Skip to main content

Head of Cloud and DevOps Security

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.

Key Elements of the Role

The Head of Cloud and Dev Ops Security is a critical role within the Information Security function, and the job holder will be responsible for bringing information security best practice to all dev ops activities through collaborative engagement, advice, support, and the provision of hands-on services from the team's subject matter experts. By building and maintaining a strong Cloud and Dev Ops Security capability, the job holder will help build a robust security posture for the organisation that keeps pace with an ever-evolving threat environment.

A collaborative approach is required to help ensure the effective adoption and implementation of Cloud and Dev Ops Security capabilities across the entire organisation.

The job holder will manage and drive the strategic direction of the Cloud and Dev Ops Security team and the activities of additional specialist resources including system integrators to drive the efficient delivery of:

  • Properly configured and tested operating systems, application software and system management tools,
  • Cloud security best practice for design, development, monitoring, reporting and continuous improvement,
  • Cloud security solution design,
  • Building in configuring delivery environments supporting CICD tooling
  • Plan and implement cloud security solutions,
  • Monitor and evaluate the security posture of existing and new cloud-based services and applications used by the organisation,
  • Investigations and forensics,
  • Endpoint security operations,
  • Threat hunting,
  • Cyber security incident response,
  • Security Monitoring,
  • Certification and Domain management.

Key Attributes of The Jobholder

The job holder will demonstrate the following:

  • Strong leadership skills with experience in leading and working collaboratively within multi-disciplined teams,
  • An ability to manage and inspire diversely located team members to focus on common goals and timelines,
  • Ability to extract clarity from the inevitable ambiguity of a fast-paced, evolving organisation operating globally within a dynamic threat landscape,
  • Ability to manage multiple service providers and oversee systems integrators tasked with the implementation and rollout of systems and applications across a complex and diverse multichannel global operation,
  • Ability to prioritise work to maximise customer and business value in collaboration with Engineering and Technical Programme Delivery Leaders to help drive solutions that are secure by design, valuable, viable and usable.
  • Experience in driving an appropriately prioritised risk-based approach that operates within agreed risk appetites,
  • Competent, informative engagement with the organisation's senior leadership through clearly articulating goals, achievements, risks, expectations, and needs.

Jobholder Tasks and Deliverables
General Requirements

  • Demonstrate a comprehensive understanding of the need to protect JD Sports, its customers, people and shareholders from high-impact events that may compromise the organisation's:
  • Business,
  • Operations,
  • Data repositories,
  • Ability to comply with compliance and regulatory requirements,
  • Finances such as cash flow and revenue,
  • Brand reputation and customer confidence,
  • Shareholder value,
  • Customer data.
  • Drive the establishment and maintenance of secure and robust protection for data, applications and systems within the organisations, network and IT infrastructure.
  • Exploit the power of automation to accelerate Dev Ops hardening of solutions and reliable, repeatable testing.
  • Prepare reports for senior management which clearly articulate key performance measures.
  • Establish key risk, performance, and success measures that contribute to the broader information technology reporting cadence.
  • Drive a program of Dev Sec Ops continuous improvement, ensuring that security is a fundamental feature of JD Sports' Applications and systems.

Quality

  • Build and apply repeatable methodologies which help ensure that security is a built-in facet of every new system or application.

Leadership

  • Develop, communicate and agree on an appropriate JD information security operations strategy that will help optimise and target investment and resources.
  • Support, mentor and develop direct reports in delivering their duties and managing their teams.
  • Communicate effectively and constructively at all levels of the organisation to optimise understanding and alignment.
  • Interact collaboratively with all internal and external parties to build and maintain positive working relationships.

Key Skills

The job holder is expected to possess the following skills:

  • Strong leadership and influencing skills,
  • Good interpersonal skills with an ability to build consensus and buy-in,
  • Strong verbal and written communication skills are crucial to success in this role,
  • Extensive experience of the Cloud and Dev Sec Ops security,
  • Experience in driving successful applications delivery in an agile environment,
  • Ability to engage with diverse, cross-functional teams in a constructive and collaborative relationship to align and Dev Sec Ops strategies,
  • Proficiency in the preparation of reports, dashboards, and documentation,
  • Good problem-solving analytical skills,
  • Experience in Security Incident Management and Response,
  • Knowledge and demonstrable experience of cyber security technologies and methods,
  • Demonstrable experience in working effectively with systems integrators, managed service suppliers and vendors,
  • Familiarity with appropriate legal frameworks such as GDPR,
  • Good understanding of Risk Management,
  • Awareness of Agile environments and practices,
  • Awareness of the predominant operating systems within the retail sector, including but not limited to Windows, Linux and Unix,
  • Awareness of Database technologies (SQL, Oracle, DB2, Mongo) and associated threats,
  • Awareness of security controls in widely used technologies, e.g., MS Office,
  • Awareness of Incident Management and Response tools - IBM Resilient, Remedy, Remedy CMDB,
  • Effective planning and prioritisation skills,
  • Proven negotiation and influencing skills.

Qualifications

  • Industry Standard qualifications and training such as SANS; GIAC, and/or CISSP are desirable,
  • Ideally, a Bachelor's or Master's Degree in Information Technology or Business Management.

#LI-JR11

Head of Cloud and DevOps Security

JD
Manchester, UK
Full-Time

Published on 29/04/2024

Search more jobs

Share this job now