We’re looking for a passionate and experienced Cyber Security Manager with a proven track record of delivering software solutions to join a new ‘start-up’ division within N Brown.

As a member of the Castle Fintech team, you’ll be at the heart of a unique and exciting venture to assemble a new financial services platform. With a background in technology disruption or financial services (preferably retail credit), you’ll leverage your industry knowledge to design and deliver key security solutions for the platform. Operating like an independent start-up, within an established organisation, you’ll be completely at home with agile frameworks and will fully embrace iterative and flexible delivery approaches.

What type of person are we looking for?

Driven by boundless curiosity and experimentally minded, always starting with ‘why?’.
Tenacious and persistent, willing to go above and beyond to deliver great outcomes.
Focused and decisive, able to ruthlessly prioritise to stay on track.
Energised by collaboration and a champion of radical candour.
Work hard whilst maintain our sense of humour, and don't take ourselves too seriously.
Have a start-up attitude to getting stuff done.

About the Role

We are looking for experienced cyber security specialists, with a track record of facilitating change to help assure our future success in these areas. The Cyber Security Manager will oversee risk assessment and communication related to software and infrastructure vulnerabilities. They will collaborate with teams to identify vulnerabilities, prioritise risks, and improve the vulnerability management process, including continuous scanning and patch management.

The ideal candidate will also have experience of working with and managing third party suppliers operating a Security Operating Centre (SOC).

What will you do as an Cyber Security Manager at N Brown?

Manage Castle Fintech’s ongoing cyber commitments to the business and help deliver operational security control measures, risk & governance frameworks and InfoSec principles and standards.
Help identify emerging security threats, risks and vulnerabilities to ensure appropriate countermeasures and risk mitigations are identified, prioritised and implemented through our cyber detection technologies and governance frameworks.
Provide Cyber Security subject matter expertise across Castle internal stakeholders to ensure the confidentiality, integrity and availability of systems, data and information assets, while working closely with our information security partners to maintain an ahead of the curve approach to industry technologies and threats.
Identify and remove impediments faced by the team by working collaboratively with stakeholders to proactively manage any risks, issues or delays.
To deliver the InfoSec technology roadmap into the business, ensuring our regulatory obligations are met in line with industry best practice.
To help shape and inform ongoing cyber security strategy in an ever-changing digital landscape.
To manage and oversee an appropriate programme of vulnerability and patch management to maintain an informed understanding of our technical control measures.
Define and review key security performance indicators that ensure service delivery and service improvements.
Develop and create reports for management updates and escalations using key program performance metrics.
Build, develop and maintain SOC policies, procedures and processes.
Optimise tools and processes that prepare the SOC to respond to security threats of the future.
Ensure information and security data is continuously collected, correlated and analysed to detect external and internal threats and vulnerabilities to our services.

What skills and experience will you have?

Good working knowledge of AWS security services and implementations, e.g. Security Hub, Control Tower, Organizations, SCPs, IAM entities and policies, Account lockdown and AI/ML tools like Macie and Guard Duty.
You will also understand and maintain security compliance requirements e.g. DPA, GDPR, PCI DSS, SOC1, SOC2 and ISO27001.
To have a personal and corporate awareness of current Information Security Issues, e.g. emerging vulnerabilities and zero-day exploits, and to identify appropriate risk mitigation counter-measures.
Understanding of risk assessment methodologies and the ability to identify, assess, and prioritize security risks to the organization.
Managing third party suppliers including SOC providers.
The ability to work with teams and stakeholders across Castle to promote and facilitate security best practise.
Excellent communication skills to effectively convey complex technical information to non-technical stakeholders, executives, and employees. This includes writing reports, creating policies, and conducting security training.
Ability to analyse complex problems, troubleshoot security incidents, and develop effective solutions to mitigate security risks.

Desirable qualifications:

Certified Information Systems Security Professional (CISSP)
Offensive Security Certified Professional (OSCP)

What’s in it for you?

Hybrid working
24 days holiday (+ 8 bank holidays) with the option to buy an additional 10 days
Annual bonus scheme
Enhanced maternity and adoption leave
Access to Apricity, a self-funding IVF benefit at a reduced rate
Company pension with up to 8% N Brown contribution
Mental Health support both internally and externally, including access to our wellbeing champions and counselling services
A range of financial wellbeing support
Colleague discount across all N Brown brands
Onsite café with subsidised rates and local restaurant discounts!
Life Assurance and Private Medical Insurance
Paid volunteer time – all our colleagues can take a full day paid to volunteer for a charity of their choice

N Brown – who we are and why work for us?

At N Brown, we’re committed to building a diverse workforce and creating an inclusive environment that values equality for all. Our vision is that by ‘championing inclusion, we’ll become the most loved and trusted fashion retailer’. Diversity, Equity, Inclusion and Belonging are, therefore, at the heart of our culture.

We’re a forward-thinking digital retailer with a financial services proposition to be proud of. We’re customer-obsessed, serving them through three core brands: JD Williams, Simply Be, and Jacamo. We’re experienced, with over 160 years of trading under our belt. We’re inclusive, as we believe in fashion without boundaries; and we’re sustainable, striving to make as little impact on the planet as possible.

In May 2024 we were delighted to be named one of The Sunday Times Best Places to Work 2024. We work hard to create a happy and inclusive culture for everyone and we’re so proud to have made this list - as voted for by our very own colleagues!

Ways of Working

We offer hybrid working which varies across the business depending on the role you’re in.. Our Head Office is located in the Northern Quarter in Manchester City Centre. So if you are travelling by train, tram or bus we’re perfectly located, plus we’re surrounded by cool cafes, trendy bars and the best places to eat!

Our full-time working hours are 36.17 per week over 5-days. We don’t have strict working hours therefore there is some flexibility around start and finish times as long as you are meeting the needs of the business.

Our promise to you:

We’re an equal opportunity employer and value diversity. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.

What happens when you apply to a role at N Brown?

As soon as we receive your application, we’ll send you an email to let you know. We always aim to come back to you as soon as possible with an update and we really appreciate you taking the time to apply for a role with us. Good luck!

Cyber Security Manager- Fiintech

Cyber Security Manager- Fiintech