InfoSec Lead (Incidents)

Job Ref: 13416999

InfoSec Lead
6 month contract
£600-£700 per day (Inside IR35) 
home working/one day a week Bracknell Office

CVM People are proud to be partnering with one of the biggest names in UK retail as we search for an InfoSec Lead for a 6 month contract. Working with an organisation that’s security strategy is daring and impressive, you will be involved in many types of projects and changes. These include the delivery of real world propositions to client customers, as well as many internally focused projects that are delivering great benefits to the organisation.

The Secure by Design team in which this role fits plays a key role in ensuring that we’re providing high quality security governance across key strategic projects and enables secure change across the entire organisation.
If you’re passionate about information security and if you want to make a real difference at the UK’s largest co-owned retailer, then this role is for you.
Responsible for:

  • As an Information Security Lead, you’ll be allocated to complex pieces of work and projects, with a particular focus on cloud technologies
  • You’ll work closely with stakeholders to provide guidance on the appropriate information security controls and will assess a variety of information security risks, using industry standard tools and techniques, such as the ISF Standard of Good Practice, IRAM2 and the STRIDE framework for threat modelling.
  • You’ll be able to accurately identify areas of risk that require escalation and will proactively suggest improvements or new features when opportunities arise. You’ll be actively encouraged to identify new ways of working and process improvements that will support the Secure by Design service in delivering the best outcomes possible.
  • You’ll also work closely with the Secure by Design manager and support the team in meeting KPI’s and managing workloads, projects, and resource allocation across the team.

Experience needed:

  • Hands-on experience in a role directly relevant to Information Security governance, risk and controls.
  • Experience of assessing information security risk in a cloud environment and expertise across a variety of cloud security controls.
  • Experience in the use of security frameworks and the application of these through policies and standards.
  • Experience of stakeholder management, working with individuals from both IT and business functions.
  • Experience of threat modelling, using a framework such as STRIDE or similar.
  • Formal accreditation in Information Security such as a related degree, ISC2 CISSP, ISC2 Certified Cloud Security Professional or similar.
  • Management reporting experience.

Please note that as part of this role there will be a requirement to join an on-call rota minimum 1 in 3, possibly 1 in 4 or 1 in 5, supporting the business as and when needed outside of normal business hours.

If this is of interest please send your CV to

Contact Details:
01264 326 315


Cloud, Data Technology



Work Type:


Job Per Day:

£600 to £700