Information Security Operations Manager

Reporting to: Information Technology

Location: Head Office, White City Place, West London

Contract Type: Full time, 37.5 hours per week

About Us: ME+EM is one of the UK’s fastest-growing luxury fashion brands. In addition to a thriving global digital presence, we operate flagship stores in London and Edinburgh, concessions within Harrods and Selfridges, and have recently expanded with new store openings in the U.S. At ME+EM we are an entrepreneurial, creative, and passionate group of people. We work hard, are enthusiastic to learn and are not afraid to take risks. Everyone contributes to our success at all levels, and that precisely what makes being a member of the team so rewarding. Our office and stores are always busy and fast paced, but we work just as hard to make sure it’s fun, with social activities and biannual parties. We pride ourselves on being approachable, supportive, and welcoming and ensure that everyone’s hard work is rewarded. It takes all these things to build a strong, successful business and our door is always open to new talent ready to contribute to our growth and evolution.

About the Role: As ME+EM continues its rapid global expansion, protecting our brand identity, our intellectual property, and our customers’ data is paramount. We are looking for an operational leader to head our small but focused Information Security team. This is a "Player-Coach" role. You will line manage a talented Engineer and Analyst while remaining technically active, coordinating complex security projects across a range of departments. You are the bridge between high-level risk management and technical execution, ensuring that security enables - rather than hinders - our global growth.

Job Responsibilities:

• Direct Management: Lead, mentor, and set the roadmap for the Information Security Engineer and Analyst. Focus on career development and technical cross-skilling.
• Workflow Management: Act as the "Traffic Controller" for the team, using Kanban to prioritise high-value tasks and ensuring the team stays focused on meaningful risk reduction rather than just "noise."
• Cross-Functional Liaison: Partner with teams across the business to ensure "Security by Design" is integrated into every new project.
• Third-Party Risk Management (TPRM):

• Vendor Due Diligence: Own the end-to-end security assessment process for all new global partners (e.g., SaaS providers, 3PL warehouses, marketing agencies).
• Continuous Monitoring: Implement a "Tiered Risk" framework to monitor existing partners, ensuring critical vendors meet our encryption, data handling, and availability standards.
• Supply Chain Resilience: Assess the security posture of third-party APIs and integrations to prevent data leaks or service disruptions.

• Incident Commander: Lead the response to information security incidents. Act as the primary escalation point, coordinating containment while providing clear, non-technical updates to business leadership.
• Tooling & Automation: Oversee the optimisation of our security stack. Work with the Engineer to automate repetitive tasks and with the Analyst to improve threat detection accuracy.
• Vulnerability Management: Oversee our global scanning programme. Prioritise remediation based on business impact - ensuring our systems and infrastructure remain resilient.

• Pentest Ownership: Own the global Penetration Testing schedule, ensuring all critical outward-facing assets (website, head office, stores) are tested regularly.
• Continuous Testing: Implement and oversee Continuous Security Testing or Attack Surface Management tools to identify vulnerabilities in real-time as our digital footprint scales.
• Remediation Management: Don’t just "pass the report" to IT; work with the Engineer and Developers to validate fixes and ensure that high-risk findings are closed out within agreed SLAs.

• Brand Protection: Manage DMARC and anti-phishing tools to defend ME+EM customers from fraudulent "copycat" websites and email scams.
• Global Data Privacy: Ensure our operations remain compliant with UK/EU GDPR and PCI-DSS 4.0 as we scale into the US and other international markets.
• Policy Maintenance: Ensure internal security policies are practical, up-to-date, and understood by the wider business.

The Ideal Candidate:

• The Background: Experience in Cyber Security. You’ve likely been an Analyst or Engineer yourself and are ready to lead without losing your technical edge.
• The Mindset: You understand that in a fast growing luxury fashion brand, our ability to move quickly is everything. You can design solutions that maintain security without compromising on the businesses ability to deliver for our customers.
• The Tech Stack: Experience with enterprise Cloud Security (Google and Microsoft), EDR (e.g., SentinelOne), and SIEM.
• Communication: You can explain a "SQL Injection" to a developer and a "Supply Chain Risk" to a Creative Director with equal clarity.

Employee Benefits:

• 33 days annual leave for full time employees (25 days holiday + 8 bank holidays)
• A day off to celebrate your birthday.
• Pension Scheme
• Group Life Insurance
• Employee Assistance Programme (EAP)
• Length of Service Award
• Refer a Friend Scheme
• Generous Staff and Friends and Family Discount
• Cycle to Work Scheme
• Eye Care Vouchers
• Real Living Wage Employer
• Employee led committees
• Social events and biannual parties
• Enhanced maternity and paternity package after 2 years of service.

ME+EM is an equal opportunities employer committed to fostering and preserving a culture of diversity, equality, and inclusion in our workforce. As an equal opportunities’ employer, we do not discriminate against applicants based on race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We believe that diversity enriches our workforce and strengthens our organisation. Therefore, we encourage minorities, LGBTQ+ candidates, and individuals with disabilities to apply for opportunities within our company.