Senior Manager Information Security Risk

Select how often (in days) to receive an alert:

Department: INFORMATION TECHNOLOGY

Location: GB

The Senior Manager – Cyber Security Risk, has a global remit and is an integral member of the Cyber Security team. The Senior Manager plays a fundamental role ensuring that security risk informs the Cyber Security strategy, influences investment delivered through the Security Improvement Programme and wider IT Portfolio while maintaining risk services sich as vendor due diligence, contract reviews and maintenance of policies and standards.

• Leading and managing a team, overseeing activities of the Security Risk Manager and able to manage third party security vendors, playing a key part in the procurement process.
• Driving a culture change of understanding and awareness around Cyber Security risks throughout IT and the business leveraging executive risk reporting to Executive Committee level stakeholders.
• Quantification, documentation and tracking of Cybersecurity risks. This includes overseeing a central risk register used across IT as well as the performance of periodic Cyber Risk assessment deep-dives both involving collaboration with the Group Risk Team.
• Oversees the process to assess third party risk risk incurred through interaction with Third-Party Vendors and Suppliers. Involves the assessment of vendor’s security controls utilising questionnaires and audit reports.
• Oversees the process to assess the cybersecurity obligations agreed upon in legal agreements between Burberry and Third-Party IT Vendors and Suppliers, ensuring an appropriate level of protection for Burberry to mitigate risk.
• Acts as custodians of the Burberry IT Policy and Standard suite managing the update and review cycle.
• Works closed with Group Risk ensuring that Cyber risk reporting aligned to Group Risk methodologies and processes.

• Proven leader with the experience of mentoring and developing teams
• Previous experience of operating at a senior level within Information Security and Risk
• Ability to manage conflicting priorities and multiple tasks

Professional qualification in Information Security and Risk, e.g:

• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)

Burberry is an Equal Opportunities Employer and as such, treats all applications equally and recruits purely on the basis of skills and experience.

Job Segment: Information Security, Information Technology, IT Manager, Procurement, Manager, Technology, Operations, Management