Information Security Risk & Governance Manager

At Frasers Group

UK Only

Company Description

Frasers Group are currently looking for an Information Security Risk & Governance Manager to join our growing team. We started as a small store in Maidenhead in 1982 and from there, grew to become a global powerhouse. We believe the higher the risk, the greater the reward. We’ve never been afraid to strive forward and change the way the industry operates, diversifying our portfolio and elevating stores. We’re not sitting back – there’s no room for hesitation. As a PLC with a £4bl turn over, this opportunity to grow your career in a fast paced and dynamic environment is one for the bold. 

Job Description

This role is remote but would like you in our office every now and then. We are located in London, Basingstoke and Shirebrook.

  • Improving the Cyber Security landscape across the whole Frasers Group estate
  • Coordinate all Audit activities, establishing and maintaining scheduling and collation of control evidence
  • Respond to information security audit failures
  • Provide support and guidance for legal/regulatory compliance
  • Monitor, report and enforce compliance with information security policies
  • Develop and control the Continuous Improvement programme to address continued findings across all Information Governance and Control areas
  • Lead and coordinate the Information Security committee
  • Lead with ITLT, the Information Risk Review on a monthly basis, managing feeds into the wider Organisational Risk Management framework
  • Provide information security communication, awareness and training
  • Manage production issues and incidents, and participate in problem/change forums
  • Develop a strong working relationship with the engineering team/vendor to develop and implement controls and configurations aligned with information security policies/audit
  • Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements
  • Manage the day-to-day activities of threat and vulnerability management
  • Identify risk tolerances, recommend treatment plans and communicate information about residual risk
  • Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
  • Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans

  • At least 3 years experience in Computer & Network Security in similar roles
  • Must be aware of Risk Management methodologies
  • Able to manage and assist suppliers and third parties
  • Experience leading security awareness and training campaigns and supporting with audit
  • Knowledge of privileged access management and written information security policy's and standards
  • Able to work in a fast paced commercial environment where business needs are everchanging

Additional Information

An opportunity like this at Frasers Group is for the fearless. The potential is massive, the experience unrivalled. To be able to make the most of it you need to live and breathe our principles:

  • Think without limits and take the team with you
  • Own it and back it
  • Not hesitate and act with purpose
  • Be commercial and customer-focused.
Apply for the Job

Recent Job Postings