Head of Information Security

As River Island’s Head of Information Security, you’ll play a strategic and hands‑on leadership role in shaping and strengthening our security posture across the business. Reporting to the CIO and working as part of the Technology Leadership Team, you’ll define, embed, and continuously improve River Island’s information security framework — ensuring we remain compliant, resilient, and trusted by our customers, partners, and people. This is a highly visible role, blending strategy and delivery. You’ll oversee security operations, vulnerability management, compliance, and risk governance, while partnering with Technology, Data, Legal, and wider business teams to ensure security is embedded into everything we do — from store systems to eCommerce and cloud platforms.

Responsibilities

• Define, implement, and evolve River Island’s information security strategy in line with business objectives, regulatory obligations, and risk appetite.
• Lead the development and maintenance of Information Security policies, standards, and controls, ensuring alignment with frameworks such as ISO 27001, NIST CSF, and the SANS Top 18.
• Define and report security KPIs/KRIs to senior management and senior leadership representing risk posture, compliance status, and strategic improvement initiatives.
• Own and manage the Information Security Risk Register; ensure risks are assessed, documented, and mitigated effectively.
• Lead compliance efforts across GDPR, PCI DSS, and other applicable regulations.
• Conduct and coordinate enterprise‑wide risk assessments, audits, and internal reviews.
• Champion a pragmatic, risk‑based approach to security — balancing protection, productivity, and customer experience.
• Own and govern IAM standards (RBAC, joiner/mover/leaver, privileged access, MFA, SSO) across corporate, store and customer‑facing platforms.
• Oversee operational security activities, including threat detection, vulnerability management, and incident response.
• Coordinate penetration testing, red‑teaming, and vulnerability remediation across applications, infrastructure, and cloud environments.
• Develop and maintain incident response playbooks and lead investigations where required.
• Partner with our Managed SOC and technology teams to strengthen detection, response, and automation capabilities.
• Embed secure‑by‑design principles and DevSecOps practices across engineering and delivery teams.
• Partner with Legal and the DPO on DPIAs, data transfer assessments and privacy‑by‑design.
• Define and maintain the information classification and handling standard.
• Ensure security controls for customer data, employee data and payment data are implemented and monitored.
• Provide specialist input into solution design, architecture reviews, and third‑party integrations.
• Support major transformation projects, ensuring security controls and data protection measures are built in from the start.
• Oversee third‑party risk management, including supplier due diligence, onboarding, and continuous monitoring.
• Support client assurance and audit activities, providing evidence of River Island’s security posture.
• Maintain trust and transparency in all information security communications internally and externally.
• Drive ongoing maturity of the security function through measurable improvement plans, tooling optimisation, and process automation.
• Promote awareness initiatives and promote a strong security culture across the business.
• Mentor and develop members of the Information Security team.

Qualifications

• Proven experience in a senior information security role, ideally within a complex, multi‑channel retail or technology environment.
• Strong technical grounding across key security domains: network, cloud, endpoint, application, and data security.
• Experience managing or working with vulnerability management tools, SIEM/SOC environments, and incident response processes.
• Familiarity with frameworks and standards such as ISO 27001, NIST, CIS, PCI DSS, and GDPR.
• Excellent communication and stakeholder management skills, with the ability to influence at all levels of the organization.
• Analytical, pragmatic, and calm under pressure — with a focus on enabling the business, not blocking it.

Desired Qualifications

• Security certifications such as CISSP, CISM, or equivalent.
• Experience in retail, eCommerce, or cloud transformation programs.
• Understanding of emerging technologies (AI, machine learning, cloud‑native architectures) and associated security considerations.

About Us

We’re a much‑loved brand with an exciting future. Our Islanders are a diverse bunch of bright, talented people who love working together – and are proud of the work they do. Progression here can take you in all kinds of directions. This is what a career at River Island is like. And this is where yours starts. This role is based at our Head Office in West London.

Benefits

• Generous 50% staff discount so you can treat yourself to the latest products, and a bargain staff shop on site!
• Reducing Islanders everyday expenses through discounts, benefits, financial advice, wellbeing solutions and more through Reward Gateway!
• A free onsite gym, subsidised restaurant & café to fill your needs. Various social events to socialise throughout the year.
• Every family is unique, we support Islanders with all different family setups enhanced maternity, paternity, adoption & fertility treatment.
• Flexible working is a given, on top of payday and summer early finish Friday.
• Give as you earn scheme, a ‘Giver Island’ day each year and receive matched funding.
• Support with upskilling through on‑the‑job training and qualifications. A succession plan if you want to progress.
• A generous bonus scheme & private pension plan.
• The choice to opt in for healthcare through our provider AXA.
• An allowance supporting your commute to work.
• 25 days paid holiday, exclusive of Bank Holidays. With the added option to purchase additional holiday twice a year for whatever the need!

At River Island we are committed to the safeguarding of all of our employees regardless of age or job role. We will fulfil our obligation under the Prevent duty which seeks to stop extremism and extremist views from materialising in our business. We promote and encourage the belief in British Values – including democracy, the rule of law, individual liberty and mutual respect and tolerance of different faiths and beliefs. Our Island is made up of a diverse community, where we all belong and feel part of something bigger. We are committed to equality of opportunity and welcome applications from individuals, regardless of age, gender, ethnicity, disability, sexual orientation, gender identity, socio‑economic background, religion and/or belief. We will consider flexible working requests for all roles unless operational requirements prevent otherwise.