Senior Manager Information Security Risk

At Burberry, we believe creativity opens spaces. Our purpose is to unlock the power of imagination to push boundaries and open new possibilities for our people, our customers and our communities. This is the core belief that has guided Burberry since it was founded in 1856 and is central to how we operate as a company today.

We aim to provide an environment for creative minds from different backgrounds to thrive, bringing a wide range of skills and experiences to everything we do. As a purposeful, values-driven brand, we are committed to being a force for good in the world as well, creating the next generation of sustainable luxury for customers, driving industry change and championing our communities.

The Senior Manager – Cyber Security Risk, has a global remit and is an integral member of the Cyber Security team. The Senior Manager plays a fundamental role ensuring that security risk informs the Cyber Security strategy, influences investment delivered through the Security Improvement Programme and wider IT Portfolio while maintaining risk services such as vendor due diligence, contract reviews and maintenance of policies and standards.

• Leading and managing a team, overseeing activities of the Security Risk Manager and able to manage third party security vendors, playing a key part in the procurement process.
• Driving a culture change of understanding and awareness around Cyber Security risks throughout IT and the business leveraging executive risk reporting to Executive Committee level stakeholders.
• Quantification, documentation and tracking of Cybersecurity risks. This includes overseeing a central risk register used across IT as well as the performance of periodic Cyber Risk assessment deep-dives both involving collaboration with the Group Risk Team.
• Oversees the process to assess third party risk incurred through interaction with Third-Party Vendors and Suppliers. Involves the assessment of vendor’s security controls utilising questionnaires and audit reports.
• Oversees the process to assess the cybersecurity obligations agreed upon in legal agreements between Burberry and Third-Party IT Vendors and Suppliers, ensuring an appropriate level of protection for Burberry to mitigate risk.
• Acts as custodian of the Burberry IT Policy and Standard suite managing the update and review cycle.
• Works closely with Group Risk ensuring that Cyber risk reporting aligned to Group Risk methodologies and processes.

• Strong stakeholder management
• Proven leader with the experience of mentoring and developing teams
• Previous experience of operating at a senior level within Information Security and Risk
• Ability to manage conflicting priorities and multiple tasks

Professional qualification in Information Security and Risk, e.g:

• Certified Information Systems Security Professional (CISSP)
• ISO27001 Lead Auditor / Implementor
• Certified in Risk and Information Systems Control (CRISC)

Burberry is an Equal Opportunities Employer and as such, treats all applications equally and recruits purely on the basis of skills and experience.