(75B) Cyber Security Manager

People at Pret work hard, have fun, learn a lot and really grow. Right now, we’re looking for a passionate Cyber Security Manager to join us. Job Purpose The Cyber Security Manager role will manage the development, implementation, oversight and enhancement of the organisation’s cybersecurity controls to protect its information systems and data. The role will ensure that both on-premise and cloud infrastructure is appropriately secured and that the cybersecurity strategy is executed and maintained, both within technology projects and other business functions. This position reports to the Global Cyber Security Officer and involves leading an outsourced team of security professionals, identifying and managing vulnerabilities and risks, executing security roadmaps and responding to cybersecurity events and incidents that could contribute to a loss of data or system availability. Relationships This role will work closely with technical teams, operational teams, franchise partners and other central support teams alike, requiring a blend of hands-on technical work and strategic management to improve the organisation’s cybersecurity posture. Working closely with external suppliers and vendors, the role will lead an outsourced security operations team and ensure that cybersecurity tooling is operating effectively and aligned with business objectives. Key Duties/Responsibilities Identify and implement cybersecurity solutions that align with organisational needs whilst balancing cost and risk, and aligning to industry expectations. Management of an outsourced SOC team and Cyber Security Analysts when required. Responsible for planning and contributing to annual PCI DSS compliance assessments working with a qualified security assessor. Continuously advise on PCI DSS compliance. Configuration and management of cybersecurity solutions such as anti-virus and EDR, email security systems, firewalls and IAM systems. Review and report on effectiveness of existing cybersecurity tooling and KPIs to both technical and non-technical audiences. Manage the implementation of new cybersecurity tooling, services and projects; work with business stakeholders and technology teams, both internal and external, to ensure successful implementation in an AGILE project delivery. Responsible for ensuring all cybersecurity risks are communicated to the business in a timely manner, and risk registers are maintained. Provide training on cybersecurity standards and best practices to business functions. Develop and enhance policies and standards, processes, procedures and technical controls to strengthen Cybersecurity capabilities and resilience to cyber threats. Manage cybersecurity incidents and perform hands-on activity as required to resolve from detection through to recovery, whilst ensuring that relevant teams have clear instructions. Participate in other critical technical issues as required to drive a resolution. Develop and improve cybersecurity incident response playbooks. Collaborate with the infrastructure team members to ensure critical vulnerabilities are patched or mitigated in a timely manner. Perform threat modelling and gap analysis of cybersecurity controls and processes and document this, alongside strategic improvements. Continuously identify emerging security threats and develop comprehensive mitigation strategies for the business. Participate in and contribute to the Information Security and Data Protection Committee. Perform third-party risk assessments to evaluate vendor security posture and compliance, and review contracts to ensure relevant cybersecurity clauses are included. Person specification A minimum of 5 years’ experience in a cybersecurity related role, with experience of managing cybersecurity analyst roles or similar. BSc or MSc degree level qualification in Cybersecurity, IT or similar. Cybersecurity related certifications such as CISM or CISSP. Ability to effectively communicate with and manage vendors, including an outsourced SOC team. Hands-on experience configuring a range of cybersecurity tooling and hardening cloud environments, particularly Microsoft Azure. Well-versed knowledge of cybersecurity and data protection frameworks including NIST, ISO27001 and DPA. Proficient at articulating technical cybersecurity concepts and risks to the business in a simple and effective manner, whilst advocating to do the right thing. A demonstrable passion for cyber security, infrastructure, and technology concepts. Strong business acumen and commercial awareness, able to deliver Cybersecurity proposals with confidence and enthusiasm. Diligent with a high attention to detail. Self-starter who can thrive with little oversight required and a security-driven mindset. Strong interpersonal skills to collaborate with other business departments and find pragmatic solutions to avoid over-restrictive security. Excellent time-management and organisational skills to simultaneously manage a variety of tasks, prioritise accordingly and meet dynamic deadlines. Able to thrive in a fast paced, regulated business with ambitious growth plans. Pret Offers Competitive salary and annual bonus. 33 days holiday a year including Bank Holidays. Private healthcare. Life assurance. Pret pension scheme. Season ticket loan. Free lunch and drinks. 50% discount in Pret shops worldwide. Great reward and recognition events. Legendary parties. About Progression Supporting our teams to grow is really important to us, which is why we have a Levelling and Progression framework designed to show how you can work your way up career levels in our Support Centre, showcasing different qualities you need to be brilliant every step of the way. This role is a Level 3 position with no line management responsibility. At Pret, we embrace a hybrid working model, with our team spending three days a week in the office. The deadline for applications for this role is

Thursday 23rd January 2025.

#J-18808-Ljbffr