Information Security & Compliance Manager
Role details
Job location
Tech stack
Job description
Security and Compliance are critical business functions within Charlotte Tilbury. As a company that deals with a large volume of sensitive customer data, it is imperative that we adhere to modern security standards and remain compliant with the relevant regulations in each region we operate. Equally, the protection of our intellectual property and the productivity of our teams is essential to our continued success.
The Information Security and Compliance Manager will be responsible for developing and overseeing control systems to prevent or deal with breaches of data security and privacy. You will also evaluate the efficiency of these controls and improve them continuously. You will collaborate with the IT department, the Legal department, and other stakeholders to monitor and enforce compliance standards and regulations. You will also provide guidance and training on information security matters and best practice to employees and partners of the business.
As a Information Security & Compliance Manager you will
Policy, Process and Documentation
·Coordinate the development of best practice policies and standards related to IT security and data processing.
·Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements.
Security Operations
·Be accountable for technical security controls including EDR, SIEM, DLP, SSE/SWG, CSPM, vulnerability management, identity security and endpoint compliance ensuring it is fit for purpose and being used to its full potential.
·Partner with and challenge Technology Operations on secure design, implementation and operational support of workplace, identity and endpoint technologies.
·Define and maintain build standards for Windows, MacOS, Android and iOS devices.
·Define security and compliance standards for cloud hosting environments, including AWS and GCP.
·Oversee penetration testing, bug bounty programs and red team exercises.
·Investigate security events and contain incidents in a timely manner.
Compliance
·Manage and oversee technology risk management activities
·Identify areas of non or weak compliance and drive improvement. This could be related to process, system security, documentation or any aspect of security/compliance.
·Develop and implement relevant security and compliance reporting to management and risk committees.
·Develop and manage an information security risk register to address risk issues and action plans from all sources.
·Coordinate information security internal audit and participate in external audits
·Collaborate with the IT department, the Legal department, and other stakeholders to monitor and enforce the compliance standards and regulations.
·Take ownership of vendor assessments, third party risk assessments and supply chain vulnerabilities
Awareness
·Develop and lead information security awareness and training initiatives, including phishing exercises and compliance training.
· Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance.
Who you will work with
- Reporting into the Technology Operations Director
- Lead the Information Security team, consisting of two direct reports.
Requirements
-
Experience in managing Cyber Security and Compliance positioning for an enterprise organisation
-
Practical experience delivering hands on security improvements
-
An understanding of relevant security and regulations (e.g. GDPR, CCPA, ISO27001, PCI-DSS)
-
Customer focussed approach
-
Effective communicator with ability to adapt style for intended audience
-
Capable of managing the relationship with 3rd party service providers
-
Highly organised and able to prioritise workload effectively
-
Pro-active and able to work off your own initiative.
-
Able to influence and communicate your own point of view
-
Creative and unorthodox thinker, able to push projects forward in an unstructured environment.
-
Methodical, logical, organised and calm under pressure
-
Excellent English written & verbal skills.