Direct message the job poster from ME+EM LtdLocation: Head Office, White City Place, West LondonContract type: Full Time, 37.5 hours per weekAbout the CompanyME+EM is one of the UK’s fastest-growing luxury fashion brands. As a direct-to-consumer business we operate in a truly omnichannel way, with an extremely successful online store, monthly mailings and stores in London, Edinburgh and concessions in Harrods and Selfridges. Our exciting growth continues in spring 2024 with the opening of our first US stores.At ME+EM we are an entrepreneurial, creative, and passionate group of people. We work hard, are enthusiastic to learn and are not afraid to take risks. Everyone contributes to our success at all levels, and that precisely what makes being a member of the team so rewarding.Our office and stores are always busy and fast paced, but we work just as hard to make sure it’s fun, with social activities and biannual parties. We pride ourselves on being approachable, supportive, and welcoming and ensure that everyone’s hard work is rewarded. It takes all these things to build a strong, successful business and our door is always open to new talent ready to contribute to our growth and evolution.About the RoleThe Information Security Manager (ISM) will be responsible for developing, implementing, and maintaining ME+EM’s information security program. Reporting to the CTO, this role will involve managing risk assessments, monitoring compliance, and embedding a robust security culture throughout the organisation. The ISM will act as the primary subject matter expert on information security, ensuring policies are up-to-date, practical, and enforced, and will communicate security risks and opportunities for improvement directly to senior management.Responsibilities:Cyber Security Strategy & GovernanceImplement and refine the organisation’s cyber security strategy, aligned with business objectives and risk appetite.Lead the development and maintenance of a comprehensive Information Security Management System (ISMS).Define and review metrics and KPIs to monitor the effectiveness of security controls.Policy ManagementDraft, maintain, and enforce all information security policies, procedures, and standards (e.g. access control, data classification, acceptable use).Ensure policies are communicated, understood, and adhered to across departments.Review and update policies regularly in line with regulatory changes and business needs.Conduct and manage regular information security risk assessments across the business.Identify and evaluate vulnerabilities, threats, and risks to company assets, systems, and data.Work with internal teams to prioritise, treat, or accept risks and track mitigation progress.Compliance & AuditEnsure compliance with relevant security frameworks, data protection laws (e.g. GDPR), and industry standards.Manage internal and external security audits, penetration tests, and vulnerability assessments.Maintain records of security incidents and lead post-incident reviews and continuous improvements.Drive an organisation-wide security awareness program to foster a proactive security culture.Deliver targeted training for teams and departments based on their risk profile.Communication & ReportingPrepare and present risk summaries, compliance reports, and improvement plans to senior stakeholders.Act as the primary liaison for third-party security consultants, auditors, and regulators.Champion security at the executive level, influencing key decisions and budgeting.Qualifications:Proven experience in a similar Information Security Management or Cyber Risk role.Strong understanding of information security principles, risk management frameworks, and industry best practices (e.g. ISO 27001, NIST, CIS).Demonstrated experience in drafting and implementing security policies and procedures.Strong communication skills with the ability to engage both technical and non-technical audiences.Proficiency in conducting security risk assessments and presenting results to senior management.Required Skills:Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor.Experience in retail or e-commerce environments.Familiarity with cloud security, especially across SaaS platforms and modern infrastructure (e.g., GCP, Azure).Experience with security tools like SIEM, DLP, endpoint protection, and vulnerability scanners.33 days annual leave for full time employees (25 days holiday + 8 bank holidays).A day off to celebrate your birthday.Pension Scheme.Group Life Insurance.Employee Assistance Programme (EAP).Length of Service Award.Refer a Friend Scheme.Generous Staff and Friends and Family Discount.Cycle to Work Scheme.Eye Care Vouchers.Real Living Wage Employer.Employee led committees.Social events and biannual parties.Enhanced maternity and paternity package after 2 years of service.ME+EM is an equal opportunities employer committed to fostering and preserving a culture of diversity, equality, and inclusion in our workforce. As an equal opportunities’ employer, we do not discriminate against applicants based on race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We believe that diversity enriches our workforce and strengthens our organisation. Therefore, we encourage minorities, LGBTQ+ candidates, and individuals with disabilities to apply for opportunities within our company.Seniority levelSeniority levelMid-Senior levelEmployment typeEmployment typeFull-timeJob functionJob functionInformation Technology, Research, and Quality AssuranceIndustriesRetail Apparel and Fashion, Retail, and IT Services and IT ConsultingReferrals increase your chances of interviewing at ME+EM Ltd by 2xGet notified about new Information Security Manager jobs in London Area, United Kingdom.London, England, United Kingdom 3 days agoLondon, England, United Kingdom 2 days agoLondon, England, United Kingdom 1 month agoIT Data Protection Security Engineer - Senior ManagerLondon, England, United Kingdom 2 weeks agoManager, Security Governance Risk and Compliance (GRC)Program Manager, Regional Risk and ComplianceLondon, England, United Kingdom 1 day agoIT Procurement Software and Security Category ManagerWatford, England, United Kingdom 3 weeks agoEMEA Senior Manager Compliance (Certifications)London, England, United Kingdom 1 week agoHead of Programme - Justice and Emergency Services and Fraud, BluetownonlineLondon, England, United Kingdom 3 weeks agoLondon, England, United Kingdom 3 days agoGuest Experience Front Office Supervisor Grosvenor SquareLondon, England, United Kingdom 9 hours agoLondon, England, United Kingdom 3 weeks agoLondon, England, United Kingdom 2 weeks agoAssociate/Vice President, Relationship Manager - Commodity Finance (Metals & Agri Team)London, England, United Kingdom 2 weeks agoLondon, England, United Kingdom 1 week agoLondon, England, United Kingdom 1 week agoBusiness Information Security Officer, EuropeLondon, England, United Kingdom 2 weeks agoLondon, England, United Kingdom 2 weeks agoLondon, England, United Kingdom 1 month agoCyber Security Assistant Manager/ManagerLondon, England, United Kingdom 3 days agoLondon, England, United Kingdom 2 weeks agoLondon, England, United Kingdom 1 month agoLondon, England, United Kingdom 2 weeks agoInformation Security Manager - CorporationLondon, England, United Kingdom 2 weeks agoDefence Digital - Cyber Security Lead AdvisorLondon, England, United Kingdom 1 week agoThird Party IT Security Manager (IT) / ContractorInformation Security and Privacy ConsultantLondon, England, United Kingdom 1 week agoHead of Security Architecture & ConsultancyLondon, England, United Kingdom 1 week agoWe’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr