Internal use only – Grade D

About us.

We are The Very Group and we’re here to help families get more out of life. We know that our customers work hard for their families and have a lot to balance in their busy lives. That’s why we combine amazing brands and products with flexible payment options on Very.co.uk to help them say yes to the things they love. We’re just as passionate about helping our people get more out of life too; building careers with real growth, a sense of purpose, belonging and wellbeing.

About the role

The role of a Senior Security Specialist, reporting to the Head of Information Security, encompasses a broad range of responsibilities aimed at safeguarding the organisation's digital assets and ensuring compliance with security standards.

This position involves providing hands on security expertise to various business units, improving the overall security posture of the organisation by identifying and implementing security improvements to align with industry standards and ensuring adherence to security compliance requirements.

The Senior Security Specialist plays a crucial role in developing and implementing security strategies, policies, and procedures, while also collaborating with cross-functional teams to promote a culture of security awareness and best practices throughout the organisation.

Additionally, they support the Head of Information Security in leadership and strategic activities, contributing to the overall direction and vision of the security programme, and assisting in decision-making processes to enhance the organisation's security posture.

Scope of Role

This role impacts on all areas of the Group, including regulators, customers, employees, third parties and contractors. It involves being responsible for the implementation of new security defences and the operation of existing in accordance with best practices, company policy and regulatory requirements.

Key Responsibilities

• Safeguard the organisation's digital assets and ensuring compliance with security standards along with maintaining the security and integrity of the organisation's information systems.

• Works closely with different departments to understand their specific security needs and challenges. Ensuring that optimal security measures are implemented and aligned with the organisation's overall security strategy.

• Responsible for identifying areas of non-compliance across the group and using skills and expertise to realign any problem areas to improve security posture.

• Ensures that the environment is well prepared for security audits, working with internal teams to ensure a consistent base line approach to IT general controls is in place to facilitate and automated approach to audits.

• Ensures that access controls are effectively managed and that identity management processes are robust and secure.

• Implements and maintain security measures across cloud environments, ensuring alignment to best practices, improving the overall posture and ensuring compliance with relevant regulations.

• Supports the Head of Information Security in leadership and strategic activities. This involves contributing to the overall direction and vision of the security programme and assisting in decision-making processes to enhance the organisation's security posture.

The Senior Security Specialist provides strategic insights and recommendations based on their expertise and experience and works closely with the Head of Information Security to develop and implement long-term security plans. This requires strong analytical and strategic thinking skills, as well as the ability to influence and drive change at the executive level.

Essential knowledge and skills

Knowledge:

• A broad understanding of the Information Security industry, including UK regulations and compliance standards such as GDPR, ISO 27001, and PCI-DSS.
• In-depth knowledge of IDAM including authentication mechanisms, single sign-on (SSO), and multi-factor authentication (MFA).
• Familiarity with security measures for cloud platforms, particularly Oracle Cloud and Azure, Microsoft 365 (M365) Google Cloud and AWS.
• Understanding of securing end user devices and applications.
• Familiarity with the latest security threats, trends, and best practices.
• Understanding of agile methods of working and the Secure Software Development Lifecycle (SDLC).

Skills:

• Proven experience in IT security, with a focus on IAM, cloud security, and core IT infrastructure security.
• Excellent problem-solving and analytical skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.

Role-Specific Qualifications:

• Information Security and/or Information Technology industry qualifications such as CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager), or equivalent time served.
• A demonstrable hands-on background to improving security postures of organisations.

Some of our benefits

• Flexible, hybrid working model
• Inclusive culture and environment, check out our Glassdoor reviews
• £6500 flexible benefits allowance to suit your needs
• 30days holiday + bank holidays
• Udemy learning access
• Bonus potential (performance and business-related)
• Up to 25% discount on Very.co.uk

• Matched pension up to 6%
• More benefits can be foundon our career site

How to apply

Please note that the talent acquisition team are managing this vacancy directly, and if successful in securing this role, you will be required to undertake a credit, CIFAS, Right to Work checks and if a specific requirement of your role a DBS (criminal records) check. Should your application progress we require you to let the team know if there is anything you need to disclose in relation to any of these checks prior to them being undertaken, including any unspent criminal convictions.

What happens next?

Our talent acquisition team will be in touch if you’re successful so keep an eye on your emails! We’ll arrange a short call to learn more about you, as well as answer any questions you have. If it feels like we’re a good match, we’ll share your CV with the hiring manager to review. Our interview process is tailored to each role and can be in-person or held remotely.

You can expect a two stage interview process after meeting the TA team,

First stage –A one-hourface to face or MS Teams interview.

Second stage –A final stage 1 hour session, likely to include a task for you to prepare for.

As an inclusive employer please do let us know if you require any reasonable adjustments.

If you'd like to know more about our interviews, you can find out here.

Equal opportunities

We’re an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.