Head of Information Security

Bristol, UK
Come join an award-winning tech business in the heart of Bristol where we’re making the lives of retailers simpler by automating the back office.

Location: Bristol, UK

About Brightpearl

We’re looking for a Head of Information Security to help us ensure that Brightpearl has the right risk and compliance framework in place, our risks are identified and mitigated, tools and controls are in place to protect global business operations and data, and employees are aware of the importance of security and compliance throughout their day to day activities.

“People First” is our first PEARL value, so before we get too into your day-to-day, here are some of the things we bring to the table.  The opportunity to collaborate with other talented people, have a voice and instil proactive, robust and positive change to our compliance and data security posture, flexible working, generous time off allowances, medical and dental insurances and pension, and that’s not all. Check out our perks and benefits tab to the left to see what else!

About the role

As an experienced information security expert with a background in designing and implementing robust compliance practices, you will be Brightpearl’s subject matter expert on all risk management, compliance and data protection topics.

Our Head of Information Security will  ensure that we have a clearly defined security strategy, with the right risk and compliance framework, reviews, tools and controls established.  You will lead projects that put pragmatic action plans, policies and processes in place to identify and mitigate risks, and be on point to take control of and lead any breach response, and resolution of any information/data risk management or compliance issues.

Your expert insight, counsel and influence will help direct everyone at Brightpearl to embed effective data protection controls into their business as usual activities, and as our security champion, you will create a healthy culture of data security and compliance awareness across the company. Steering compliance-related activities for Brightpearl’s software and data products and cloud infrastructure environment, you will ensure that our security and risk management standards are best practice to protect the interests of Brightpearl, our clients and our employees.

On a day to day basis, there will be close collaboration and partnership across the Company, to ensure that everyone is aligned, sharing information and delivering meaningful, high quality and timely outcomes, with risk mitigation and company strategy in mind.

Your Day-to-Day Life:

  • Be Brightpearl’s risk management, data protection, privacy and compliance subject matter expert, providing counsel and direction, across the Company on all information security compliance and information protection topics.

  • Articulate, establish, maintain and oversee the company’s vision, strategy, framework and programmes to ensure the company has the right tools, controls, governance and assurances in place to protect its global business operations, data, tools and network against a dynamic threat landscape, as well as ensuring legislative, regulatory, audit and compliance requirements and industry best practices are met.

  • Assess and manage the impact of data protection risk, within the current business as usual processes, and conduct audits, deliver assessments and recommendations to improve the adequacy of controls, and track remediation actions through to successful completion.

  • Translate legal, statutory and contractual obligations into a unified collection of security and risk management processes and policies. Provide stakeholders with compliance requirements and methodologies, and promote and facilitate awareness through generic and targeted training across the Company.

  • Establish and oversee formal vulnerability management, penetration testing and security posture assessment program, coordinating system audits, reviews, and tests to verify compliance with security policies and standards.

  • Manage external audits, third party penetration tests, and customer assessments.

  • Collaborate with Engineering and Product teams, to lead effective process improvements that ensure that the Brightpearl platform is robust, secure and scalable in a sustainable way.

  • Design and implement technological, operational and procedural systems to meet legislative and regulatory requirements, working with the CTO to select and implement suitable technology to meet compliance and strategic benefit goals.

  • Lead the security breach response process, including coordination of the breach response team,  keeping stakeholders appropriately informed, working with third parties to meet legal and regulatory obligations and advising on client facing communications.

  • Support teams in any client, vendor or audit communications relating to the assessment of security requirements or events.

  • Provide monthly metrics reporting to identify and manage risks and gaps in policy, and work required to prioritise and resolve open issues.

  • Update your job knowledge by tracking and understanding relevant frameworks and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organisations.

  • Plan, design and execute training and awareness programmes for Brightpearl staff.

  • Establish and chair the Brightpearl Risk and Security Committee

To be successful as the Head of Information Security at Brightpearl, you’ll most likely have…

  • Proven 5+ years of relevant experience in information security, including practical experience in an incident response role or threat intelligence role.

  • Extensive knowledge of network and cloud infrastructure security and best practices and comprehension of various IT areas such as architecture, databases, information management, identity management.

  • Advanced working knowledge of information security, privacy concepts and the technologies enabling them.

  • Demonstrable ability to prioritise effectively within tight deadlines and work extremely well under pressure, maintaining a calm and professional approach throughout.

  • Exceptional abilities to perform independent analysis, distil relevant findings and identify root causes and translate them into a clear remediation action plan.

  • Excellent verbal and written communication skills, with the ability to articulate ideas and requirements clearly, across the company and up to Executive Leadership.

  • Familiarity with security legislative and regulatory requirements and standards (eg GDPR, ISO 27001, SOC2).

  • Excellent interpersonal skills with the ability to build relationships across all departments and levels, working cross functionally, to align key stakeholders towards a common goal and drive positive outcomes.

  • You will be able to challenge colleagues in a collaborative and constructive manner to instil a pragmatic approach to data protection and risk mitigation.

  • Excellent influencing and communication skills with the ability to translate complex / technical issues to meet the audience’s competency level

  • Confidence in rolling out changes, bringing stakeholders along with the new ways of working, with shared understanding of the rationale for change.

  • This is not a 24×7 role however will require flexibility to provide support in the event of a suspected or an ongoing security incident.

  • Strong track record in delivering practical and compliant solutions

  • Passion and enthusiasm to follow developments in privacy and data protection, and maintain a professional expertise and personal interest in these subjects.

Ideally you’ll have:

  • Any experience in information governance, business risk management, audit or information security would be highly advantageous, as will any data protection qualifications.

  • Deep understanding of lean, agile and DevSecOps principles for predictable software delivery.

  • Experience in an international environment.  We operate in the UK and US.

Ensuring a diverse and inclusive workplace where we collaborate and learn from each other is core to Brightpearl’s values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a supportive place to work.