Senior Information Security Manager

We’re iD Mobile, one of the UK’s leading mobile virtual network operators. We launched in May 2015 and have over 2.4 million Pay Monthly customers. We offer everything from super-value Pay-as-you-go and SIM-only deals, right up to the latest smartphones from the big-name manufacturers. We’re delighted about our success so far and have very ambitious plans for the future. iD Mobile is part of Currys PLC, Europe's leading electrical and mobile retailer.

We’re looking to recruit a senior Information Security manager to act as the key interface between iD Mobile, Commercial, IT operations, and Currys information security & risk teams. The role is crucial to ensuring the security and resilience of iD Mobile’s systems, applications, and data and will also lead iD Mobile’s response to the UK Telecommunications (Security) Act (TSA). Knowledge and prior application of the TSA is essential, and a core responsibility will be delivering measurable improvements to iD Mobile’s risk posture against the TSA Security Measures across architecture, delivery, operations, supplier management, and contractual frameworks.

Alongside regulatory experience, the successful candidate will be highly attuned to developments in telecommunications security to ensure iD is always ahead of the game. The role must also have proficiency across a broad range of Information Security domains and act as the “go-to” security leader for all iD Mobile matters. This will include triaging security incidents, interpreting technical vulnerability data and prioritising remediation, assuring security-by-design, and ensuring TSA compliance & risk reduction are built into decision making across the business.

Formative understanding and acquisition of accurate inventories of all iD Mobile systems, architecture, people and processes will be paramount, aided by strong stakeholder management skills to influence steering groups and governance forums. There will also be opportunity to work with senior Currys Infosec colleagues in making operational improvements to security methodologies and drive future security strategy across iD Mobile and the wider Group.

Role overview:

• TSA Compliance & Governance: Lead the development and continuous improvement of the TSA compliance and control framework to improve iD Mobile’s risk posture. Embed TSA requirements & design checkpoints into Architecture Board, Portfolio governance, project teams and change processes. Provide structured TSA reporting, compliance insights, and risk updates to senior leadership and the Board. Deliver TSA-aligned supplier audits and contract uplifts to reduce supply-chain risk exposure. Establish a TSA Steering Forum with defined RACI, KPIs, and governance cadence.
• iD Mobile security leadership: Maintain an in-depth understanding of all iD systems, processes and people through hands-on operations. Act as the Information Security & TSA SME within governance forums. Produce monthly iD Mobile Cyber dashboards, reporting on iD project delivery & assurance, incidents and alerts.
• In conjunction with iD Operations teams: Regularly review IT asset inventories for accuracy and completeness in line with TSA compliance. Annotate inventories with installed security tooling and coverage. Compile a register of iD Mobile third party suppliers, their criticality level and associated risks and any regulatory frameworks (such as TSA) required of them. Maintain an audit-ready evidence repository. Provide security advisory input to Change Approval Board. Collaborate with technical leads, business analysts and project managers on a wide range of technology projects, including software development, package implementations and infrastructure upgrades/changes. Act as a Data Governance champion within iD Mobile ensuring data is classified and processed in an authorised manner.
• In conjunction with Currys Information Security teams: Provide second-line challenge for iD Mobile security incidents, crisis management and resilience planning. Lead post-incident lessons learned reviews and enact improvements in incident playbooks and operational processes to reduce risk. Liaise with Security Operations to identify trending threat patterns, security tool uptime and SLAs. Design and schedule an annual programme of penetration testing / red teaming (TBEST aligned) for relevant iD Mobile environments. Review penetration test, vulnerability scans and exposure management tool output and determine appropriate risk scores and remedial activities. Assist Capex delivery within iD Mobile through provision of non-functional security requirements, RFP scoring, architectural review and presentation to the Data & Security Approval Board. Regularly review the ID Mobile risk register, drive risk closure and management, monitor for ongoing non-compliance, escalating where necessary. Lead the response to regulatory and business-to-business audits and security reviews of iD Mobile operations.

Experience:

• Extensive experience in telecoms, cyber security, operational risk, or regulatory compliance.
• Deep knowledge of the UK Telecommunications (Security) Act and Ofcom Security Measures.
• Strong track record influencing senior governance forums and decision-making bodies.
• Hands-on experience with supplier assurance, third-party risk management, and security audits.
• Ability to drive improvements that strengthen organisational risk posture.
• Certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor.
• Knowledge of MNO/MVNO network environments and telecom operational processes.
• Experience in second-line assurance or internal audit functions.

Join our team and we’ll be with you every step of the way, helping you develop the career you want with new opportunities, on-going training and skills for life. Not only can you shape your own future, but you can help take charge of ours too. As the biggest recycler and repairer of tech in the UK, we’re in a position to make a real impact on people and the planet. Every voice has a space at our table and we’re committed to making inclusion and diversity part of everything we do, including how we strengthen our workforce. We want to make sure you have a fair opportunity to show us your talents during our application process, so if you need any additional assistance with your application please email careers@currys.co.uk and we’ll do our best to help.