Senior Cyber Risk and Assurance Manager

Tesco UK  •  Welwyn Garden City  •  Hybrid  •  Full-Time  •  Apply by 28-Aug-2025 About the role This is a fantastic opportunity to join Tesco's Cyber Assurance team, part of the wider Cyber Risk function. The Cyber Assurance team is our second line in Technology working with stakeholders to ensure the implementation of proportionate controls to mitigate Tesco's cyber risk exposure. As a Senior Cyber Risk and Assurance Manager, you are responsible for continually improving insights in your area of specialism and driving process/tooling improvements as required to achieve security outcomes. You will need to work with cross-functional stakeholders to break down complex problems and identify possible solutions. You will also support team members and stakeholders seeking help with matters relating to management of cyber risk. What is in it for you We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more!   

• Annual bonus scheme of up to 20% of base salary 
• Holiday starting at 25 days plus a personal day (plus Bank holidays) 
• Private medical insurance 
• 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave 
• Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing 

You will be responsible for - Maintain up-to-date understanding of cyber threat landscape and applicable laws and regulations (e.g. NIS1/NIS2, GDPR) and work closely with technology, business and legal stakeholders to ensure cyber risks are understood, considered and managed - Lead, plan and conduct complex cyber risk assessments (aligned to industry-recognised frameworks) for the Group and its subsidiaries to agreed time and quality standards, including testing and concluding on the design and operating effectiveness of key cyber controls - Ensure delivery of high quality assessment reports with clear conclusions and recommendations to enable stakeholders to make timely risk-based decisions - Identify and drive initiatives to improve control effectiveness/compliance across cyber domains such as identity & access management, network security, endpoint security, application security - Engage stakeholders across Security, wider Technology and the business to assess the impact of deficient controls, identify and prioritise remediation actions and track them to completion - Build strong relationships with Security and Technology colleagues as well as Legal, Internal Audit and other business teams to drive effective risk management - Identify and implement process improvement opportunities across various initiatives within the Cyber Risk and Assurance team This role requires hands-on involvement in the execution of work/projects as well as occasional management of team members on delivery of projects/initiatives. You will need - Experience validating the effectiveness of security controls through manual and automated approaches across a variety of technologies, products and hosting environments. Strong background in the following desirable: a) Cloud Security (e.g. Azure) b) Network Security (e.g. Firewalls, Remote Access, DDoS Prevention) c) Identity & Access Management - Hands on experience with different security frameworks and standards such as ISO 27001, NIST CSF, CIS, NCSC CAF (e.g. controls testing, gap assessments) - Experience and knowledge of information security related laws and regulations such as NIS/NIS2 and GDPR - IT audit and/or IT risk management, governance, compliance
- Critical thinking with strong attention to detail and good organisational skills - Strong written, verbal communication and presentation skills, working with all levels of seniority and disciplines within the organisation - Able to build solid working relationships with peers as well as internal and external stakeholders - At least one relevant professional qualification such as CISA, CISM, Security+, CRISC, CISSP or equivalent About us Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.    We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.    We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you.  We work in a more blended pattern - combining office and remote working.  Our offices will continue to be where we connect, collaborate and innovate.  If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.