Head of Information Security
Department:
Operations
Employment Type:
Permanent - Full Time
Location:
Head Office, Chelsea House
Reporting To:
Simon Pakenham-Walsh
Description
As River Island\'s Head of Information Security, you\'ll play a strategic and hands-on leadership role in shaping and strengthening our security posture across the business.
Reporting to the CIO and working as part of the Technology Leadership Team, you\'ll define, embed, and continuously improve River Island\'s information security framework β ensuring we remain compliant, resilient, and trusted by our customers, partners, and people.
This is a highly visible role, blending strategy and delivery.
You\'ll oversee security operations, vulnerability management, compliance, and risk governance, while partnering with Technology, Data, Legal, and wider business teams to ensure security is embedded into everything we do β from store systems to eCommerce and cloud platforms.
Responsibilities
Define, implement, and evolve River Island\'s information security strategy in line with business objectives, regulatory obligations, and risk appetite.
Lead the development and maintenance of Information Security policies, standards, and controls, ensuring alignment with frameworks such as ISO *****, NIST CSF, and the SANS Top 18.
Define and report security KPIs/KRIs to senior management and senior leadership representing risk posture, compliance status, and strategic improvement initiatives.
Own and manage the Information Security Risk Register; ensure risks are assessed, documented, and mitigated effectively.
Lead compliance efforts across GDPR, PCI DSS, and other applicable regulations.
Conduct and coordinate enterprise-wide risk assessments, audits, and internal reviews.
Champion a pragmatic, risk-based approach to security β balancing protection, productivity, and customer experience.
Own and govern IAM standards (RBAC, joiner/mover/leaver, privileged access, MFA, SSO) across corporate, store and customer-facing platforms.
Oversee operational security activities, including threat detection, vulnerability management, and incident response.
Coordinate penetration testing, red-teaming, and vulnerability remediation across applications, infrastructure, and cloud environments.
Develop and maintain incident response playbooks and lead investigations where required.
Partner with our Managed SOC and technology teams to strengthen detection, response, and automation capabilities.
Embed secure-by-design principles and DevSecOps practices across engineering and delivery teams.
Partner with Legal and the DPO on DPIAs, data
Contact Details:
River Island Clothing Co., Ltd. Recruitment Team
