Interim Infrastructure and Security Manager

at  Mulberry

Founded in 1971 in Somerset, England, today Mulberry is a truly global fashion company and the largest manufacturer of luxury leather goods in the United Kingdom. Across all locations, we are united by our employee values: Be Bold, Be Open, Be Responsible, Be Imaginative.
If these are values you share, we would love you to join our team.
The Role:
The Interim Infrastructure and Security Manager will take responsibility for the management, maintenance and ongoing development of the IT infrastructure and security technologies for the Mulberry Group ensuring our platforms are capable of supporting business growth, reliable and highly secure. The role also involves: managing the information security risks of the Mulberry Group, implementing and developing best practice, documenting Information Security policies, controls and security solutions to protect the systems, digital assets and data against unauthorised access, modification, theft and disruption and ensuring effective business continuity in the event of system failure.

Duties and Responsibilities:

• Management, maintenance and ongoing development of the server platform (currently HP/VMWare, MS Windows Server, Active Directory), SAN (currently HP), LAN (Cisco), WAN (Cisco Meraki), cloud services, database servers (Microsoft SQL Server).
• Manage and carry out security patching to all servers and user PCs/laptops on a monthly basis.
• Management of Microsoft Office 365 including user applications and extended capabilities.
• Management of all backup systems including site to site replication and cloud backup to ensure business continuity.
• Management of Firewalls and VPN, including VPNs with third party suppliers.
• Management of MDM system (currently AirWatch).
• Define and take ownership of a set of Best Practice Information Security policies and controls.
• Contribute to the wider Mulberry security policy.
• Work closely with Mulberry’s external security consultants to implement Best Practice security throughout the network.
• Arrange and review regular perimeter and internal security testing and audits, review reports and carry out necessary work to address any vulnerabilities and recommendations.
• Carry out audits and risk assessments.
• Advise on all aspects of Information System security and Data Protection for all new system implementations and changes.
• Management of all security solutions aimed at both prevention (including user authentication, Firewalls, anti-virus, anti-ransomware, internet access control) and intrusion detection (including SIEM).
• Take a hands-on role in educating users regarding Information Security and Data Protection issues and maintain awareness of risks and Acceptable Use (education and testing).
• Management of internet access control systems and define/maintain internet access policies.
• Maintain and test effective incident response procedures.
• Regular audit and review of systems and application user access rights.
• Be the subject matter expert on Data Protection legislation.
• Ensure business continuity in the event of system failure by the proper management and testing of system backups, disaster recovery and contingency arrangements.
• Maintain up to date knowledge and expertise concerning all aspects of Information System security including risks, threats, solutions, best practice and standards.

Brand:

• Understand and demonstrate the Mulberry employee values and behaviours: Be Bold, Be Imaginative, Be Open, Be Responsible.
• Support Mulberry to deliver an inclusive culture, through behaving in a way that is open-minded and respectful towards others, and understanding that your views, opinions and experiences may not always be shared by your colleagues.
• Act as an ambassador for Mulberry and communicate positively about the brand.

Made to Last:

• Wherever possible, incorporate environmentally responsible practices into your work. Contribute to decreasing Mulberry’s carbon footprint, helping to mitigate climate change and promoting a greener, more sustainable future.
• Support to foster an environment where diversity is embraced and all individuals feel valued, respected and included. Promote equity, empathy and understanding and demonstrate this commitment within your internal and external communities.

Skills and Experience Required:

• Extensive relevant technical and Information Security experience.
• Formal Information Security management qualifications (CISSP or CISM) an advantage.
• A background in Systems Engineering is highly desirable with a hands-on approach.
• Technically proficient in Cisco firewalls, Meraki, anti-malware tools, Windows server, Active Directory, VMWare, SIEM and internet access control systems.
• Strong networking skills – LAN and WAN.
• Willingness to respond to incidents both in work time and out of hours is essential.
• Self-motivated and good teamwork skills.
• Good all-round education and communication skills.
• Able to train users and produce relevant and engaging material.
• Able to effectively manage own priorities and workload.
• Able to work under pressure and with great attention to detail.

Other:

• This role is based in either London or Somerset with regular travel to the other location and other Mulberry locations, as the business demands.

What we can do for you:

• Product allowance
• Additional Day Off for your Birthday!
• An enviable staff discount and exclusive access to staff sales

• Pension Contributions & Life Assurance

• Training and development opportunities - including full access to LinkedIn Learning!

• x2 Community Days per year

• Onsite gym
• Fresh fruit everyday

Mulberry is an equal opportunities employer and we are passionate about hiring and developing the best talent. All hiring decisions are made only on the basis of qualifications, skills or experience and as they relate to the particular role. If you need us to make any adjustments to our application or interview processes to enable you to be at your best, please email us at talent@mulberry.com

• Management, maintenance and ongoing development of the server platform (currently HP/VMWare, MS Windows Server, Active Directory), SAN (currently HP), LAN (Cisco), WAN (Cisco Meraki), cloud services, database servers (Microsoft SQL Server).
• Manage and carry out security patching to all servers and user PCs/laptops on a monthly basis.
• Management of Microsoft Office 365 including user applications and extended capabilities.
• Management of all backup systems including site to site replication and cloud backup to ensure business continuity.
• Management of Firewalls and VPN, including VPNs with third party suppliers.
• Management of MDM system (currently AirWatch).
• Define and take ownership of a set of Best Practice Information Security policies and controls.
• Contribute to the wider Mulberry security policy.
• Work closely with Mulberry’s external security consultants to implement Best Practice security throughout the network.
• Arrange and review regular perimeter and internal security testing and audits, review reports and carry out necessary work to address any vulnerabilities and recommendations.
• Carry out audits and risk assessments.
• Advise on all aspects of Information System security and Data Protection for all new system implementations and changes.
• Management of all security solutions aimed at both prevention (including user authentication, Firewalls, anti-virus, anti-ransomware, internet access control) and intrusion detection (including SIEM).
• Take a hands-on role in educating users regarding Information Security and Data Protection issues and maintain awareness of risks and Acceptable Use (education and testing).
• Management of internet access control systems and define/maintain internet access policies.
• Maintain and test effective incident response procedures.
• Regular audit and review of systems and application user access rights.
• Be the subject matter expert on Data Protection legislation.
• Ensure business continuity in the event of system failure by the proper management and testing of system backups, disaster recovery and contingency arrangements.
• Maintain up to date knowledge and expertise concerning all aspects of Information System security including risks, threats, solutions, best practice and standards