About this Information Security & Compliance Manager role at Charlotte Tilbury
About Charlotte Tilbury Beauty
Founded by British makeup artist and beauty entrepreneur Charlotte Tilbury MBE in 2013, Charlotte Tilbury Beauty has revolutionised the face of the global beauty industry by de-coding makeup applications for everyone, everywhere, with an easy-to-use, easy-to-choose, easy-to-gift range. Today, Charlotte Tilbury Beauty continues to break records across countries, channels, and categories and to scale at pace.
Over the last 10 years, Charlotte Tilbury Beauty has experienced exceptional growth and is one of the most talked about brands in the beauty industry and beyond. It has become a global sensation across 50 markets (and growing), with over 2,300 employees globally who are part of the Dream Team making the magic happen.
Today, Charlotte Tilbury Beauty is a truly global business, delivering market-leading growth, innovative retail and product launches fuelled by industry-leading tech — all with an internal culture of embracing challenges, disruptive thinking, winning together, and sharing the magic. The energy behind the brand is infectious, and as we grow, we are always looking for extraordinary talent who want to be part of this our success and help drive our limitless ambitions.
About the role
Security and Compliance are critical business functions within Charlotte Tilbury. As a company that deals with a large volume of sensitive customer data, it is imperative that we adhere to modern security standards and remain compliant with the relevant regulations in each region we operate. Equally, the protection of our intellectual property and the productivity of our teams is essential to our continued success.
The Information Security and Compliance Manager will be responsible for developing and overseeing control systems to prevent or deal with breaches of data security and privacy. You will also evaluate the efficiency of these controls and improve them continuously. You will collaborate with the IT department, the Legal department, and other stakeholders to monitor and enforce compliance standards and regulations. You will also provide guidance and training on information security matters and best practice to employees and partners of the business.
As a Information Security & Compliance Manager you will
Policy, Process and Documentation
·Coordinate the development of best practice policies and standards related to IT security and data processing.
·Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements.
Security Operations
·Be accountable for technical security controls including EDR, SIEM, DLP, SSE/SWG, CSPM, vulnerability management, identity security and endpoint compliance ensuring it is fit for purpose and being used to its full potential.
·Partner with and challenge Technology Operations on secure design, implementation and operational support of workplace, identity and endpoint technologies.
·Define and maintain build standards for Windows, MacOS, Android and iOS devices.
·Define security and compliance standards for cloud hosting environments, including AWS and GCP.
·Oversee penetration testing, bug bounty programs and red team exercises.
·Investigate security events and contain incidents in a timely manner.
Compliance
·Manage and oversee technology risk management activities
·Identify areas of non or weak compliance and drive improvement. This could be related to process, system security, documentation or any aspect of security/compliance.
·Develop and implement relevant security and compliance reporting to management and risk committees.
·Develop and manage an information security risk register to address risk issues and action plans from all sources.
·Coordinate information security internal audit and participate in external audits
·Collaborate with the IT department, the Legal department, and other stakeholders to monitor and enforce the compliance standards and regulations.
·Take ownership of vendor assessments, third party risk assessments and supply chain vulnerabilities
Awareness
·Develop and lead information security awareness and training initiatives, including phishing exercises and compliance training.
· Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance.
Who you will work with
- Reporting into the Technology Operations Director
- Lead the Information Security team, consisting of two direct reports.
About you
- Experience in managing Cyber Security and Compliance positioning for an enterprise organisation
- Practical experience delivering hands on security improvements
- An understanding of relevant security and regulations (e.g. GDPR, CCPA, ISO27001, PCI-DSS)
- Customer focussed approach
- Effective communicator with ability to adapt style for intended audience
- Capable of managing the relationship with 3rd party service providers
- Highly organised and able to prioritise workload effectively
- Pro-active and able to work off your own initiative.
- Able to influence and communicate your own point of view
- Creative and unorthodox thinker, able to push projects forward in an unstructured environment.
- Methodical, logical, organised and calm under pressure
- Excellent English written & verbal skills.