Senior Security Researcher analyzing and mitigating complex web threats. Leading automation of security research workflows with AI at Menlo Security.
About the role
- Head of Information Security managing security operations and compliance at River Island. Partnering with cross-functional teams to embed security across business operations.
Responsibilities
- Define, implement, and evolve River Island’s information security strategy in line with business objectives, regulatory obligations, and risk appetite.
- Lead the development and maintenance of Information Security policies, standards, and controls, ensuring alignment with frameworks such as ISO 27001, NIST CSF, and the SANS Top 18.
- Define and report security KPIs/KRIs to senior management representing risk posture, compliance status, and strategic improvement initiatives.
- Own and manage the Information Security Risk Register; ensure risks are assessed, documented, and mitigated effectively.
- Lead compliance efforts across GDPR, PCI DSS, and other applicable regulations.
- Conduct and coordinate enterprise-wide risk assessments, audits, and internal reviews.
- Champion a pragmatic, risk-based approach to security — balancing protection, productivity, and customer experience.
- Oversee operational security activities, including threat detection, vulnerability management, and incident response.
- Coordinate penetration testing, red-teaming, and vulnerability remediation across applications, infrastructure, and cloud environments.
- Develop and maintain incident response playbooks and lead investigations where required.
- Embed secure-by-design principles and DevSecOps practices across engineering and delivery teams.
- Partner with Legal and the DPO on DPIAs, data transfer assessments and privacy-by-design.
- Oversee third-party risk management, including supplier due diligence, onboarding, and continuous monitoring.
- Support client assurance and audit activities, providing evidence of River Island’s security posture.
- Drive ongoing maturity of the security function through measurable improvement plans, tooling optimisation, and process automation.
- Mentor and develop members of the Information Security team.
Requirements
- Proven experience in a senior information security role, ideally within a complex, multi-channel retail or technology environment.
- Strong technical grounding across key security domains: network, cloud, endpoint, application, and data security.
- Experience managing or working with vulnerability management tools, SIEM/SOC environments, and incident response processes.
- Familiarity with frameworks and standards such as ISO 27001, NIST, CIS, PCI DSS, and GDPR.
- Excellent communication and stakeholder management skills, with the ability to influence at all levels of the organisation.
- Analytical, pragmatic, and calm under pressure — with a focus on enabling the business, not blocking it.
- Security certifications such as CISSP, CISM, or equivalent (desirable).
- Experience in retail, eCommerce, or cloud transformation programs (desirable).
- Understanding of emerging technologies (AI, machine learning, cloud-native architectures) and associated security considerations (desirable).
Benefits
- Generous 50% staff discount so you can treat yourself to the latest products, and a bargain staff shop on site!
- Reducing Islanders everyday expenses through discounts, benefits, financial advice, wellbeing solutions and more through Reward Gateway!
- A free onsite gym, subsidised restaurant & café to fill you needs. Various social events to socialise throughout the year.
- Every family is unique, we support Islanders with all different family setups enhanced maternity, paternity, adoption & fertility treatment. We also work closely with the Retail Trust to create dedicated support for all our Islanders!
- Flexible working is a given, on top of payday and summer early finish Fridays.
- Give as you earn scheme, a ‘Giver Island’ day each year and receive matched funding.
- Support with upskilling through on the job training and qualifications. A succession plan if you want to progress.
- A generous bonus scheme & private pension plan.
- The choice to opt in for healthcare through our provider AXA.
- An allowance supporting your commute to work.
- 25 days paid holiday, exclusive of Bank Holidays. With the added option to purchase additional holiday twice a year for whatever the need!
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cybersecurity Governance expert managing cybersecurity efforts for international logistics and services company. Enhancing frameworks, reporting, and conducting gap analyses and pen tests.
Head of IT Infrastructure and Security managing strategy and operations for banking IT service. Leading expert teams in IT security, infrastructure, and modernization with a focus on high availability.
Activity Security Representative providing multi - disciplined security support for Collateral and Special Access Programs. Responsibilities include document control, inbound and outbound mail processing, and personnel security maintenance.
Cybersecurity Advisor supporting Rapid7’s Managed Services and improving customer security posture. Engaging with clients to provide incident response and advisory relationships while leveraging technical knowledge.
Senior Cybersecurity Incident Responder leading response efforts to complex attacks globally for TransUnion. Collaborating with teams responsible for incident response in cloud and other environments.
Application Security Specialist at Vanguard plays a pivotal role in securing software development lifecycle. Develop strategies for technology security, ensure compliance, and maintain security tools in CI/CD pipeline.
Manager of Security Engineering leading teams focused on SIEM solutions for cybersecurity. Overseeing data pipelines and fostering an inclusive engineering culture at Vanguard.
Sales Manager for IT Security Solutions & Managed Services in B2B sector. Responsible for customer acquisition and relationship management.
Cybersecurity Program Manager driving enterprise - wide security programs for healthcare payments company. Collaborating with cross - functional teams to execute cybersecurity strategy and mitigate risk.