Senior Information Security Manager in City of Westminster

We are looking to recruit a senior Information Security manager to act as the key interface between iD Mobile, Commercial, IT operations, and Currys information security & risk teams. The role is crucial to ensuring the security and resilience of iD Mobile's systems, applications, and data and will also lead iD Mobile's response to the UK Telecommunications (Security) Act (TSA). Knowledge and prior application of the TSA is essential, and a core responsibility will be delivering measurable improvements to iD Mobile's risk posture against the TSA Security Measures across architecture, delivery, operations, supplier management, and contractual frameworks.

Alongside regulatory experience, the successful candidate will be highly attuned to developments in telecommunications security to ensure iD is always ahead of the game. The role must also have proficiency across a broad range of Information Security domains and act as the 'go-to' security leader for all iD Mobile matters. This will include triaging security incidents, interpreting technical vulnerability data and prioritising remediation, assuring security-by-design, and ensuring TSA compliance & risk reduction are built into decision making across the business.

Formative understanding and acquisition of accurate inventories of all iD Mobile systems, architecture, people and processes will be paramount, aided by strong stakeholder management skills to influence steering groups and governance forums. There will also be opportunity to work with senior Currys Infosec colleagues in making operational improvements to security methodologies and drive future security strategy across iD Mobile and the wider Group.

• TSA Compliance & Governance: Lead the development and continuous improvement of the TSA compliance and control framework to improve iD Mobile's risk posture.
• Embed TSA requirements & design checkpoints into Architecture Board, Portfolio governance, project teams and change processes.
• Provide structured TSA reporting, compliance insights, and risk updates to senior leadership and the Board.
• Deliver TSA-aligned supplier audits and contract uplifts to reduce supply-chain risk exposure.
• Establish a TSA Steering Forum with defined RACI, KPIs, and governance cadence.
• Maintain an in-depth understanding of all iD systems, processes and people through hands-on operations.
• Act as the Information Security & TSA SME within governance forums.
• Produce monthly iD Mobile Cyber dashboards, reporting on iD project delivery & assurance, incidents and alerts.
• Regularly review IT asset inventories for accuracy and completeness in line with TSA compliance.
• Compile a register of iD Mobile third party suppliers, their criticality level and associated risks and any regulatory frameworks (such as TSA) required of them.
• Maintain an audit-ready evidence repository.
• Provide security advisory input to Change Approval Board.
• Collaborate with technical leads, business analysts and project managers on a wide range of technology projects, including software development, package implementations and infrastructure upgrades/changes.
• Act as a Data Governance champion within iD Mobile ensuring data is classified and processed in an authorised manner.
• Provide second-line challenge for iD Mobile security incidents, crisis management and resilience planning.
• Lead post-incident lessons learned reviews and enact improvements in incident playbooks and operational processes to reduce risk.
• Liaise with Security Operations to identify trending threat patterns, security tool uptime and SLAs.
• Design and schedule an annual programme of penetration testing / red teaming (TBEST aligned) for relevant iD Mobile environments.
• Review penetration test, vulnerability scans and exposure management tool output and determine appropriate risk scores and remedial activities.
• Assist Capex delivery within iD Mobile through provision of non-functional security requirements, RFP scoring, architectural review and presentation to the Data & Security Approval Board.
• Regularly review the iD Mobile risk register, drive risk closure and management, monitor for ongoing non-compliance, escalating where necessary.
• Lead the response to regulatory and business-to-business audits and security reviews of iD Mobile operations.

• Extensive experience in telecoms, cyber security, operational risk, or regulatory compliance.
• Deep knowledge of the UK Telecommunications (Security) Act and Ofcom Security Measures.
• Strong track record influencing senior governance forums and decision-making bodies.
• Hands-on experience with supplier assurance, third-party risk management, and security audits.
• Ability to drive improvements that strengthen organisational risk posture.
• Certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor.
• Knowledge of MNO/MVNO network environments and telecom operational processes.
• Experience in second-line assurance or internal audit functions.