This job has expired

Information Security Risk Manager

Leeds, United Kingdom
Closing date
10 Nov 2022

View more


Job Details


At Burberry, we believe creativity opens spaces. Our purpose is to unlock the power of imagination to push boundaries and open new possibilities for our people, our customers and our communities. This is the core belief that has guided Burberry since it was founded in 1856 and is central to how we operate as a company today.

We aim to provide an environment for creative minds from different backgrounds to thrive, bringing a wide range of skills and experiences to everything we do. As a purposeful, values-driven brand, we are committed to being a force for good in the world as well, creating the next generation of sustainable luxury for customers, driving industry change and championing our communities.


The Information Security Risk Manager has a global remit and is an integral member of the Information Security team. The Information Security Risk Manager will conduct cyber security risk assessments to inform the cyber security strategy, influence investment into cyber security improvements through risk analysis, and provide a foundation for security control for projects.

The Information Security Risk Manager will drive the delivery of the core Information Security risk services, and take day-to-day responsibility for the team activities, ranging from 3rd Party Supplier security assessments, cyber risk reviews, and input to the annual Information Security Risk Assessment report.

This role can be based from either of our Leeds or London offices with flexible hybrid style of working.

Life At Burberry

We believe creativity opens spaces. Our purpose is to unlock the power of imagination to push boundaries and open new possibilities for our people, our customers, and our communities. Grounded in our heritage and culture, it underpins the choices we make for Burberry today and informs our long-term goals.

At Burberry, we have always sought to build a culture that is open and inclusive, where all perspectives are valued, and our 10,000 colleagues representing 120 nationalities across 34 countries can find a real sense of belonging. We are focused on attracting and retaining a broad range of the best talent, supporting our core belief that diversity of thought, experience, and voices opens spaces for new ideas to thrive, fuelling creativity and enabling us to truly fulfil our purpose.

From blazing a trail with innovative technology and designing beautiful retail stores, to recruiting the best talent that helps to nourish and bring our creative ideas to life, our business areas work together to redefine the future of luxury fashion.


  • Managing team plans, overseeing activities of Security Risk Analysts and able to manage 3rd party security vendors, playing a key part in the procurement process.
  • Identifying and evaluating cyber risks and developing relevant methods for remediation
  • Maintaining the risk register whilst having the ability to clearly and concisely articulate risks to key stakeholders (technical and non-technical), and ability to prepare Board and Executive level materials.
  • Performing Information Security Governance activities including, but not limited to, conducting BAU cyber Risk Assessments, authoring information security policies and standards, supporting contract reviews, driving compliance around Third Party Security due diligence activities.
  • Driving a culture change of understanding and awareness around cyber security risks throughout IT and the business.


The candidate must successfully engage key stakeholders, and as such excellent communication, stakeholder management and relationship management skills are required, as is a very broad knowledge of information and cyber security, including all aspects of technical security, cyber risk management and security best practices, standards, policy and governance.

Critical to success in this position is an ability to grasp complex technical processes/challenges and using entrepreneurial thinking to create solutions that are pragmatic.

In addition the candidate should have the following skills:

· Proven manager with the experience of mentoring and developing teams

· Previous experience of embedding cyber security requirements into contracts and projects

· Ability to manage conflicting priorities and multiple tasks

· Experience of authoring cyber risk reports, suitable for Executives and Board level members


· Relevant work experience in the field of cyber security and risk management

· Professional qualifications in Information Security and Risk, e.g. Certified Information Systems Security Professional (CISSP), ISO27001 Lead Auditor / Implementor, or Certified in Risk and Information Systems Control (CRISC)


Burberry is an Equal Opportunities Employer and as such, treats all applications equally and recruits purely on the basis of skills and experience.


Posting Notes: United Kingdom || Not Applicable || Leeds || IT || INFORMATION SECURITY || n/a ||


Founded in 1856, Burberry today remains quintessentially British, with outerwear at its core. Digital luxury positioning and intensive focus on design innovation, quality and heritage icons of the trench coat, trademark check and Prorsum knight, ensure continued brand purity and relevance globally across genders and generations.

At Burberry, every individual, every team and every function, shares an incredible passion for the brand and is guided by a ‘brand-first’ mind-set. Decisions are evaluated through the lens of the long-term health and vitality of the Burberry brand.

Burberry believes that in order to be a great brand it must also be a great company. Inspired by three Core Values - Protect, Explore, Inspire - rooted in the brand’s heritage and continually informing its guiding principles, Burberry leverages its compassionate and creative thinking culture to continually innovate and drive the brand forward.


Find Us
Horseferry House
United Kingdom

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert