Information Security Manager

at  Sainsburys

WHAT YOU NEED TO KNOW AND SHOW

• A strong technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture
• Appreciation of containerisation technologies such as Docker, Kubernetes etc.
• Experience with logging, monitoring, load balancing/proxies and API gateways
• Working knowledge of GitHub, Jenkins, Ansible, Chef and Puppet
• In-depth knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI-DSS and Cyber Kill Chain
• Familiarity with PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies
• The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing
• Strong understanding of the changing threat landscape and how this may affect our systems
• Nice to have knowledge of Oracle and SAP clouds
• The ability to challenge concerns and report through appropriate channels
• Self-drive, motivation and the ability to work independently to deliver expected outcomes
• Excellent teamwork and problem-solving skills by blending technical knowledge with business requirements
• In-depth understanding of data and security risks in a large enterprise
• Risk Management experience and understanding of Risk Management Frameworks
• Strong analytical and report writing skills

DESIRABLE QUALIFICATIONS

• Preferred: Graduate in computer science or cybersecurity AND;
• One or more of the following security qualifications (in-date):
• CompTIA Security+ / CySA+ / CASP+

WHAT YOU NEED TO DO

• Manage and inspire a team of eleven (11) Information Security personnel comprising of Junior, Senior and Lead Analysts
• Lead and be personally responsible for delivering strategic initiatives from the Chief Information Security Officer
• Continuously review and evaluate the efficacy of security policies and practices to keep Sainsbury’s up-to-date
• Ensure your team are keeping abreast of latest developments by recommending appropriate CPD activities
• Thoroughly understand risks that have been raised by Analysts to enable reporting to Senior Management
• Review team workloads to ensure appropriate tasks are assigned within the competence of the Analysts
• Deliver great performance to our Tech and Digital teams by ensuring tasks are completed within SLAs
• Develop mitigation strategies where complicated issues are discovered to allow continuity of operation
• Assist in the selection of InfoSec specific tooling and whilst considering Capex and Opex constraints
• Manage, validate and document the integration of NIST controls from service design to improvement
• Have a deep understand with I.T. Service Model frameworks including ITIL and ISO/IEC 20000
• Be prepared to justify decisions based upon Sainsbury’s success criteria, policies and practice
• Actively participate in Engineering conversations which aim to improve estate-wide security
• Assume leadership for incidents which occur by managing and coordinating the response
• General managerial duties such as: appraisals, recruitment, induction, managing leave etc
• Provide support to the Head of Product Assurance