All the details
Summary
We are seeking a Security Assurance and Advisory Principal to join our GRC team within an expanding and dynamic Information Security function.
You will support management of our security risk position by ensuring that appropriate mitigations are in place and their effectiveness is well understood.
Reporting into the Assurance and Advisory Lead, you will support a growing team of security assurance analysts in assessing and quantifying the mitigations to risks faced by M&S, providing guidance on remediation where necessary.
This is a global role that requires cross-organisational influence over all areas of the business and technology, to support our mission in the management and reduction of Cyber Risk.
To stay close to customers, our support teams are in the office three days a week as we believe that skills are developed through collaboration, and that spending time together makes us more creative and connected.
What you'll do
* Support the delivery of assurance over the mitigations in place to manage the M&S security risk position
* Support the provision of remediation and transformational advice on mitigations to drive improvements to the risk position
* Engaging effectively with cross-business teams to support a consistent and cohesive view of the M&S Security risk position
* Produce clear reporting to enable effective understanding and discussion of actions to address weaknesses in the M&S security risk position
* Support the wider GRC function in providing clear, accurate and timely articulations of the security risk position
* Remain up to date with the latest Information security risk management best practices and standards and disseminate knowledge across your team, risk owners and senior leadership
* Manage, coach and mentor a growing team of security assurance analysts, sharing SME knowledge, working cross-business, providing clear direction and support, enabling them to develop their knowledge and skills
Who you are
* Knowledgeable in Information security risk management and assurance
* Applicable knowledge across a range of Information security domains
* Experience in delivering security assurance and advisory activities
* Experience in developing talent
* Experience of articulation and communication across diverse stakeholders to empower discussion and decision making
* Familiarity with industry-recognised standards and regulations (e.g., CIS-CSC, PCI, GDPR)
* Familiarity with attacker tactics, techniques, and procedures
* +5 years' relevant industry experience
* Ability to use lateral thinking to break a problem down into its component parts to identify and diagnose root causes
Everyone's welcome
We are ambitious about the future of retail. We're disrupting, innovating and leading the industry into a more conscientious, inspiring digital era. We're transforming how we work together and offering our most exciting opportunities yet. Marks & Spencer strives to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make change happen.
We are committed to building diverse and representative teams, where everyone can bring their whole selves to work and be at their best. We support each other and work together to win together.
If you feel you'd benefit from any support or reasonable adjustments during any stage of the recruitment process, please don't hesitate to let us know when completing your application. This information will be picked up by our team, so we can try and put steps in place to help you be at your best through this process.
#J-18808-Ljbffr