Job Description
As River Island's Head of Information Security, you'll play a strategic and hands‑on leadership role in shaping and strengthening our security posture across the business.
Reporting to the CIO and working as part of the Technology Leadership Team, you will define, embed, and continuously improve River Island’s information security framework – ensuring we remain compliant, resilient, and trusted by our customers, partners, and people.
This is a highly visible role, blending strategy and delivery. You will oversee security operations, vulnerability management, compliance, and risk governance, while partnering with Technology, Data, Legal and wider business teams to ensure security is embedded into everything we do – from store systems to eCommerce and cloud platforms.
Key Responsibilities
* Security Strategy & Governance
o Define, implement, and evolve River Island’s information security strategy in line with business objectives, regulatory obligations, and risk appetite.
o Lead the development and maintenance of Information Security policies, standards, and controls, ensuring alignment with frameworks such as ISO 27001, NIST CSF, and the SANS Top 18.
o Define and report security KPIs/KRIs հեղինակ to senior management, representing risk posture, compliance status, and strategic improvement initiatives.
* Risk Management & Compliance
o Own and manage the Information Security Risk Register; ensure risks are assessed, documented, and mitigated effectively.
o Lead compliance efforts across GDPR, PCI DSS, and other applicable regulations.
Mermaid? ...
* Security Operations (SecOps) & Incident Management
o Oversee operational ಜೆ?
o Coordinate penetration testing, red‑teaming, and vulnerability remediation across applications, infrastructure, and cloud environments.
o Develop and maintain incident response playbooks and lead investigations where required.
o Partner with our Managed SOC and technology teams to strengthen detection, response, and automation capabilities.
* Secure Development & Project Support
o Embed secureとの差 principles and DevSecOps practices across engineering and delivery teams.
Partner with Legal and the DPO on DPIAs, data transfer assessments and 동일값 privacy‑by‑design.
* Define and maintain the information classification and handling standard.
* Ensure security controls for customer data, employee data and payment data are implemented and monitored.
* Provide specialist input into solution design, architecture reviews, and third‑party integrations.
* Support major transformation projects, ensuring security controls and data protection measures are built in from the start.
1. Third‑Party & Client Assurance
* Oversee third‑party risk management, including supplier due diligence, onboarding, and continuous monitoring.
* Support client assurance and audit activities, providing evidence of River Island’s security posture.
* Maintain trust and transparency in all information security communications internally and externally.
2. Continuous Improvement & Leadership
* Drive ongoing maturity of the security function through measurable improvement plans, tooling optimisation, and process automation.
6ai>
3. Mentor and develop members of the Information Security team.
What We’re Looking For
* Proven experience in a senior information security role, ideally within a complex, multi‑channel retail or technology environment.
* Strong technical grounding across key security domains: network, cloud, endpoint, application, and data security.
* Experience managing or working with vulnerability management tools, SIEM/SOC environments, and incident response processes.
* Familiarity with frameworks and standards such as ISO 27001, NIST, CIS, PCI DSS, and GDPR.
* Excellent communication and stakeholder management skills, with the ability to influence at all levels of the organisation.
* Analytical, pragmatic, and calm under pressure – with a focus on enabling the business, not blocking it.
* Desirable:
o Security certifications such as CISSP, CISM, or equivalent.
o Experience in retail, eCommerce, or cloud transformation programmes.
o Understanding of emerging technologies (AI, machine learning, cloud‑native architectures) and associated security considerations.
About Us
We’re a much‑loved brand with an exciting future. Our Islanders are a diverse bunch of bright, talented people who love working together – and are proud of the work they do. Progression here can take you in all kinds of directions. This is what a career at River Island is like. And this is where yours starts.
This role is based at our Head Office in West London. Check us out here on a map.
What We Can Offer You
o Generous 50% staff discount – treat yourself to the latest products, and a bargain staff shop on site.
o Reductions in everyday expenses through discounts, benefits, financial advice, wellbeing solutions and more through Reward Gateway.
o A free onsite gym, subsidised restaurant & café to meet your needs; various social events throughout the year.
o Support for all family setups with enhanced maternity, paternity, adoption and fertility treatment;нать… etc.
o Flexible working, payday and summer early finish Fridays.
o Give As You Earn scheme – a ‘Giver Island’ day each year and matched funding.
o Support with upskilling through on‑the‑job training and qualifications; succession plans.
o Generous bonus scheme and private pension plan.
o Choice to opt in for healthcare through our provider AXA.
o Allowance supporting your commute to work.
o 25 days paid holiday, exclusive of Bank Holidays; option to purchase additional holiday twice a year.
Our Commitment to Safety and Equality
At River Island we are committed to the safeguarding of all of our employees regardless of age or job role. We will Bogotá our obligation under the Prevent duty which seeks to stop extremism and extremist views from materialising in our business. We promote and encourage the belief overdue practicality – including the rule of law, individual liberty and mutual respect of difference ... etc.
Our Island is made up of a diverse community where we all belong and feel part of something bigger. We are committed to equality of opportunity and welcome applications from individuals, regardless of age, gender, ethnicity, disability, sexual orientation, gender identity, socio‑economic background, religion and/or belief. We will consider flexible working requests for all roles unless operational requirements prevent otherwise.
To find out more about this interview process, check out our hiring process below.
#J-18808-Ljbffr