Information Security Manager

Job Title / Role

Information Security Manager

 

Reporting to

Head of Product Assurance – Sainsbury’s

 

Division/Dept

Data Governance and Information Security (DGIS)

 

Location

Coventry, Holborn, Manchester (Flexible)

 

In a nutshell

 

As Sainsbury’s continues to innovate and evolve the products we offer our customers, being the most trusted retailer is key. We integrate with multiple third parties and vendors and have a multi-cloud strategy to provide value and availability. 

 

You will play a pivotal role in leading and coaching a team of talented security colleagues, driving the delivery of solutions that enhance security and drive performance across the business. 

 

You will assist in providing subject matter expertise by providing InfoSec Analysts and Engineers with specialist networking knowledge including supporting with low-level and high-level designs.

 

The ideal candidate will have a good amount of managerial experience along with being an experienced cybersecurity and Information Security practitioner.

 

Whilst this role isn’t ‘hands-on’ candidates are expected to have an in-depth knowledge of security technologies and how these are integrated in monolithic and microservice architectures.

 

What you need to do

 

• Manage and inspire a team of eleven (11) Information Security personnel comprising of Junior, Senior and Lead Analysts 
• Lead and be personally responsible for delivering strategic initiatives from the Chief Information Security Officer 
• Continuously review and evaluate the efficacy of security policies and practices to keep Sainsbury’s up-to-date 
• Ensure your team are keeping abreast of latest developments by recommending appropriate CPD activities 
• Thoroughly understand risks that have been raised by Analysts to enable reporting to Senior Management 
• Review team workloads to ensure appropriate tasks are assigned within the competence of the Analysts 
• Deliver great performance to our Tech and Digital teams by ensuring tasks are completed within SLAs 
• Develop mitigation strategies where complicated issues are discovered to allow continuity of operation 
• Assist in the selection of InfoSec specific tooling and whilst considering Capex and Opex constraints 
• Manage, validate and document the integration of NIST controls from service design to improvement 
• Have a deep understand with I.T. Service Model frameworks including ITIL and ISO/IEC 20000 
• Be prepared to justify decisions based upon Sainsbury’s success criteria, policies and practice 
• Actively participate in Engineering conversations which aim to improve estate-wide security 
• Assume leadership for incidents which occur by managing and coordinating the response 
• General managerial duties such as: appraisals, recruitment, induction, managing leave etc
• Provide support to the Head of Product Assurance 

 

What you need to know and show

 

• A strong technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture
• Appreciation of containerisation technologies such as Docker, Kubernetes etc.
• Experience with logging, monitoring, load balancing/proxies and API gateways
• Working knowledge of GitHub, Jenkins, Ansible, Chef and Puppet
• In-depth knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI-DSS and Cyber Kill Chain
• Familiarity with PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies
• The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing
• Strong understanding of the changing threat landscape and how this may affect our systems
• Nice to have knowledge of Oracle and SAP clouds
• The ability to challenge concerns and report through appropriate channels
• Self-drive, motivation and the ability to work independently to deliver expected outcomes
• Excellent teamwork and problem-solving skills by blending technical knowledge with business requirements
• In-depth understanding of data and security risks in a large enterprise
• Risk Management experience and understanding of Risk Management Frameworks
• Strong analytical and report writing skills

 

Desirable Qualifications

 

• Preferred: Graduate in computer science or cybersecurity AND; 

 

• One or more of the following security qualifications (in-date): 

 

• CompTIA Security+ / CySA+ / CASP+ 

• GIAC GX-CS / GCIA / GX-IH / GX-IA 

• Offensive Security Certified Professional (OSCP) 

• One or more of the following technical qualifications (in-date): 

• Certified Kubernetes Security Specialist (CKS) 

• CompTIA Linux+ / LPIC-3 / Red Hat Certified Engineer (RHCE) 

• CompTIA Network+ / Cisco Certified Networking Associate / Professional (CCNA or CCNP) 

• Terraform Associate / Terraform Authoring and Operations Professional 

• Vault Associate / Vault Operations Professional / Consul Associate 

• MongoDB Certified Associate (Developer / Administrator / Data Modeler) 

 

• One or more of the following governance qualifications (in-date): 

 

• Certified Information Systems Security Professional (CISSP) 

• Certified Information Security Manager (CISM) 

• Certified AI Governance Professional (AIGP) 

• Certified NIST Cybersecurity Framework Lead Implementer (CSF LI) 

 

• One or more of the following cloud qualifications (in-date): 

 

• CompTIA Cloud+ 

• Certified Cloud Security Professional (CCSP) 

• Certificate of Cloud Security Knowledge (CCSK) 

• Microsoft Certified: Azure Fundamentals / AWS Cloud Practitioner 

• Google Professional Cloud Security Engineer / Cloud Developer

• Certificate of Competence in Zero Trust (CCZT) 

• Certificate of Cloud Security Knowledge (CCSK) 

 

As well as lots of on-the-job training and endless opportunities, in return you’ll also enjoy:

• Flexible working – tailored approach to balance your working from home and collaboration in the office, sensible freedom to shape your week and day working hours, offices in different locations
• Colleague discount across our brands – Sainsbury’s, Argos and Habitat 
• Health cover
• Holiday allowance 
• Bonus scheme 
• Pension plan 
• Special offers on gym memberships, restaurants, holidays, retail vouchers and more   

 

We’d all like amazing work to do, and real work-life balance. That’s waiting for you at Sainsbury’s. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you’ll realise that ours is a modern software engineering environment because it has to be. We’ve made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech.

We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new - whether that’s as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we’ll also offer you an amazing range of benefits. Here are some of them:
 
 Starting off with colleague discount, you'll be able to get 10% off at Sainsbury's, Argos, TU and Habitat after 4 weeks. This increases to 15% off at Sainsbury’s every Friday and Saturday and 15% off at Argos every pay day. We've also got you covered for your future with our pensions scheme and life cover. You'll also be able to share in our success as you may be eligible for a performance-related bonus of up to 20% of salary, depending on how we perform.  
 
 Your wellbeing is important to us too. You'll receive an annual holiday allowance, and you can buy additional holiday. We also offer other benefits that will help your money go further such as season ticket loans, interest free car loan of up to £10k, cycle to work scheme, health cash plans, pay advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an Employee Assistance Programme, you will also be eligible for private healthcare too.

Moments that matter are as important to us as they are to you which is why we give up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave. 
 
 Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).