Manager leading project management for large engagements at a top - ranked CPA and advisory firm. Focused on compliance automation and fostering client relationships.
About the role
- Define, implement, and evolve River Island’s information security strategy in line with business objectives, regulatory obligations, and risk appetite.
- Lead the development and maintenance of Information Security policies, standards, and controls, ensuring alignment with frameworks such as ISO 27001, NIST CSF, and the SANS Top 18.
- Define and report security KPIs/KRIs to senior management representing risk posture, compliance status, and strategic improvement initiatives.
- Own and manage the Information Security Risk Register; ensure risks are assessed, documented, and mitigated effectively.
- Lead compliance efforts across GDPR, PCI DSS, and other applicable regulations.
- Conduct and coordinate enterprise-wide risk assessments, audits, and internal reviews.
- Champion a pragmatic, risk-based approach to security — balancing protection, productivity, and customer experience.
- Oversee operational security activities, including threat detection, vulnerability management, and incident response.
- Coordinate penetration testing, red-teaming, and vulnerability remediation across applications, infrastructure, and cloud environments.
- Develop and maintain incident response playbooks and lead investigations where required.
- Embed secure-by-design principles and DevSecOps practices across engineering and delivery teams.
- Partner with Legal and the DPO on DPIAs, data transfer assessments and privacy-by-design.
- Oversee third-party risk management, including supplier due diligence, onboarding, and continuous monitoring.
- Support client assurance and audit activities, providing evidence of River Island’s security posture.
- Drive ongoing maturity of the security function through measurable improvement plans, tooling optimisation, and process automation.
- Mentor and develop members of the Information Security team.
Requirements
- Proven experience in a senior information security role, ideally within a complex, multi-channel retail or technology environment.
- Strong technical grounding across key security domains: network, cloud, endpoint, application, and data security.
- Experience managing or working with vulnerability management tools, SIEM/SOC environments, and incident response processes.
- Familiarity with frameworks and standards such as ISO 27001, NIST, CIS, PCI DSS, and GDPR.
- Excellent communication and stakeholder management skills, with the ability to influence at all levels of the organisation.
- Analytical, pragmatic, and calm under pressure — with a focus on enabling the business, not blocking it.
- Security certifications such as CISSP, CISM, or equivalent (desirable).
- Experience in retail, eCommerce, or cloud transformation programs (desirable).
- Understanding of emerging technologies (AI, machine learning, cloud-native architectures) and associated security considerations (desirable).
Benefits
- Generous 50% staff discount so you can treat yourself to the latest products, and a bargain staff shop on site!
- Reducing Islanders everyday expenses through discounts, benefits, financial advice, wellbeing solutions and more through Reward Gateway!
- A free onsite gym, subsidised restaurant & café to fill you needs. Various social events to socialise throughout the year.
- Every family is unique, we support Islanders with all different family setups enhanced maternity, paternity, adoption & fertility treatment. We also work closely with the Retail Trust to create dedicated support for all our Islanders!
- Flexible working is a given, on top of payday and summer early finish Fridays.
- Give as you earn scheme, a ‘Giver Island’ day each year and receive matched funding.
- Support with upskilling through on the job training and qualifications. A succession plan if you want to progress.
- A generous bonus scheme & private pension plan.
- The choice to opt in for healthcare through our provider AXA.
- An allowance supporting your commute to work.
- 25 days paid holiday, exclusive of Bank Holidays. With the added option to purchase additional holiday twice a year for whatever the need!
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
PS
Precision SolutionsCyber Security SME
Cyber Security SME ensuring the security and compliance of enterprise cloud applications. Collaborating across teams to achieve and maintain security authorization requirements.
HB
Huntington National BankSenior Segment Risk Manager – Cybersecurity
Segment Risk Manager supporting the Cybersecurity segment with risk management and governance. Collaborating on risk assessments and providing advisory on standards and practices.
Penetration Testing Coordination Leader managing pre - testing activities and pipelines. Mentoring teams and ensuring timely execution of penetration tests in financial services context.
SG
Schönbrunn TASC GmbHSales Representative – IT Security Consulting Services
Sales Representative responsible for B2B IT - Security Consulting services. Focused on active sales, relationship management, and new business opportunities in cybersecurity.
SG
Schönbrunn TASC GmbHHead of Cybersecurity Consulting
Leading Cybersecurity Consulting initiatives and teams to drive client security strategies at Schönbrunn TASC GmbH. Ensuring the development of secure digital solutions and fostering client relationships.
SE
SemperisSecurity Engineer
Security Engineer focusing on detection and response and collaborating with teams to secure infrastructure at Semperis. Building security monitoring solutions and contributing to risk management.
GC
Garmin ClujTeam Leader – Cybersecurity Engineering
Team Leader for Cybersecurity Engineering at Garmin leading a multidisciplinary team focused on Endpoint, Perimeter, and Cloud Security.
EL
ELEKS is looking for a Solution Business Analyst in Poland. Involved in cybersecurity projects, transforming business needs into effective solutions.
HI
IT Engineer managing network and security infrastructures for industrial clients. Focused on proactive development and troubleshooting in a collaborative team environment.