What’s the role about?

The John Lewis Partnership’s Information Security strategy is bold and ambitious. We provide a collection of security services, delivered through people, processes and technology. Working collaboratively, these services ensure that customers can shop with us efficiently, safely and securely, every single day. 

The key purpose of the Information Security Incident Response team is to protect John Lewis Partnership data and systems by proactively detecting and responding to cyber security threats. We are the front line of cyber defence: monitoring and assessing cases, correlating observables, mitigating and defending against malicious cyber activity and adapting to an ever-changing threat landscape. We constantly engage with key stakeholders from across the business, third parties and our customers.

If you’re passionate about cyber security, if you thrive and perform in fast-paced, high-demand scenarios, and if you want to make a real difference at the UK’s largest co-owned retailer, then this role is for you.

What you’ll be doing:

As the Partnership’s Information Security Manager for our Incident Response Service you will be responsible for managing a team of highly skilled SOC analysts and an outsourced service provider covering 24x7x365 monitoring.  You will ensure that your service provides an adequate and proportionate response to any information security incidents that arise by owning and developing the runbooks and operating procedures used, the proactive testing of the Partnership’s response and the leadership of incident management - including the flexing of hours in the event of a major occurrence. You will also constantly challenge performance and provide feedback to all other security services in support of continual learning and improvement. 

It’s a fantastic opportunity to be empowered to innovate alongside a supportive, collaborative and social team of security experts, and you’ll have the opportunity to grow and develop your cyber security career. 

What you’ll have:

• Experience of working in and a strong understanding of the cyber security landscape, including types of threat, attack types and controls

• In depth experience of incident detection, response, resolution and review, the associated management lifecycles and resolution activities across a variety of separate resolver groups

• People leadership skills with a proven track record of getting the best out of people

• Experience of communicating to and managing senior stakeholders at all levels

• Experience of working within a service management framework, such as NIST or ITIL

• Ability to work under pressure and thrive in fast-paced, high-demand scenarios

• Experience of working with 3rd party service providers

What else you could bring:

• Prior line management experience

• Leadership of teams of technical experts and delivering results through others.

• Expertise across any of the following : ServiceNow, JIRA, Splunk or Security Event Logging. EDR/XDR, Threat identification, Risk, Vulnerability, UEBA

• Experience in creating BAU runbooks, table top testing exercises, use-case definitions and operating procedures

• Relevant technical qualifications, such as CISSP, CompTIA Security+ / Network+ or equivalents

• Experience managing 3rd party relationships and holding 3rd parties to account for service delivery

Why do our Information Security Partners love working for us?

“Working for the Infosec team at the John Lewis Partnership is a win-win situation; a fantastic company and a really supportive and friendly team that helps to ensure that we see the best from everyone. Cyber Security is fast-paced and varied, meaning that every day is different but here you never feel alone with new challenges as everyone pulls together to generate innovative solutions. It’s fun and you never stop learning!” - Paul Hallett - Information Security Manager

Additional Information:

We occasionally close vacancies early in the event that we receive a high volume of applications. Therefore we recommend you apply as soon as possible. The application form consists of a CV upload, an online test followed by application questions. Please ensure you refresh the page each time you complete a task to ensure you complete everything that you need to in time. We have a number of different ways to work flexibly so at your interview feel free to talk about what flexibility means to you. There are no guarantees, however, it may open the door to not only a new role but a new way of working.