Find More Than 10K+
United Kingdom Jobs

Available Job Today Threat & Vulnerability Manager

Why Digital & Tech at M&S

We're changing the way we do things, and putting industry leading innovation at the heart of how we operate; we need a stellar engineering team to make it happen. You'll be joining one of the most iconic brands in the UK on its most exciting cycle yet. We're more integrated and product led in our tech teams than ever before: learning, changing, and adapting constantly, with millions of people benefiting from your work every single day.

The Role

The Information Security Threat & Vulnerability (T&VM) Manager is in the front line of protection against threats directed at, and exploitation of vulnerabilities present at M&S. The T&VM Manager is also responsible for managing the wider T&VM team This team is the focal point for the management and execution of T&VM process and coordination of relevant parties to mitigate against threats and vulnerabilities.

What You’ll Do Every Day

• Protect company and its customers from materially impactful events to its Business, Brand and Customer e.g., catastrophic events, significant financial losses, and highly embarrassing events
• Act as a liaison between industry peers, government agencies and other specialists.
• Utilize commercial intelligence providers to gain insight into existing activities in the hacker and fraudster communities, as well as planned activities and emerging motivations.
• Coordinate with the M&S Global Security Operations Centre and third-party providers to assess threat and vulnerabilities
• During high-impact threat and vulnerability mitigations, the TY&VM Manager will be required to brief senior management directly and interact with the crisis management team.
• Operationalise effective T&VM Services and controls to protect core business processes and customer data
• Develop and maintain the M&S security T&VM management processes and procedures, including all required supporting materials.
• Develop functional requirements for roles that will be involved in the T&VM program
• Work with business units, IT functions and external providers to ensure that processes are mutually understood and agreed on, and that responsibilities are clear and accepted.
• Act as a liaison throughout M&S (including, lines of business, public relations, legal counsel, and customer contact centres).
• Initiate the threat and vulnerability management process and execute decision authority to the extent of the role within that process.
• Ensure execution of the T&VM process to the resolution of the appropriate level of mitigation.
• Ensure generation, maintenance, and protection of required documentation, reporting and traceability.
• Organize, participate in and chair T&VM meetings for presentation to the senior management.
• Identify and respond to threats: Incorporating industry intelligence to enable proactive threat detection, containment, and response
• Work with the InfoSec Mangers, Leads and Service Delivery Managers to deliver activities within the continuous programme of T&VM improvement relating to application, infrastructure, and all critical services
• If notified outside of normal working hours of a potential immediate threat and/or exploitation of vulnerability, then the T&VM Manager will be expected to perform the role out of hours to the extent required to protect the organization.
• The T&VM Manager will be expected to work with other managers to ensure that the information is shared where desirable.
• Ensure the development and delivery of a global T&VM service
• Provide specialized security support for other events that fall outside the IT security incident realm, such as fraud attempts based on electronic channels or high-impact outages due to reasons other than security.
• Ensure the management and maintenance of T&VM tooling owned
• Manage third party T&VM providers
• Chair T&VM meetings, calls, maintain actions and escalate any issues
• Report and Maintain Key Risk, Performance and Success Indicators for the team
• Act as a liaison between industry peers, government agencies and other specialists
• Utilize commercial intelligence providers to gain insight into existing activities in the hacker and fraudster communities, as well as planned activities and emerging motivations
• Develop and maintain the T&VM process, including all required supporting materials
• Advise the InfoSec Management team of significant emerging threats and identified vulnerabilities, and recommend tactical and operational steps to counteract these threats and mitigate vulnerabilities
• Deliver Management Reporting on a regular and ad-hoc basis
• Effectively communicate with internal stakeholders (technical and non-technical) and suppliers to provide updates on threats, vulnerabilities and/or to deliver key projects
• Make and drive recommendations to improve operational effectiveness
• Measure, manage and mitigate Information Security risk to an acceptable level and demonstrate compliance

You Should Apply If

• Demonstrable experience of delivering transformational changes to culture and processes related to T&VM
• Proficiency in preparation of reports, dashboards, and documentation
• Strong experience of T&VM, including within a DevSecOps operating model
• Knowledge and demonstrable experience of Information security technologies and methodologies.
• Experience of vulnerability and threat assessment, including penetration testing and threat modelling
• Experience of Web-based application security
• Experience of Cloud systems and their Architecture (Azure, AWS)
• Experience of T&VM processes and procedures
• Demonstrable experience of working effectively with managed suppliers and vendors
• Awareness of Agile environments and practices
• Awareness of various operating system flavours including but not limited to Windows, Linux, Unix
• Awareness of Database technologies (SQL, Oracle, DB2, Mongo) and associated threats
• Awareness of security controls in widely used technologies e.g., MS Office 365
• Experience of Incident Management and Response tools – e,g, Remedy, ServiceNow
• A great communicator with strong negotiation, influencing, planning and prioritisation skills

Working for Us Means

• Hybrid Working
• Industry leading pension of up to 12% M&S contribution
• Bonus up to 40%
• 20% discount on M&S products
• Up to 2 weeks working abroad
• Learning days once a month, Tech/Ed days once a quarter and Hackathon every other quarter
• A range of wellbeing support (including free counselling and a virtual GP for you and immediate family)
• 25% off gym memberships, access to online fitness classes and discounts for complementary health services, such as nutrition and lifestyle coaching

#LI-LS1

M&S is ready to push boundaries to lead the retail industry into a greener, speedier, more inspiring digital era. That’s why we’re revolutionising how we work and offering our most exciting opportunities yet. There’s never been a better time to be part of our team. Marks & Spencer aims to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make an immediate impact.

We are committed to an active Inclusion, Diversity and Equal Opportunities Policy, which starts with our recruitment and selection process, and we are happy to talk flexible working.

If you consider yourself to require reasonable adjustments to any part of our recruitment process, we invite you to share those requirements with us when completing your application. We will make every effort to ensure your needs are met to provide a fair and transparent process of assessment.