Leicester based / hybrid working. We expect candidates to be at our Leicester head office, our central London Tech office, or at partners for around 3 days per week on average. On-site presence will be required to support stakeholder meetings, team meetings and programme phases such as workshops, testing, and go-live. Travel to other Dunelm sites and partner locations may be expected depending on programme needs.
As our Head of Cyber Security and reporting into our CTIO, you will play a pivotal role in safeguarding our company’s digital assets and ensuring the security of our information systems. This is an exciting opportunity to lead our information security strategy and make a significant impact on our organization’s growth and success. You will work closely with other Technology and company leaders to develop and implement robust security measures, while fostering a culture of security awareness across the company.
Technology is playing an increasingly important role in our success, and we have ambitious investment plans to continue powering our growth through our ‘people led, tech powered’ approach. You will play a critical role in maintaining and improving our security posture through this growth, helping us balancing risk with pace in delivering our ambitious plans.
Key Responsibilities:
Lead the Cyber Security team to enhance functional capabilities and support the development of team members
Develop, implement, and maintain a comprehensive information security strategy to protect the company’s data, systems, and networks
Lead the design and execution of security policies, standards, and procedures to ensure compliance with relevant regulations and industry best practices, and to reflect the latest advancements in technology in areas such as AI
Develop the next stage of our identity management strategy, and lead the resulting projects and system enhancements
Conduct regular risk assessments and vulnerability analyses to identify potential security threats and implement appropriate mitigation measures
Collaborate with IT and other departments to ensure the integration of security measures and developments into all aspects of the company’s operations and programs
Provide guidance and training to employees on information security best practices and promote a culture of security awareness
Oversee the management of security incidents and breaches, including investigation, response, and recovery efforts
Stay up-to-date with the latest security trends, technologies, and threats to proactively address emerging risks
Manage relationships with external security vendors and partners to ensure the effective delivery of security services
Manage the Security budget and investment
Qualifications / Experience:
Proven experience as a CISO or in a similar senior information security role, preferably within the retail industry
Strong knowledge of information security frameworks, standards, and best practices (e.g., ISO 27001, NIST, GDPR)
Excellent understanding of network security, data protection, and risk management principles
Experience in conducting security audits, risk assessments, and incident response
Relevant certifications such as CISSP, CISM, or CISA are highly desirable
Behaviours / leadership attributes:
Our shared values of ‘act like owners’, ‘keep listening and learning’, ‘long term thinking’, and ‘stronger together’ help ensure we are always finding better ways of doing things and spending our time focusing on what’s important.
As Head of Cyber Security, you will be empowered to take the lead on all aspects of our data and information security set up, capabilities and culture. You will bring:
A strategic mindset with strong tactical execution capability, backed up by a balanced view of security considerations with customer, colleague and company performance considerations
Ability to lead, inspire, and manage your team, highly technical partners, and internal tech teams
Comfortable leading and influencing broader stakeholder populations including Board, Exec and functional user teams
Passion for operational excellence and instilling best practice
External curiosity to keep connected to the fast-paced cyber security environment, including representing us on industry and regulatory groups