Address
Form of work
SalaryJob Introduction
Carpetright and our stable of group flooring brands is on a Technology Transformation journey that will see us build on our strengths and revolutionise what we do, and how we do it. We’re using the latest technology and building a team of Technology experts who can help us fast forward our mission.
THE OPPORTUNITY: Information Security Manager, based in Purfleet, Essex – Hybrid
PURPOSE OF THE OPPORTUNITY:
This is a brand new and exciting opportunity to join our fantastic IT Infrastructure team here at Carpetright. We’re looking for someone with the relevant experience, who’s willing to roll their sleeves up and take the reins to define, implement and maintain Information Security policies, standards, solutions, and processes based on industry standard best practices for Carpetright and the Nestware group of brands.
You’ll take a proactive approach to manage and assist in the delivery, change and maintenance of secure systems and implement proportionate controls by working with Product, Development, Change, Risk, IT teams and 3rd party vendors.
This is a ‘hands-on’ role to provide advice and guidance to enable the technical teams to make security decisions, ensuring the effective use of common tools and patterns across Carpetright and the wider Nestware group.
A LITTLE MORE DETAIL ABOUT THE OPPORTUNITY:
- You’ll lead on compliance reviews, certifications and accreditations, and be responsible for ensuring successful achievement of external certifications such as PCI-DSS.
- You will develop a complete set of corporate Information Security policies and standards and continually monitoring the Information Security controls, KRIs/KPIs and technical landscape.
- It will be up to you to ensure Cybersecurity is on the organisational radar and stays there.
- Implement effective and appropriate controls and measures to protect systems and data, including implementing an ISO 27001 framework
- Identify, communicate, and manage current and emerging security threats with relevant stakeholders.
- You will design, develop and maintain an effective cyber/security incident management response plan.
- Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
- You’ll be working with our Managed Security Service Provider (MSSP) to conduct and review regular security assessments (Pen tests, Vulnerability scans etc) of vendors and solutions (SaaS, IaaS providers and MSSP).
ESSENTIAL THINGS ABOUT YOU AND YOUR EXPERIENCE:
- You will have a comprehensive understanding of Information Security Frameworks (e.g., ISO 27001, NIST CSF, GovS 007 and Cyber Essentials) and UK and UK Data Protection Act 2018 including GDPR.
- You will be experienced in monitoring and reporting on compliance with security and data protection policies, as well as the enforcement of policies.
- Expert working knowledge of Security Architecture and potential security issues related to them PaaS, IaaS, SaaS and understanding of IAM, and Data Loss Prevention in a Microsoft Azure environment.
- You’ll have excellent knowledge of security technologies such as IDS/IPS, vulnerability testing and Firewalls.
- You’ll have extensive experience of effective cybersecurity management, including incident management and evidence gathering; change management and participating in change and emergency change boards; conducting risk assessments; undertaking cyber security reviews; developing and communicating policy changes and providing guidance and advice to end users
- Importantly, you’ll be adept at building great internal and external relationships with a focus on brilliant customer service
- You’ll be a proactive, collaborative self-starter with the ability to influence and prioritise effectively
Carpetright and our stable of group flooring brands is on a significant technology journey, and this role will play a crucial part in contributing to the successful navigation of change. If you’re interested in joining a high performing team where you’ll have the opportunity to learn and grow, have access to the latest products and releases, then we’d love to hear from you!
