×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant IT Project Manager

Head of Information Security

Job in Greater London, London, Greater London, EC1A, England, UK
Listing for: River Island Clothing Co., Ltd.
Full Time position
Listed on 2026-01-15
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, IT Project Manager
Salary/Wage Range or Industry Benchmark: 150000 - 200000 GBP Yearly GBP 150000.00 200000.00 YEAR
Job Description & How to Apply Below
Location: Greater London

Head of Information Security

Department: Operations

Employment Type: Permanent - Full Time

Location: Head Office, Chelsea House

Reporting To: Simon Pakenham-Walsh

Description

As River Island’s Head of Information Security, you’ll play a strategic and hands‑on leadership role in shaping and strengthening our security posture across the business.

Reporting to the CIO and working as part of the Technology Leadership Team, you’ll define, embed, and continuously improve River Island’s information security framework — ensuring we remain compliant, resilient, and trusted by our customers, partners, and people.

This is a highly visible role, blending strategy and delivery. You’ll oversee security operations, vulnerability management, compliance, and risk governance, while partnering with Technology, Data, Legal, and wider business teams to ensure security is embedded into everything we do — from store systems to eCommerce and cloud platforms.

Responsibilities
  • Define, implement, and evolve River Island’s information security strategy in line with business objectives, regulatory obligations, and risk appetite.
  • Lead the development and maintenance of Information Security policies, standards, and controls, ensuring alignment with frameworks such as ISO 27001, NIST CSF, and the SANS Top 18.
  • Define and report security KPIs/KRIs to senior management and senior leadership representing risk posture, compliance status, and strategic improvement initiatives.
  • Own and manage the Information Security Risk Register; ensure risks are assessed, documented, and mitigated effectively.
  • Lead compliance efforts across GDPR, PCI DSS, and other applicable regulations.
  • Conduct and coordinate enterprise‑wide risk assessments, audits, and internal reviews.
  • Champion a pragmatic, risk‑based approach to security — balancing protection, productivity, and customer experience.
  • Own and govern IAM standards (RBAC, joiner/mover/leaver, privileged access, MFA, SSO) across corporate, store and customer‑facing platforms.
  • Oversee operational security activities, including threat detection, vulnerability management, and incident response.
  • Coordinate penetration testing, red‑teaming, and vulnerability remediation across applications, infrastructure, and cloud environments.
  • Develop and maintain incident response playbooks and lead investigations where required.
  • Partner with our Managed SOC and technology teams to strengthen detection, response, and automation capabilities.
  • Embed secure‑by‑design principles and Dev Sec Ops  practices across engineering and delivery teams.
  • Partner with Legal and the DPO on DPIAs, data transfer assessments and privacy‑by‑design:
    • Define and maintain the information classification and handling standard.
    • Ensure security controls for customer data, employee data and payment data are implemented and monitored.
  • Provide specialist input into solution design, architecture reviews, and third‑party integrations.
  • Support major transformation projects, ensuring security controls and data protection measures are built in from the start.
  • Oversee third‑party risk management, including supplier due diligence, onboarding, and continuous monitoring.
  • Support client assurance and audit activities, providing evidence of River Island’s security posture.
  • Maintain trust and transparency in all information security communications internally and externally.
  • Drive ongoing maturity of the security function through measurable improvement plans, tooling optimisation, and process automation.
  • chapa promotion awareness initiatives and promote a strong security culture across the business.
  • Mentor and develop members of the Information Security team.
Qualifications
  • Proven experience in a senior information security role, ideally within a complex, multi‑channel retail or technology environment.
  • Strong technical grounding across key security domains: network, cloud, endpoint, application, and data security.
  • Experience managing or working with vulnerability management tools, SIEM/SOC environments, and incident response processes.
  • Familiarity with frameworks and standards such as ISO 27001, NIST, CIS, PCI DSS, and GDPR.
  • Excellent communication and stakeholder management skills, with…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search