Halfords

Job Summary: 

The Senior Information Security Manager will oversee the development and implementation of robust security measures across our products, supporting systems, and organizational processes to ensure continuous security throughout the product lifecycle. This role combines a deep technical understanding of security controls, security architecture, threat mapping and risk management. The Information Security Manager will collaborate with development teams, architects, and other stakeholders to embed security and privacy by design into all applications and systems. This position requires a balance of strategic oversight, management of Managed Security Services (MSS) colleagues and hands-on involvement to ensure the security policy, processes and procedures align with the organisation's goals and compliance requirements. 

Key Responsibilities: 

• Lead the development and implementation of comprehensive end-to-end cybersecurity solutions, including security architecture, process creation, and vendor management, aligned with industry best practices. 

• Provide expert guidance on cybersecurity detection and response strategies, ensuring integration across architecture, organizational, and governance teams. 

• Monitor and enforce adherence to security policies, managing exceptions through established approval processes. 

• Identify, assess, and manage Information Security Risks, developing and overseeing remediation plans to mitigate these risks. 

• Ensure that Information Security Risks are escalated and managed through the organization's risk management framework, providing recommendations to senior management for risk acceptance where necessary. 

• Collaborate with cross-functional teams to design and implement effective information security controls, ensuring they are incorporated into projects and operational processes. 

• Engage with projects to guarantee that Information Security controls are integrated into all implementations and changes, maintaining security throughout the project lifecycle. 

• Conduct risk assessments and gap analysis exercises, working closely with various business units to address and remediate identified issues. 

• Direct management of 1 x GRC Analyst 

• Indirect management of MSS colleagues 

• Perform comprehensive information security reviews, including system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery processes, and system maintenance protocols. 

• Lead due diligence assessments (Vendor Assessments) on new and existing third-party vendors, identifying and escalating risks to relevant business areas. 

• Define and oversee security testing requirements, including penetration testing scoping, interpreting results, and providing actionable feedback to IT and business stakeholders. 

• Develop and manage key risk indicators, offering detailed analysis and commentary to ensure senior stakeholders have a clear understanding of security risk levels. 

Key Skills/Experience: 

• Proven experience in designing security architecture for both applications and underlying security infrastructure  

• Strong background in managing security activities, with experience in the retail sector being advantageous. 

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent security certification. 

• Extensive knowledge of regulatory and compliance requirements, including frameworks such as NIST, CSF, ISO 27001, FCA and GDPR. 

• Demonstrable experience with a range of security technologies and architectures. 

• Experience advising software development teams and working within agile delivery environments. 

• Experience in MS Azure cloud security within complex environments. 

• Ability to communicate complex security concepts effectively across all levels of the organization. 

• Solid understanding of data architecture, web security, zero trust models, and low-latency applications.