London Head Office, UK
Text size
aA+ aA-
Click here to print

Cybersecurity Operations Manager UK

Country : United Kingdom United Kingdom

Region : London

County : Greater London

Town : London

Category : Production - Quality

Contract type : Permanent

Availability : Full time

Job description

Aesop has carefully cultivated a work environment in which our employees are constantly challenged to do their best. Our company is determinedly creative, intelligent and progressive, and nurtures these qualities by employing people who share our passionate interest in design, innovation, and incisive enquiry across all fields.

Our organisational culture is entirely unique, distinguished by an uncommon blend of courtesy, cordiality and intellectual energy. We seek those who can bring a wealth of life experience and inspired ideas to our table.

In return, we provide comprehensive induction and training programmes, and encourage an inclusive culture that nurtures enduring professional relationships. We also appreciate the benefits that flow from our employees' external pursuits.

We raise our bar high at Aesop and never lower it; this is one of the keys to our success and one of the many reasons why people wish to work here. If you would like to join Aesop, we invite you to peruse our current career opportunities.

The Security Manager is responsible for the implementation and operation of the organisation's security, risk and compliance capabilities across Cyber. The Security Manager will lead the operationalize and maintain of the appropriate security controls, standards, security architecture and risk processes and proactively drive adherence to Cyber Security, Risk and compliance whilst working collaboratively with business and IT stakeholders.

The Security manager will:

  • Ensure an integrated approach with Natura&Co Group and Aesop business towards cyber security, policies and processes with a focus on information management and effective risk-based decision making across the organisation
  • Manage the IT security controls, standards and processes including:
    • Oversee security architecture covering identity and access management
    • Interrogate the effectiveness of the implementation of security controls in support of audit, compliance, information and risk management
    • Support and co-ordinate communication regarding system security requirements, vulnerability analyses and risk assessments
Set, manage and maintain the IT security policies by;

  • Developing and maintaining the Information Security Management Framework and supporting processes
  • Defining and ensuring adherence to security policies and standards and ensure that confidentiality, integrity and availability of the services are maintained
  • Constantly update the security policies to leverage new technology and threat information or compliance changes
Responsible for the day to day management of risk and compliance in the delivery of IT services

  • Manage and maintain the IT security risk management framework and works with key business and IT stakeholders to communicate and manage Security risks.
  • Identify and tackle compliance requirements and build awareness of compliance requirements within the organisation.
  • Co-ordinate activities with internal and external auditors and oversee proactive management and closure of audit and regulator findings


Security Management
  • Proactively maintain IT security including the development of IT security policies, procedures, processes and suitable technologies. Maintain and operate a risk-based approach to the management of IT security ensuring a balance of business outcomes and risk management.

  • Participate in day to day management of IT security and ensuring protection of IT assets & information as well as the prevention and management of breaches.

  • Provides expert advice to internal and external stakeholders on IT security matters and evaluate system security, vulnerability analyses and risk assessments reports. Co-ordinate remediation after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.

  • Supports awareness and effective communications and/or training for the proactive management of IT security.

Information Security Incident Management
Supported by Natura &CO and/or Aesop's SOC (Security Operations Center):
  • Maintain a severity hierarchy for information security incidents to allow accurate classification and categorization of and response to incidents.

  • Working with Group, maintain an incident response plan to ensure an effective and timely response to information security incidents.

  • Maintain or establish processes to ensure the timely identification of information security incidents that could impact the business.

  • Maintain or establish processes to investigate and document information security incidents in order to determine the appropriate response and cause while adhering to legal, regulatory and organizational requirements.

  • Maintain or establish incident notification and escalation processes to ensure that the appropriate stakeholders are involved in incident response management.

  • Support the creation of communication plans and processes to manage communication with internal and external entities.

  • Work with stakeholders to support post-incident reviews to determine the root cause of information security incidents, develop corrective actions, reassess risk, evaluate response effectiveness and take appropriate remedial actions.

  • Maintain integration among the incident response plan, business continuity plan and disaster recovery plan.

Audit, Risk and Compliance
  • Report IT risks and associated information both at an operational and strategic level. Supports the generation of risk mitigation strategy and third-party risk management processes and governance.

  • Works collaboratively with senior business stakeholders within Legal, Risk and Compliance and provides support across all IT functions for IT Risk and compliance.

  • Manage audit requirements across IT security, ensuring respective system owners are delivering against the audit findings. Leads the relationships with internal and external auditors to oversee proactive management and closure of audit and regulator findings.

  • Identifies and tackles compliance requirements and build awareness of compliance requirements within the organisation.

Stakeholder and Relationship Management
  • Develop and maintain productive and collaborative relationships with key stakeholders in order to support achievement of the business and IT priorities.

  • Proactively serve as a trusted advisor and act as the primary point of contact for IT security, risk and compliance across the organisation.

  • Manage external relationships including partners and suppliers to ensure security services are delivering against the intended business and IT outcomes.

  • Extensive experience within IT and Security with relevant experience in an IT security management role.

  • Exposure to a broad range of IT functions and disciplines, with a strong working knowledge of IT governance and/or information governance

  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ASD, COBIT and NIST.

  • Knowledge of enterprise information and cyber security processes, concepts, and best practices, with an exposure to cloud models is desirable.

  • Regulatory compliance knowledge including PCI, knowledge and experience of network and infrastructure security and vulnerabilities is preferred

  • Demonstrated technical expertise in ICT security and the application of ICT security measures.

  • Experience across other security areas including penetration testing, security architecture or design and security governance including

  • IT Risk and/or compliance management experience is preferred

  • CISSP/CISM or equivalent certifications preferred

Aesop is committed to attracting, developing and retaining the very best people by offering a creative and inclusive workplace where talent is truly recognised and rewarded. We are committed to promoting inclusion for all with the belief that diversity, inclusion and belonging plays an important role in the success of our organisation. We actively encourage everyone to consider becoming a part of our journey.
Click here to print