Head of Information Security (HO0256)


Head of Information Security

  • Location:
    Head Office Baker Street
  • Business Area:
    Technology (IT)
  • Department:

Head of Information Security

The Head of Information Security is responsible for establishing and executing against the organisation’s information and cyber security strategy. This position is varied and as the head of House of Fraser’s information Security function, you would be responsible for identifying key information security risks across the enterprise and implementing appropriate controls to reduce the organisations risk exposure. There is also a requirement to develop a plan / maintain PCI compliance, and support Legal and internal functions with GDPR compliance. You will also be leading the BISP programme helping to deliver key cyber security capabilities into the organisation. This is a senior position, and requires a visionary leader whom will be proactive in building relationships with key stakeholders across the business. The candidate will also have board level exposure and influence, with experience of managing others in the information security field.

Key Responsibilities Include:

Assess & Manage Risks

  • Conduct enterprise level information security risk assessments to assess the Confidentiality, Integrity and Availability of information assets and Infrastructure.
  • Identify information security risks across the business and ensure they are captured and scored on our risk register e.g. inherent risk, residual risk, controls maturity, treatment plans etc.
  • Engage stakeholders across the business to understand the House of Fraser estate and ensure risks are accurately captured and tracked.
  • Articulate complex risks in business friendly terminology to senior and executive stakeholders to agree risk ownership and treatment
  • Lead enterprise level information security and risk forums to discuss and progress the overall information security strategy for House of Fraser.

Incident Management

  • Identify / be the escalation / co-ordination point for information security related incidents
  • Effect a commensurate response to information security events and incidents to ensure the protection of information assets and infrastructure
  • Develop incident ‘Playbooks’ to ensure adequate response procedures for cyber-attacks and data breach scenarios
  • Improve the online security of the House of Fraser web platform to reduce the likelihood of cyber attacks
  • Conduct incident ‘post mortem’ activities to understand root cause, steps taken and measures to improve our incident response procedures
  • Liaise with external vendors and perform OSINT sweeps to gather intelligence on threat climate and threat actors whom may be of concern to House of Fraser

Supplier Assurance

  • Manage and oversee our third party vendors responsible for the provision of Information security related services e.g. Penetration testing, vulnerability scans etc
  • Perform risk assessments and assurance activities against potential and existing third parties to reduce the introduction of risk into the business
  • Consult and advise on internal projects to ensure adherence to information security requirements in line with security & privacy by design principle.
  • Regularly audit, assess and evaluate any risks associated with the outsourcing of information processing with existing, and new third parties
  • Effectively manage  and negotiate with third parties for the provision of information security related services that either replace or supplement internal team resources

Policies & Compliance

  • Lead the organisation to become / maintain PCI DSS compliance across multiple payment channels
  • Develop / streamline information security policies to ensure compliance against industry standards e.g. PCI DSS / GDPR / ISO 27001 / ISF SoGP etc.
  • Lead the Security Awareness & Training initiative to improve information security behaviours and promote a more risk aware culture
  • Ensure that all parts of the business are compliant with all relevant data protection and privacy laws / industry best practices
  • Conduct periodic access recertification reviews to prevent ‘privilege creeping’ and ensure an effective joiners, movers and leavers process

Leading & Managing People

  • Set objectives and conduct performance reviews for direct reports
  • Offer a supportive, coaching style, proactively encouraging personal and professional development and achievement in direct reports
  • Ensure effective communication at all levels both internally and externally
  • Build an effective and motivational team environment, aligning behaviours, values and performance expectations across the team to deliver exceptional results
  • Provide regular briefings to all team members on information security, performance and priorities, progress of initiatives and other corporate communications
  • Develop and implements secure solutions designed to improve the quality of service we deliver to all our customers, external, internal and business partners

Transformation Program

  • Manage and spearhead the Information Security BISP (Business Information Security Programme) transformation.
  • Provide subject matter guidance on projects ensuring information security requirements are captured and integrated into designs and deliverables.
  • Support the programme manager in championing further information security endeavours, managing budgets and assembling proposals to progress information security capabilities
  • Provide approval / decisions for project to progress / adjust based on business requirements

Leadership Behaviours Required:

  • A dynamic and ambitious leader who demonstrates a level of gravitas commensurate with a senior leadership role, while also being able to engage effectively at all levels of the organisation
  • A proactive, energetic, pragmatic, hardworking individual with strong people and team building  skills
  • Provides clear vision and direction, inspiring and engaging individuals and the team to deliver excellence
  • Constructively challenges convention and seeks new ways of achieving better results by taking alternative paths, whilst behaving consistently and with professional integrity at all times
  • Demonstrates sound and pragmatic judgement, balancing pace, risk and business value to reach decisions which are well informed, rigorous and actionable
  • Leads with determination and drive, taking initiative willingly, acting with both sensitivity and self-assurance to achieve results
  • Is proactive in defining, planning and delivering change to achieve targets and objectives which realise beneficial outcomes
  • Respects individual’s views and positively encourages and contributes to a learning environment in which individuals are supported to develop to their full potential and excel in role
  • Ability to be flexible within a changing environment and responsibilities within the role

Experience Required:

  • Experience in managing an information security team and third party / off shore resources.
  • At least one of the following Cyber security qualifications; CISSP, CISM, SABSA, CRISC, SSCP, CEH, GIAC, GPEN, MoR, ISO 27001 Lead Implementer.
  • Have experience in using industry tools and delivering transformation programs aligned against industry standards e.g. Cyber Essential+, ISO 2700, ISF SoGP, PCI DSS, NIST etc.
  • Technical knowledge and understanding of PCI DSS factors e.g. EPoS, CDE, Firewalls, Cloud infrastructure (MS Azure) etc.
  • Knowledge and understanding of managing risk registers and discussing risks at board level
  • Experience of working within a fast paced, multi payment channel and customer focused organisations, ideally within the retail sector
  • Knowledge of Information Security tools and concepts such as HIPS/IDS/Firewalls/AV/WAF etc.
  • A flexible and adaptable approach to change while supporting others to behave and operate in a similar way.
  • Self-Awareness with confidence to work independently and support the development of others in the information security team
  • Excellent written and spoken communication skills; an ability to communicate with impact, ensuring complex information is articulated in a meaningful way to wide and varied audiences
  • Good influencing, negotiating and problem solving skills
  • Positive “Can do” attitude in working with others to bring about resolution to tasks and issues


Close map
Head Office Baker Street
27 Baker Street, London, United Kingdom, W1U 8AH
Share this page
Rate this page