Cyber Security Manager

Job Description

This role is part of a strategic capability within our Group Cyber Security team, providing support and oversight of our subsidiary businesses. In this role, you will be responsible for building relationships with both cyber and leadership teams in your allocated subsidiaries, supporting their cyber security planning and execution, ensuring they are aligned to the Group cyber security framework and support collaboration with the relevant cyber security teams in Tesco Group where applicable.

The role will be based at the Tesco head office in Welwyn Garden City but will require travel to head offices of subsidiary businesses where applicable. You will be required to work closely with cyber and business stakeholders but will also with the wider Tesco Technology teams where required.

The role will be responsible for guiding security initiatives and coordinating security operations and supporting businesses with any regional security requirements, leveraging Group capabilities if possible. The ideal candidate will have a passion for cyber security that they can translate into business language to raise awareness of what they should be doing from a cyber security perspective and how to embed it into their culture and ways of working.

• Maintain strong stakeholder relationships, champion and promote security best practice, and find opportunities for security to add value within the businesses you will be supporting
• Understand the security posture of the business and its processes to effectively engage them in the security improvement recommendations and cyber risk management
• Present risk-based security position and recommendations to management and executive teams
• Drive the information security improvement plans which includes incorporating Tesco Group security requirements for GDPR, PCI, NIS2 and ISO27001
• Ensure adequate registration, analysis, resolution and reporting of privacy and information security incidents
• Design and organise information security assessments, penetration testing, reviews and audits
• Provide technical oversight of all security tooling and infrastructure services in use; Make recommendations on configuration and implementation improvements
• Own third party vendor management for security services
• Monitor and respond to emerging threat patterns, vulnerabilities and anomalies to help the business make informed risk‑based decisions
• Responsible for collaborating with the Tesco Group Cyber Security teams to help ensure the entire Tesco Group are protected against emerging threats

• Broad and deep Cyber/Information Security expertise sufficient to engage with, and provide value and service, to a range of stakeholders
• Strong working knowledge of security management principles and practices, including, but not limited to, vulnerability management, detection engineering, application security, Identity management, incident response, awareness training, risk and compliance.
• Excellent stakeholder engagement and ability to drive change
• Proven track record of engaging with diverse stakeholders and building a security culture
• Ability to analyse complex information and make sound decisions
• Hands on experience in areas such as networks, sysadmin, software developer, or security analyst is beneficial, but we welcome applicants from diverse technical backgrounds
• Security qualifications such as CISM, CISSP, CISA or equivalent are desirable
• Project management experience

Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet. We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here. We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.