×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant Data Security

Head of Information Security

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: River Island
Full Time position
Listed on 2026-02-11
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, Data Security
Job Description & How to Apply Below
Location: Greater London

Overview

As River Island’s Head of Information Security, you’ll play a strategic and hands-on leadership role in shaping and strengthening our security posture across the business.

Department: Operations

Location: Head Office, Chelsea House

Responsibilities
  • Security Strategy & Governance:
    Define, implement, and evolve River Island’s information security strategy in line with business objectives, regulatory obligations, and risk appetite.
  • Lead the development and maintenance of information security policies, standards, and controls, ensuring alignment with frameworks such as ISO 27001, NIST CSF, and the SANS Top 18.
  • Define and report security KPIs/KRIs to senior management to represent risk posture, compliance status, and strategic improvement initiatives.
  • Risk Management & Compliance:
    Own and manage the Information Security Risk Register; ensure risks are assessed, documented, and mitigated effectively.
  • Lead compliance efforts across GDPR, PCI DSS, and other applicable regulations.
  • Conduct and coordinate enterprise-wide risk assessments, audits, and internal reviews.
  • Champion a pragmatic, risk-based approach to security — balancing protection, productivity, and customer experience.
  • Own and govern IAM standards (RBAC, joiner/mover/leaver, privileged access, MFA, SSO) across corporate, store and customer-facing platforms.
  • Security Operations (Sec Ops) & Incident Management:
    Oversee operational security activities, including threat detection, vulnerability management, and incident response.
  • Coordinate penetration testing, red-teaming, and vulnerability remediation across applications, infrastructure, and cloud environments.
  • Develop and maintain incident response playbooks and lead investigations where required.
  • Partner with our Managed SOC and technology teams to strengthen detection, response, and automation capabilities.
  • Secure Development & Project Support:
    Embed secure-by-design principles and Dev Sec Ops  practices across engineering and delivery teams.
  • Partner with Legal and the DPO on DPIAs, data transfer assessments and privacy-by-design.
  • Define and maintain the information classification and handling standard.
  • Ensure security controls for customer data, employee data and payment data are implemented and monitored.
  • Provide specialist input into solution design, architecture reviews, and third-party integrations.
  • Support major transformation projects, ensuring security controls and data protection measures are built in from the start.
  • Third-Party & Client Assurance:
    Oversee third-party risk management, including supplier due diligence, onboarding, and continuous monitoring.
  • Support client assurance and audit activities, providing evidence of River Island’s security posture.
  • Maintain trust and transparency in all information security communications internally and externally.
  • Continuous Improvement & Leadership:
    Drive ongoing maturity of the security function through measurable improvement plans, tooling optimisation, and process automation.
  • Lead awareness initiatives and promote a strong security culture across the business.
  • Mentor and develop members of the Information Security team.
What We’re Looking For
  • Proven experience in a senior information security role, ideally within a complex, multi-channel retail or technology environment.
  • Strong technical grounding across key security domains: network, cloud, endpoint, application, and data security.
  • Experience managing or working with vulnerability management tools, SIEM/SOC environments, and incident response processes.
  • Familiarity with frameworks and standards such as ISO 27001, NIST, CIS, PCI DSS, and GDPR.
  • Excellent communication and stakeholder management skills, with the ability to influence at all levels of the organisation.
  • Analytical, pragmatic, and calm under pressure — with a focus on enabling the business, not blocking it.
  • Desirable:
    Security certifications such as CISSP, CISM, or equivalent.
  • Experience in retail, eCommerce, or cloud transformation programs.
  • Understanding of emerging technologies (AI, machine learning, cloud-native architectures) and associated security considerations.
About Us

We’re a much-loved brand with an exciting future. Our Islanders are a…

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search