next - Leicester, Leicestershire, United Kingdom | 2024-07-26 23:34:41

The Information Security Team plays a key role in protecting all aspects of Next`s IT and data assets. From our 15,000 IT enabled users to our £4.9 billion revenues from our eCommerce and retail stores, we are tasked with ensuring our systems, employees and customers are protected from all forms of cyber threat.

The Information Security GRC Manager is responsible for the Governance, Risk & Culture (GRC) team within Information Security.  Reporting into the Head of Information Security, this role will involve the day-to-day running of the GRC team, developing and advising on the implementation of security policies, and working closely with the Head of Information Security to create an agile, threat lead Cyber Security culture.

The GRC Manager will ensure that our Senior Management and Executives are kept fully informed of our Cyber posture, overseeing our control assurance processes and producing executive dashboards and reporting.  They will work closely with the Security Operations Manager and Security Engineering Manager to support our Cyber Defence teams, as well as providing input and direction on our  Information Security Roadmap.  The role will also involve overseeing our Third Party Risk Management Process, PCI compliance, security by design assurance, and helping to develop and improve our Cyber Security Culture.

The successful candidate will also play a key role in developing and delivering our security Education & Awareness programme to our end users, ensuring we deliver relevant and engaging content to our business colleagues.

As a subject matter expert in Information Security you will be expected to provide pragmatic advice and guidance to technology and business teams, manage key suppliers, coach and mentor your  team members and assist with budgeting.

The salary will be from £62,900 plus tradable benefits including share options, private medical insurance, product allowance and company car.

Key Responsibilities

• Day-to-day management of the Information Security GRC Team including mentoring, coaching, training and development and where necessary performance management.
• Create and maintain pragmatic security policies appropriate for our business, providing advice and guidance on implementation and interpretation.
• Support Next in creating and maintaining a threat lead Cyber Security framework that ensures we can effectively identify, prioritise and treat threats affecting our business.
• Oversee the development, management and promotion of our Cyber Security Education and Awareness training with the aim of ensuring content is timely, relevant and engaging.
• Create and maintain appropriate, actionable metrics and reporting to keep our Executive Sponsors informed of our Cyber Risk Posture, ensuring all reports are available in a timely manner for our meeting schedule.
• Manage our 3rd Party Risk Management process to ensure all suppliers are safely onboarded, managed and offboarded, keeping key Stakeholders fully informed of any risk the business is taking.
• Support the Head of Information Security in defining and delivering NEXT’s annual Security Roadmap.
• Manage suppliers and support the Head of Information Security with setting and managing budgets.
• Provide expert, yet pragmatic advice and guidance on Information Security to Senior Technology Stakeholders to support them in meeting their business objectives.
• Manage Next’s PCI Compliance and work with our appointed QSA to support audits and other key activities.
• Support Security Audit activities ensuring evidence can be collected and shared with auditors as efficiently as possible.
• Manage our various security assurance processes to ensure our controls are effective and systems/processes are secure by design.
• Remain up to date with the regulatory risk landscape and how it applies to NEXT, ensuring our policies and standards are adapted to meet any requirements.
• Facilitate Information Security risk assessments to keep senior leadership informed of our security risk exposure.
• Plan and execute annual tabletop simulation exercises to ensure our CSIRT and Incident Response Plan remains effective.
• Maintain and enhance knowledge, ensuring you are continually up to date with the latest security risks, threats and solutions as well as geographical and industry trends.

Criteria

Essential

• Adequate working in Information Security with a proven track record of delivery.
• A solid understanding of the current Information Security threat landscape and emerging threats.
• A team player who is hardworking, self-motivated, collaborative and calm under pressure with the ability to communicate clearly and concisely to all levels of management.
• Excellent attention to detail.
• Understand and operate within our change management process.
• A pragmatic and forward thinking approach to Information Security.
• Ability to adapt approach dependent on the business`s  requirements.
• Flexibility to cover unsociable hours and peak periods at short notice. 

 Desirable

• Technical background in Information Technology with good hands on experience of servers and/or networking.
• Relevant industry recognised security qualification (i.e CISSP).
• Experience with security or compliance standards such as PCI-DSS or ISO27001.
• Understanding and experience of working for a Retail company.

Information Security Governance, Risk and Culture (GRC) Manager job opportunities 2025, Information Security Governance, Risk and Culture (GRC) Manager Jobs 2025, Information Security Governance, Risk and Culture (GRC) Manager job opening 2025, Information Security Governance, Risk and Culture (GRC) Manager job vacancies 2025, Information Security Governance, Risk and Culture (GRC) Manager job descriptions 2025, Information Security Governance, Risk and Culture (GRC) Manager job listing 2025 Next job opportunities 2025, Next Jobs 2025, Next job opening 2025, Next job vacancies 2025, Next job descriptions 2025, Next job listing 2025 Leicester, Leicestershire, United Kingdom job opportunities 2025, Leicester, Leicestershire, United Kingdom Jobs 2025, Leicester, Leicestershire, United Kingdom job opening 2025, Leicester, Leicestershire, United Kingdom job vacancies 2025, Leicester, Leicestershire, United Kingdom job descriptions 2025, Leicester, Leicestershire, United Kingdom job listing 2025, Australia Postal Service Jobs 2025, Australia Postal Service job opportunities 2025, Australia Postal Service job opening 2025, Australia Postal Service job vacancies 2025, Australia Postal Service job descriptions 2025, Australia Postal Service job listing 2025

For more information please click the link below