Cyber Security Manager

Salary Up to £85,000 + Excellent Benefits
Discipline Digital Technology

Here at N Brown, we champion inclusivity by making our customers look and feel amazing. We help our customers to express themselves with stylish products, helpful services and flexible finance.


Working here you’ll explore everything the world of digital retail has to offer — asking questions, trying new things and chasing new opportunities. Combine this curiosity with the freedom to make your own decisions, take charge of projects and work flexibly, and you’ve got the perfect place to show your skills and learn new ones. So, if you collaborate, think on your feet, embrace innovation and love rising to a challenge, your work with us will have a serious impact on the business, your career and our customers’ lives. We are proud to be N Brown.


We’re looking for a passionate and experienced Cyber Security Manager with a proven track record of delivering software solutions to join a new ‘start-up’ division within N Brown. 


As a member of the Castle Fintech team, you’ll be at the heart of a unique and exciting venture to assemble a new financial services platform. With a background in technology disruption or financial services (preferably retail credit), you’ll leverage your industry knowledge to drive the key sourcing and commercials for the platform. Operating like an independent start-up, within an established organisation, you’ll be completely at home with agile frameworks and will fully embrace iterative and flexible commercial approaches. 


What type of person are we looking for?

  • Driven by boundless curiosity and experimentally minded, always starting with ‘why?’.
  • Tenacious and persistent, willing to go above and beyond to deliver great outcomes.
  • Focused and decisive, able to ruthlessly prioritise to stay on track.
  • Energised by collaboration and a champion of radical candour.
  • Work hard whilst maintain our sense of humour, and don't take ourselves too seriously.
  • Have a start-up attitude to getting stuff done.

The role:

We are looking for experienced cyber security specialists, with a track record of facilitating change to help assure our future success in these areas. The Cyber Security Manager will oversee risk assessment and communication related to software and infrastructure vulnerabilities. They will collaborate with teams to identify vulnerabilities, prioritise risks, and improve the vulnerability management process, including continuous scanning and patch management.

The ideal candidate will also have experience of working with and managing third party suppliers operating a Security Operating Centre (SOC).


What’s in it for you?

  • Hybrid working
  • 24 days holiday (+ 8 bank holidays) with the option to buy an additional 10 days
  • Annual bonus scheme
  • Enhanced maternity and adoption leave
  • Access to Apricity, a self-funding IVF benefit at a reduced rate
  • Company pension with up to 8% N Brown contribution
  • Mental Health support both internally and externally, including access to our wellbeing champions and counselling services
  • A range of financial wellbeing support
  • Colleague discount across all N Brown brands
  • Onsite café with subsidised rates and local restaurant discounts!
  • Life Assurance and Private Medical Insurance
  • Paid volunteer time – all our colleagues can take a full day paid to volunteer for a charity of their choice


What you will do as a Cyber Security Manager?

  • Manage Castle Fintech’s ongoing cyber commitments to the business and help deliver operational security control measures, risk & governance frameworks and InfoSec principles and standards.  
  • Help identify emerging security threats, risks and vulnerabilities to ensure appropriate countermeasures and risk mitigations are identified, prioritised and implemented through our cyber detection technologies and governance frameworks.
  • Provide Cyber Security subject matter expertise across Castle internal stakeholders to ensure the confidentiality, integrity and availability of systems, data and information assets, while working closely with our information security partners to maintain an ahead of the curve approach to industry technologies and threats. 
  • Identify and remove impediments faced by the team by working collaboratively with stakeholders to proactively manage any risks, issues or delays.
  • To deliver the InfoSec technology roadmap into the business, ensuring our regulatory obligations are met in line with industry best practice.
  • To help shape and inform ongoing cyber security strategy in an ever-changing digital landscape.
  • To manage and oversee an appropriate programme of vulnerability and patch management to maintain an informed understanding of our technical control measures.
  • Define and review key security performance indicators that ensure service delivery and service improvements.
  • Develop and create reports for management updates and escalations using key program performance metrics.
  • Build, develop and maintain SOC policies, procedures and processes.
  • Optimise tools and processes that prepare the SOC to respond to security threats of the future.
  • Ensure information and security data is continuously collected, correlated and analysed to detect external and internal threats and vulnerabilities to our services.


What skills and experience will you have?

  • Good working knowledge of AWS security services and implementations, e.g. Security Hub, Control Tower, Organizations, SCPs, IAM entities and policies, Account lockdown and AI/ML tools like Macie and Guard Duty.
  • You will also understand and maintain security compliance requirements e.g. DPA, GDPR, PCI DSS, SOC1, SOC2 and ISO27001.
  • To have a personal and corporate awareness of current Information Security Issues, e.g. emerging vulnerabilities and zero-day exploits, and to identify appropriate risk mitigation counter-measures.
  • Understanding of risk assessment methodologies and the ability to identify, assess, and prioritize security risks to the organization.
  • Managing third party suppliers including SOC providers.
  • The ability to work with teams and stakeholders across Castle to promote and facilitate security best practise.
  • Excellent communication skills to effectively convey complex technical information to non-technical stakeholders, executives, and employees. This includes writing reports, creating policies, and conducting security training.
  • Ability to analyse complex problems, troubleshoot security incidents, and develop effective solutions to mitigate security risks.

Desirable Qualifications:

  • Certified Information Systems Security Professional (CISSP) 
  • Offensive Security Certified Professional (OSCP)


Our promise to you:

We’re an equal opportunity employer and value diversity. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.


What happens when you apply to a role at N Brown?

As soon as we receive your application, we’ll send you an email to let you know. We always aim to come back to you as soon as possible with an update and we really appreciate you taking the time to apply for a role with us. Good luck!