13 Oct
Currys
London
Job description
InfoSec Compliance & Governance Manager
Waterloo - Hybrid
Permanent
Full Time
Grade 5
At Currys we’re united by one passion : to help everyone enjoy amazing technology. As the UK’s best-known retailer of tech, we’re proud of the service our customers receive and it’s all down to our team of 25,000 caring and committed colleagues.
Working as one team, we learn and grow together, celebrating the big and small moments that make every day amazing.
The Security Governance and Compliance Manager will be responsible for the successful delivery of our internal security best practices and regulatory compliance obligations that support the reduction of security risks and improved security maturity across Currys.
Role overview :
As part of this role, you’ll be responsible for :
- Perform assessments across all security processes. Where compliance has been achieved work with stakeholders to ensure that controls continue to be maintained.
- Develop and maintain relationships across Currys to drive the security agenda and stay up to date with developments.
- Support security governance activities across the business. Be able to suggest and work with stakeholders to develop continuous improvement.
- Governance and control is an area of increasing focus within the Currys technology team. This role will be a responsible for driving the governance agenda within InfoSec :
- Perform maturity and capability assessments against NIST and ISO27001 / 2 and effectively presenting these results of these reviews of technology SLT.
- Create business cases for key compliance goals (NIST / ISO / PCI) and support project management of these programmes.
- Document controls that operate across InfoSec,
keeping these updated as capabilities and processes within InfoSec mature and evolve over time.
- Administer the policy and standards exceptions process. Work with SMEs in InfoSec and technology risk functions to link exceptions to risk.
Work with SMEs to ensure that Policies and standards are aligned with hardening standards for various technologies.
Own InfoSec policies and standards, work with SME to update these
The role will require individual to maintain beneficial internal and external relationships when managing one or more work streams across the information security function, ensuring delivery to the agreed scope, quality, time and budget criteria.
They must be proactive in managing associated risks and issues,
whilst actively engaging with business and technical stakeholders across the group.
You will need :
- Extensive knowledge of PCI DSS will be required as a large part of this role will focus on the standard.
- A good working knowledge of ISO27001 and or NIST CSF frameworks. Ability to perform audits and a knowledge of auditing techniques.
- An ability to build relationships and communicate effectively with technical, commercial and customer stakeholders.
- Articulate in both verbal and written communication with the ability to make measured arguments.
- Knowledge of key security technologies including vulnerability management, security information and event management, intrusion detection, access auditing etc.
We know our people are the secret to our success.
That’s why we’re always looking for ways to reward great work. Alongside 30 days of annual leave (including bank holiday entitlement) and a competitive pension scheme (for permanent colleagues), you’ll find a host of benefits designed to work for you. They include :
- Company bonus
- Hybrid Working
- Company Pension
Why join us :
Join our team and we'll be with you every step of the way, helping you develop the career you want with new opportunities, on-going training and skills for life.
Not only can you shape your own future, but you can help take charge of ours too. As the biggest recycler and repairer of tech in the UK, we’re in a position to make a real impact on people and the planet.
▶️ InfoSec Compliance and Governance Manager
🖊️ Currys
📍 London