At Burberry, we believe creativity opens spaces. Our purpose is to unlock the power of imagination to push boundaries and open new possibilities for our people, our customers and our communities. This is the core belief that has guided Burberry since it was founded in 1856 and is central to how we operate as a company today.
We aim to provide an environment for creative minds from different backgrounds to thrive, bringing a wide range of skills and experiences to everything we do. As a purposeful, values-driven brand, we are committed to being a force for good in the world as well, creating the next generation of sustainable luxury for customers, driving industry change and championing our communities.
The IT Security Advisory function provides a key role within Burberry's Group Information Security Team to ensure that information security is appropriately integrated into all IT and business projects. The IT Security Advisory Manager will work closely with the Senior Manager and a team of Security Advisors to ensure that new projects and initiatives are assessed, and risk-based security advice is provided.
The ideal candidate will have strong experience of securely designing or performing comprehensive security assessments against new products and solutions, as well as communicating effectively with a range of technical and non-technical business stakeholders.
The team is based across our Leeds and London offices and travel to the office based on business need. We are happy to discuss a working pattern that works best for you in line with our flexible working practices.
· Advise in-flight IT and business projects to embed security requirements, manage risks and enable security by design.
· Perform security risk assessments against projects to determine control requirements and track and report on security requirements levied on projects/initiatives through to successful implementation.
· Develop security-related project artefacts/patterns to support consistent security input to projects.
· Perform controls validation to ensure that any initial requirements were implemented as expected.
· Liaise with project stakeholders as an information security subject matter expert throughout the project lifecycle, including representing the Information Security Advisory Team at stage gate meetings.
· Identify and document any residual risks and engage with the Information Security Risk team to ensure these are tracked and managed.
· Support the continuous optimisation of our methodology and approach to support the delivery of consistent security input to projects, services and solutions.
· Work collaboratively with the wider information aecurity function, enterprise architecture & project management teams to ensure a consistent approach to embedding security into projects.
Candidates should have experience in the following areas:
· Experience and knowledge of information security processes & technologies such as, networks, applications, mobile devices, cloud and web-related technologies (web applications, web services, service orientated architectures).
· Strong technical background, such as demonstrable security architecture experience.
· A strong understanding of information security best practices and recognised industry frameworks, threats, and latest technologies.
· Knowledge of waterfall and/or agile ways of working and practices.
· Experience with information security risk management.
Candidates must be able to demonstrate the following skills and experience:
· The ability to communicate effectively at all levels in an organisation
· The ability to translate highly technical information into a business context.
· Experience in handling competing priorities with productive and professional decision making.
· Capable of working in a team or unsupervised to the same level of quality.
· Strong verbal and written communication skills.
· Strong analytical, organisational and problem-solving capabilities.
The following skills and experience would be advantageous:
· Experience in determining security requirements for projects or products.
· Knowledge of penetration testing methods and approaches
· Experience in managing teams, including the coaching and development of team members, along with career and progress planning.
· Knowledge of Secure Software Development Lifecycle and broader application security considerations, especially related to ecommerce.
· Relevant security qualifications such as CISSP, CISM, ISO 27001 Lead Auditor.
· Experience with AWS and Azure security.
· Retail sector or commercial experience as an IT Security Consultant / Manager
Burberry is an Equal Opportunities Employer and as such, treats all applications equally and recruits purely on the basis of skills and experience.
Posting Notes: United Kingdom || Not Applicable || Leeds || IT || INFORMATION SECURITY || n/a ||