Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead cyber risk assessments and improve security controls across the organisation.
- Company: Join Tesco, a leading retailer committed to serving customers and communities sustainably.
- Benefits: Enjoy a competitive salary, annual bonus, 25+ days holiday, private medical insurance, and flexible working options.
- Why this job: Be part of a diverse team driving impactful cyber risk management in a supportive culture.
- Qualifications: Experience in security controls, IT risk management, and relevant professional qualifications are essential.
- Other info: Flexible working patterns available, combining office and remote work for a balanced lifestyle.
The predicted salary is between 43200 - 72000 £ per year.
About the role
This is a fantastic opportunity to join Tesco\’s Cyber Assurance team, part of the wider Cyber Risk function. The Cyber Assurance team is our second line in Technology working with stakeholders to ensure the implementation of proportionate controls to mitigate Tesco\’s cyber risk exposure. As a Senior Cyber Risk and Assurance Manager, you are responsible for continually improving insights in your area of specialism and driving process/tooling improvements as required to achieve security outcomes. You will need to work with cross-functional stakeholders to break down complex problems and identify possible solutions. You will also support team members and stakeholders seeking help with matters relating to management of cyber risk.
What is in it for you
We\’re all about the little helps. That\’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more!
- Annual bonus scheme of up to 20% of base salary
- Holiday starting at 25 days plus a personal day (plus Bank holidays)
- Private medical insurance
- 26 weeks maternity and adoption leave (after 1 years\’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 4 weeks fully paid paternity leave
- Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
You will be responsible for
– Maintain up-to-date understanding of cyber threat landscape and applicable laws and regulations (e.g. NIS1/NIS2, GDPR) and work closely with technology, business and legal stakeholders to ensure cyber risks are understood, considered and managed
– Lead, plan and conduct complex cyber risk assessments (aligned to industry-recognised frameworks) for the Group and its subsidiaries to agreed time and quality standards, including testing and concluding on the design and operating effectiveness of key cyber controls
– Ensure delivery of high quality assessment reports with clear conclusions and recommendations to enable stakeholders to make timely risk-based decisions
– Identify and drive initiatives to improve control effectiveness/compliance across cyber domains such as identity & access management, network security, endpoint security, application security
– Engage stakeholders across Security, wider Technology and the business to assess the impact of deficient controls, identify and prioritise remediation actions and track them to completion
– Build strong relationships with Security and Technology colleagues as well as Legal, Internal Audit and other business teams to drive effective risk management
– Identify and implement process improvement opportunities across various initiatives within the Cyber Risk and Assurance team
This role requires hands-on involvement in the execution of work/projects as well as occasional management of team members on delivery of projects/initiatives.
You will need
– Experience validating the effectiveness of security controls through manual and automated approaches across a variety of technologies, products and hosting environments. Strong background in the following desirable:
a) Cloud Security (e.g. Azure)
b) Network Security (e.g. Firewalls, Remote Access, DDoS Prevention)
c) Identity & Access Management
– Hands on experience with different security frameworks and standards such as ISO 27001, NIST CSF, CIS, NCSC CAF (e.g. controls testing, gap assessments)
– Experience and knowledge of information security related laws and regulations such as NIS/NIS2 and GDPR
– IT audit and/or IT risk management, governance, compliance
– Critical thinking with strong attention to detail and good organisational skills
– Strong written, verbal communication and presentation skills, working with all levels of seniority and disciplines within the organisation
– Able to build solid working relationships with peers as well as internal and external stakeholders
– At least one relevant professional qualification such as CISA, CISM, Security+, CRISC, CISSP or equivalent
About us
Our vision at Tesco is to become every customer\’s favourite way to shop, whether they are at home or out on the move. Our core purpose is \’Serving our customers, communities and planet a little better every day\’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.
We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We\’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We\’re proud to have been accredited Disability Confident Leader and we\’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.
We\’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern – combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the Hiring Manager about how this can work for you – Everyone is welcome at Tesco.
- We prioritise your well-being with a comprehensive range of benefits designed to support you both personally and professionally.
- Reading, Cambridge, Luton, Southampton, UK
- We prioritise your well-being with a comprehensive range of benefits designed to support you both personally and professionally.
- Reading, Cambridge, Luton, Southampton, UK
#J-18808-Ljbffr
Senior Cyber Risk and Assurance Manager employer: Tesco UK
Contact Detail:
Tesco UK Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Cyber Risk and Assurance Manager
✨Tip Number 1
Familiarise yourself with the latest cyber threat landscape and relevant regulations like NIS2 and GDPR. This knowledge will not only help you in interviews but also demonstrate your commitment to staying updated in the field.
✨Tip Number 2
Network with professionals in the cyber risk and assurance space, especially those who have experience with Tesco or similar organisations. Engaging with them can provide insights into the company culture and expectations for the role.
✨Tip Number 3
Prepare to discuss specific frameworks and standards you've worked with, such as ISO 27001 or NIST CSF. Be ready to share examples of how you've validated security controls and driven process improvements in previous roles.
✨Tip Number 4
Showcase your ability to build relationships across various teams. Think of examples where you've collaborated with stakeholders from different departments to address cyber risks, as this is crucial for the role at Tesco.
We think you need these skills to ace Senior Cyber Risk and Assurance Manager
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in cyber risk management and assurance. Focus on your hands-on experience with security frameworks, cloud security, and your ability to conduct complex risk assessments.
Craft a Compelling Cover Letter: In your cover letter, express your passion for cyber security and how your skills align with Tesco's mission. Mention specific examples of how you've improved control effectiveness or managed cyber risks in previous roles.
Showcase Your Qualifications: Clearly list any relevant professional qualifications such as CISA, CISM, or CISSP. Highlight how these qualifications have equipped you to handle the responsibilities outlined in the job description.
Demonstrate Communication Skills: Since strong communication is key for this role, ensure your application reflects your ability to convey complex information clearly. Use concise language and structure your application logically to showcase your organisational skills.
How to prepare for a job interview at Tesco UK
✨Understand the Cyber Threat Landscape
Make sure you have a solid grasp of the current cyber threat landscape and relevant laws like GDPR and NIS. Being able to discuss these topics confidently will show your expertise and readiness for the role.
✨Demonstrate Your Technical Knowledge
Prepare to discuss your experience with security frameworks such as ISO 27001 or NIST CSF. Be ready to provide examples of how you've validated security controls in previous roles, especially in cloud and network security.
✨Showcase Your Communication Skills
As this role involves working with various stakeholders, practice articulating complex cyber risk concepts in simple terms. Highlight your ability to build relationships and communicate effectively across different levels of an organisation.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your critical thinking and problem-solving skills. Think about past experiences where you identified and implemented process improvements in cyber risk management, and be ready to share those stories.
