Senior Manager, IT Security Engineering

INTRODUCTION

At Burberry, we believe creativity opens spaces. Our purpose is to unlock the power of imagination to push boundaries and open new possibilities for our people, our customers and our communities. This is the core belief that has guided Burberry since it was founded in 1856 and is central to how we operate as a company today.

We aim to provide an environment for creative minds from different backgrounds to thrive, bringing a wide range of skills and experiences to everything we do. As a purposeful, values-driven brand, we are committed to being a force for good in the world as well, creating the next generation of sustainable luxury for customers, driving industry change and championing our communities.

JOB PURPOSE

The Burberry Security Operations team is globally responsible for security monitoring, incident response, engineering, threat and vulnerability management and identity and access management. The IT Security Engineering Manager, reporting to Director - Information Security Operations, is responsible for the operation, management and continuous improvement of the Security Engineering Service.

RESPONSIBILITIES

The IT Security Engineering Manager will be responsible for:
• Manage the IT Security Operations Security Engineering service
• Oversight of strategic security solutions
• Management of the following security solutions / services: Tanium, McAfee, ZScaler, Fortinet, Akamai, Splunk, DLP. Some managed in-house and some through a third party service.
• Working closely with IT architecture and other IT teams to define and manage technical security configuration standards for a range of in-scope technologies, including network perimeter, distributed operating systems and endpoint security technologies
• Work with vendors and IT teams to ensure that defined configurations are appropriately implemented
• Development of reporting and other security logic to support security, IT and business requirements
• Support the identification of security threats
• Drive continuous improvement initiatives as required to address changing threats
• Continuously update perimeter security rule set and implement BAU service / controls to ensure that rules remain effective
• Providing regular service reporting against a set of defined key performance and risk indicators
• Providing operational input and feedback to relevant Information and IT Security teams
• Identifying, assessing and addressing key cyber security risk scenarios through provision of services
• Managing relationships and oversight of security services delivered by relevant third parties
• Key member of the Information Security Incident Management Team, responsible for the management of high priority security incidents

PERSONAL PROFILE

• Demonstrate experience of managing and maintaining Security tools within global environment
• Passionate about service / security - keeps up to date on the latest news and trends
• IT Security Professional with experience across a broad set of security domains
• At least 5 year's experience working in a technical role
• Demonstrable ability to distil complex, often technical, security issues into a management set of options and / or recommendation
• Approaches tasks and problems in an organised, methodical manner
• Ability to quickly understand complex technical concepts and architectures

Mandatory:
• Creation and implementation of detailed security standards and / or build guides
• Firewall administration / firewall rule management
• Endpoint security solution administration / management
• PKI administration / management
• Demonstrate in depth knowledge and experience of the following operating systems: Windows Server, Unix/Linux, Windows Desktop, MacOSX
• Demonstrate in depth knowledge and experience in at least two of the following platforms: AWS, Azure, SAP HANA, Microsoft 365
• Demonstrate in depth knowledge of at least two of the following: Fortinet NGFW, zScaler, SkyBox
• Demonstrate in depth knowledge of at least two of the following: Splunk, Tanium, McAfee ePO
• Experience in building complex security detection and reporting logic
• Demonstrate ability to formulate formal configuration and build documentation
• Security solution design
• Multiple scripting languages, e.g., PowerShell, Python, PHP, etc.
• Excellent analytical and problem-solving capabilities

Desirable:
• Relevant academic or industry qualifications such as CEH, CISSP, CISM, CISA
• Experience with Splunk
• Ability and experience in managing security incidents
• Hands-on administration/operations experience

FOOTER

Burberry is an Equal Opportunities Employer and as such, treats all applications equally and recruits purely on the basis of skills and experience.

Posting Notes: United Kingdom || Not Applicable || London || IT || INFORMATION SECURITY || n/a ||