Information & Cyber Security Risk Specialist

Reference: REQ004110

Seasalt is a modern Cornish company with an ambitious vision. As a successful omnichannel retailer spanning our website, over 70 shops and 400 wholesale stockists. We are always challenging ourselves to think creatively, innovate and improve.

As an Information & Cyber Security Risk Specialist you'll deliver holistic Information & Cyber Security and Risk Management compliance to the operations of Seasalt. Make decisions, continuously improve and share findings and insights with stakeholders together with clear recommendations for action that address root causes of any areas of improvement identified. Be a valuable business partner and provide advice, consultation and assistance on compliance, risks, controls, policies, and procedures.

This role is offered as a full time, permanent position and can be based remotely within the UK, with occasional travel to our Cornwall head offices as needed.

Please note, you must reside in the UK. We are unable to provide visa sponsorship.

You'll help us by:

Deputising for and undertaking work as instructed by the SISO (Senior Information Security Officer) as the lead for Information & Cyber Security, and Risk Management making appropriate business level security and risk decisions where required.

Being accountable for the continuous monitoring of Information Security and Privacy utilising the NIST, ISO27001, Data Protection and industry frameworks enabling proportionate and practical actions that address root causes and follow up through to action implementation

Contributing and be responsible for the implementation of Information & Cyber Security Policies in line with current industry best practice and frameworks. Understanding security, systems and potential data sources to support information & cyber security, audit and risk work. Be able to analyse data and identify key themes and trends.

Vendor selection for Information & Cyber Security compliance, including third party software and tools suppliers Collaborate with Information Security & Compliance Officer in the production, development and delivery of risk management and information & cyber security training/awareness products, promote the need for information and cyber security across Seasalt.

You'll be the accountable stakeholder during security incidents as part of the incident response plan directing on Information & Cyber Security with responsibility for the approval and guidance of SyOPs and SOPs - Security / Standard Operating Procedures

Leading the decommissioning process for systems to ensure all stakeholders and business owners understand the associated process and compliance related to data and technical provision.

Being accountable for compliance with the Risk Management Framework (RMF) and the collation of actions for all corporate and departmental risks utilising Seasalt's risk management system. Ensuring robust review and prioritisation of risks for the Executive Team and Group Board. Sustaining continuous improvement for Risk Management.

You'll be accountable for the planning, management and delivery of audit schedules, audits and reviews to test robustness of risk mitigation controls and ensure for compliance with information security policies, procedures and legislative requirements, in order to maintain acceptable levels of Confidence, Integrity and Availability of information of systems.

Deliver and continuously improve compliance with RMF, PCI-DSS, Cyber Essentials, NIST, ISO27001 and other relevant certifications with accountability for compliance.

Continually engaging with business teams to identify weaknesses and vulnerabilities in current activities and conduct risk assessments (including security) for new and existing services, applications and suppliers, whilst providing guidance on best practice in preparation for risk assurance and information security assurance.

The skills you'll be sharing with the team:

• Proven and substantial experience in Information Security and associated frameworks with a minimum of three years
• Undertaking internal and third-party audits covering IT governance and information security controls
• Understanding assessment of information systems processes, IT services and associated systems threats, vulnerabilities and security risks
• Appreciation of evolving threat landscapes, cyber-attack techniques and how protective monitoring systems can be used for detection, mitigation, remediation and protection
• Proven experience and understanding of data privacy laws such as GDPR and ability to carry out compliance audits as required by these laws
• Awareness of maintaining PCI DSS and industry standards for information security and data protection
• A good working knowledge of 3 or more of the following systems:

Risk Management

Networking protocols

Data loss prevention techniques

Intrusion detection systems

Awareness and training delivery and implementation techniques

Audit and compliance standards

• Excellent verbal, written communication and influencing skills with the ability to gain buy-in to drive improvements forwards
• Able to deliver bespoke information and cyber security awareness to Seasalt staff
• Excellent analytical skills, a logical problem solver
• Self-motivated and able to work independently

Some out-of-hours work may be required to fulfil the responsibilities of the role

Why we hope you'll love working with us:

The success of Seasalt is down to the skill and hard work of our team. We don't just want to attract the best and brightest people to come and work with us, we want you to stay and grow with us. From the moment your Seasalt journey begins, it's our pledge to support you by providing dedicated learning and development opportunities that will enhance your day-to-day working life and help you build your skills and knowledge.

As well as doing everything we can to boost your development professionally, we believe encouraging personal growth is just as important. So you can fulfil your passion and purpose, not just at work but in life, we offer a range of benefits that are designed to enhance your career and wellbeing:

• Salary: £35,000 - £40,000 pa depending on experience (Band 3)
• 34 days paid annual leave (including bank holidays), increasing with length of service
• Attractive 50% employee discount
• Flexible benefits allowance to personalise your benefits package
• Private Medical Scheme including 24/7 virtual GP
• Free access to our Employee Assistance Programme through Retail Trust with 24/7 support
• Pension plan with generous 7% employer contributions
• Life assurance programme
• Enhanced family leave policies
• Flexible working opportunities with our 'blended' working approach
• Learning and Development opportunities including specialist training, coaching opportunities, and professional qualification support
• Paid volunteering opportunities
• Employee networks to develop and provide support to our people, including the Inclusion Network and Culture Crew
• 100s of savings on top retailers and gym memberships through our discount hub

At Seasalt we have a brilliant team of people - they're what make Seasalt a fantastic place to work. We love to celebrate uniqueness and are committed to making Seasalt a place where everyone feels they belong. As an inclusive employer, we want to invite a diverse range of candidates to apply for our roles.

We aim to work flexibly where possible and value a range of perspectives -diversity of thought helps us to grow - so please apply if this is a role that would make you excited to come to work every day. We're happy to help with any adjustments to our recruitment process and beyond. Just drop us an email at [email protected]