Infosec Assurance Lead

Job description:

Role overview:

InfoSec Assurance Lead 

Waterloo - Hybrid Working

Full Time

Permanent 

Grade 3

At Currys we're united by one passion: to help everyone enjoy amazing technology. As the UK's best-known retailer of tech, we're proud of the service our customers receive – and it's all down to our team of 25,000 caring and committed colleagues. Working as one team, we learn and grow together, celebrating the big and small moments that make every day amazing.

Role overview:

Assurance Leads are essential to Currys' risk management strategy, helping to protect Currys assets, information and people from cyber-attacks and data breaches. They ensure security best practice is implemented in projects, operational processes and third parties, facilitating business Change in a secure manner.

Candidates should have a strong background in security and risk management and be proficient at interacting with different stakeholders including architects, project managers and service owners. Experience in performing supplier reviews, project advisory, and operational compliance assessments using organisational policies and industry standards such as ISF, ISO 27001 & PCI-DSS as reference is essential. Hands-on time with Operational Assurance tooling, and/or knowledge in the realms of DevOps, Agile development, Cloud and other emerging technology such as Generative AI, is advantageous.

What you will be doing:

• Support IT and Business transformation by ensuring projects are risk-assessed, appropriate security controls are applied and compliance requirements such as PCI DSS are met through the project lifecycle
• Critique architectural and design documentation and data flow diagrams
• Input to security and risk management reporting and risk related actions and follow up
• Review new and existing supplier and partner contracts and perform regular assurance activities to validate supplier security posture
• Scope, arrange and support security testing, including penetration testing
• Lead end to end audits across IT Infrastructure, Applications and Business processes
• Flag out-of-appetite risks to the Data and Security Approval board and work with IT risk teams to add to relevant risk registers
• Represent Information Security at all levels of engagement across the organisation, helping to embed a culture of strong security and governance.

Role recquirements:

• Previous Security Governance & Assurance experience within a FTSE 250 organisation
• Security controls knowledge covering Information Security Management, Infrastructure & Networking, Applications, Databases, Business processes, Data Management, DevOps, and Cloud computing.
• Real world experience with industry standards such as ISF, NIST, PCI-DSS and GDPR.
• Excellent communication and interpersonal skills with the ability to clearly and concisely articulate information security risks to both business and technical teams
• Working knowledge of penetration testing processes – scoping, facilitating, vulnerabilities and remediation.
• Attentive to detail and able to follow set processes and methodologies diligently.
• Industry certifications such as CISSP, CCSP or ISO 27001:2013 Auditor/Implementor desired
• BSc/MSc in information security, computer science or a related field

Why join us:

Join our team and we'll be with you every step of the way, helping you develop the career you want with new opportunities, on-going training and skills for life.

Not only can you shape your own future, but you can help take charge of ours too. As the biggest recycler and repairer of tech in the UK, we're in a position to make a real impact on people and the planet.

Every voice has a space at our table and we're committed to making inclusion and diversity part of everything we do, including how we strengthen our workforce. We want to make sure you have a fair opportunity to show us your talents during our application process, so if you need any additional assistance with your application please email and we'll do our best to help.