers, celebrate success and help develop areas for improvement.
• Outstanding stakeholder management skills effectively influencing and partnering with peers and leaders across the Group.
• Excellent interpersonal communication skills and able to effectively articulate in both technical and non-technical terms.
• Capable of working independently to resolve problems and escalate when necessary.
• Strong analytical and report writing skills.
• Drive, ambition, and enthusiasm

Qualifications

• CISSP or CISM or equivalent is highly desirable
• Computer Science degree is highly desirable
• Knowledge of NIST and ISO27001

What decisions I can make

• Recruitment of new colleagues
• Day to day decisions around the team management and administration.
• Recommendations to the wider organisation on matters related to data and information security.

Resources available to me

• Two direct reports
• Product Assurance Information Security Manager and the wider Product Assurance Team
• Head of Information Security
• Sainsburys Technology
• Rest of the Information Security and Data Governance Team including:

• Data Protection Officer(s)
• Data Clinic Lead and Manager
• Security Operations and Engineering

Responsibilities:

We’d all like amazing work to do, and real work-life balance. That’s waiting for you at Sainsbury’s. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you’ll realise that ours is a modern software engineering environment because it has to be. We’ve made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech.

Qualifications:

We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new – whether that’s as part of an evolving team or somewhere else across the business – and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we’ll also offer you an amazing range of benefits. Here are some of them:

Starting off with colleague discount, you’ll be able to get 10% off at Sainsbury’s, Argos, TU and Habitat after 4 weeks. This increases to 15% off at Sainsbury’s every Friday and Saturday and 15% off at Argos every pay day. We’ve also got you covered for your future with our pensions scheme and life cover. You’ll also be able to share in our success as you may be eligible for a performance-related bonus of up to 20% of salary, depending on how we perform.

Your wellbeing is important to us too. You’ll receive an annual holiday allowance, and you can buy additional holiday. We also offer other benefits that will help your money go further such as season ticket loans, interest free car loan of up to £10k, cycle to work scheme, health cash plans, pay advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an Employee Assistance Programme, you will also be eligible for private healthcare too.

Moments that matter are as important to us as they are to you which is why we give up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave.

Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).

Expected salary

Location

London

Job date

Wed, 13 Mar 2024 05:32:51 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (tendersglobal.net) you saw this job posting.