Cyber Security Manager

This role is part of a strategic capability within our Group Cyber Security team, providing support and oversight of our subsidiary businesses. In this role, you will be responsible for building relationships with both cyber and leadership teams in your allocated subsidiaries, supporting their cyber security planning and execution, ensuring they are aligned to the Group cyber security framework and supporting collaboration with the relevant cyber security teams in Tesco Group where applicable.

The role will be based at the Tesco head office in Welwyn Garden City but will require travel to head offices of subsidiary businesses where applicable. You will be required to work closely with cyber and business stakeholders and with the wider Tesco Technology teams where required.

The role will be responsible for guiding security initiatives and coordinating security operations and supporting businesses with any regional security requirements, leveraging Group capabilities if possible. The ideal candidate will have a passion for cyber security that they can translate into business language to raise awareness of what they should be doing from a cyber security perspective and how to embed it into their culture and ways of working.

This role is part of a strategic capability within our Group Cyber Security team, providing support and oversight of our subsidiary businesses. In this role, you will be responsible for building relationships with both cyber and leadership teams in your allocated subsidiaries, supporting their cyber security planning and execution, ensuring they are aligned to the Group cyber security framework and supporting collaboration with the relevant cyber security teams in Tesco Group where applicable.

The role will be based at the Tesco head office in Welwyn Garden City but will require travel to head offices of subsidiary businesses where applicable. You will be required to work closely with cyber and business stakeholders and with the wider Tesco Technology teams where required.

The role will be responsible for guiding security initiatives and coordinating security operations and supporting businesses with any regional security requirements, leveraging Group capabilities if possible. The ideal candidate will have a passion for cyber security that they can translate into business language to raise awareness of what they should be doing from a cyber security perspective and how to embed it into their culture and ways of working.

• Maintaining strong stakeholder relationships, championing and promoting security best practice, and finding opportunities for security to add value within the businesses you support.
• Understanding the security posture of the business and its processes to effectively engage them in security improvement recommendations and cyber risk management.
• Presenting risk‑based security positions and recommendations to management and executive teams.
• Driving information security improvement plans which includes incorporating Tesco Group security requirements for GDPR, PCI, NIS2 and ISO
  27001.
• Ensuring adequate registration, analysis, resolution and reporting of privacy and information security incidents.
• Designing and organising information security assessments, penetration testing, reviews and audits.
• Providing technical oversight of all security tooling and infrastructure services in use; making recommendations on configuration and implementation improvements.
• Owning third‑party vendor management for security services.
• Monitoring and responding to emerging threat patterns, vulnerabilities and anomalies to help the business make informed risk‑based decisions.
• Collaborating with the Tesco Group Cyber Security teams to help ensure the entire Tesco Group is protected against emerging threats.

• Broad and deep cyber/Information Security expertise sufficient to engage with, and provide value and service, to a range of stakeholders.
• Strong working knowledge of security management principles and practices, including but not limited to vulnerability management, detection engineering, application security, identity management, incident…