Cyber Security Manager

People at Pret work hard, have fun, learn a lot and really grow. Right now, we’re looking for a passionate Cyber Security Manager to join us.

Job Purpose

The Cyber Security Manager role will manage the development, implementation, oversight and enhancement of the organisation’s cybersecurity controls to protect its information systems and data. The role will ensure that both on-premise and cloud infrastructure is appropriately secured and that the cybersecurity strategy is executed and maintained, both within technology projects and other business functions. This position reports to the Global Cyber Security Officer and involves leading an outsourced team of security professionals, identifying and managing vulnerabilities and risks, executing security roadmaps and responding to cybersecurity events and incidents that could contribute to a loss of data or system availability.

Relationships

This role will work closely with technical teams, operational teams, franchise partners and other central support teams alike, requiring a blend of hands-on technical work and strategic management to improve the organisation’s cybersecurity posture. Working closely with external suppliers and vendors, the role will lead an outsourced security operations team and ensure that cybersecurity tooling is operating effectively and aligned with business objectives.

Key Duties/Responsibilities

• Strategy & Planning
  • Develop and implement cybersecurity strategies aligned with organisational goals and industry standards.
  • Identify and deploy cybersecurity solutions that balance cost, risk, and organisational needs.
  • Create and execute security roadmaps, ensuring alignment with Agile project delivery methodologies.
  • Work with the Global Information Security Officer to participate in the design and architecture of secure systems, integrating security into the development lifecycle.
• Team Management
  • Lead and manage an outsourced Security Operations Centre (SOC) team and Cyber Security Analysts.
  • Collaborate with internal teams and external vendors to optimise cybersecurity operations.
• Compliance & Risk Management
  • Plan and conduct annual PCI DSS compliance assessments in collaboration with qualified security assessors, maintaining and communicating cybersecurity risk registers to business stakeholders.
  • Perform third-party risk assessments to evaluate vendor security postures and ensure contractual cybersecurity clauses are met.
  • Coordinate internal and external security audits to maintain compliance and improve security posture.
• Technical Operations
  • Configure and manage cybersecurity tools such as anti-virus, EDR, email security systems, firewalls, and IAM systems.
  • Review and report on the effectiveness of existing cybersecurity tools and KPIs to both technical and non-technical audiences.
  • Collaborate with infrastructure teams to ensure timely patching and mitigation of critical vulnerabilities.
• Incident Response
  • Manage cybersecurity incidents from detection through to recovery, providing clear instructions to relevant teams and developing/enhancing incident response playbooks.
  • Participate in resolving critical technical issues to drive swift incident resolution.
• Training & Policy Development
  • Provide training on cybersecurity standards and best practices to various business functions.
  • Develop and update policies, standards, processes, procedures, and technical controls to enhance cybersecurity resilience.
  • Develop and implement security awareness programmes, including regular phishing simulations, to promote best practices and reduce human-related security risks.
• Threat Intelligence
  • Conduct threat modelling and gap analysis of cybersecurity controls and processes, documenting findings and strategic improvements.
  • Continuously identify emerging security threats and develop comprehensive mitigation strategies.
• Committee Participation
  • Actively participate in the Information Security and Data Protection Committee, contributing to organisational security initiatives.

Person specification

• A minimum of 5 years’ experience in a cybersecurity related role, with experience of managing cybersecurity analyst roles or similar.
• BSc or MSc degree level qualification in Cybersecurity, IT or similar.
• Cybersecurity related certifications such as CISM or CISSP.
• Experience of managing and working with an outsourced SOC, and the ability to effectively communicate with and manage organisational vendors.
• Must have hands-on experience configuring a range of cybersecurity tooling and hardening cloud environments, particularly Microsoft Azure.
• Well-versed knowledge of cybersecurity and data protection frameworks including NIST, ISO27001 and DPA.
• Experience managing PCI DSS compliance for an organisation is preferred.
• Proficient at articulating technical cybersecurity concepts and risks to the business in a simple and effective manner, whilst advocating to do the right thing.
• A demonstrable passion for cyber security, infrastructure, and technology concepts.
• Strong business acumen and commercial awareness, able to deliver Cybersecurity proposals with confidence and enthusiasm.
• Diligent with a high attention to detail.
• Self-starter who can thrive with little oversight required and a security-driven mindset.
• Strong interpersonal skills to collaborate with other business departments and find pragmatic solutions to avoid over-restrictive security.
• Excellent time-management and organisational skills to simultaneously manage a variety of tasks, prioritise accordingly and meet dynamic deadlines.
• Able to thrive in a fast paced, regulated business with ambitious growth plans.

Pret Offers

• Competitive salary and annual bonus
• 33 days holiday a year including Bank Holidays
• Private healthcare
• Life assurance
• Pret pension scheme
• Season ticket loan
• Free lunch and drinks
• 50% discount in Pret shops worldwide
• Great reward and recognition events
• Legendary parties

About Progression

Supporting our teams to grow is really important to us, which is why we have a Levelling and Progression framework designed to show how you can work your way up career levels in our Support Centre, showcasing different qualities you need to be brilliant every step of the way. This role is a Level 3 position with no line management responsibility. The salary band for the role is £65,000 - £75,000 per year.