For over 35 years, Aesop has carefully cultivated an inspiring and inclusive environment in which our employees are supported and encouraged to thrive. As a global retail organisation, we offer professional development and advancement opportunities to complement career goals and aspirations.
We aim to strike the right balance between people, planet and profit, actively reducing our footprint on the planet that generously sustains us. So far, this journey has led us to become a certified B Corp. We are committed to building a more sustainable and inclusive society.
Aesop is an endorsed employer for all women. See our range of benefits and policies directly at Work180: Aesop – Work180 Endorsed Employer.
Aesop are seeking a driven and delivery focused Cybersecurity Operations Manager to join our team on 24 month Max-Term contract, operating with a hybrid working pattern, based at our purpose-built head office in Collingwood.
Reporting to Business Information Security Officer in UK, you will be responsible for the implementation and operation of the organisation’s security, risk and compliance capabilities across Cyber. This role will lead, operationalise and maintain appropriate security controls, standards, security architecture and risk processes, and proactively drive adherence to Cyber Security, Risk and compliance, working collaboratively with business and IT stakeholders.
Key responsibilities (not limited to):
- Ensure an integrated approach towards cyber security, policies and processes with a focus on information management and effective risk-based decision making across the organisation
Information Security Incident Management
- Provide oversight and management of security operations, security incident response, incident detection and analysis, containment, and eradication of cybersecurity incidents and establishing processes to ensure the timely identification of information security incidents.
- Support post-incident reviews
- Manage IT security controls
- Work closely with infrastructure, architecture and engineering teams in planning, and implementation of cybersecurity operational projects and initiatives.
- Identify opportunities to improve cybersecurity posture and maturity roadmap.
- Proactively maintain IT security
- Participate in day-to-day management of IT security and ensuring protection of IT assets & information as well as the prevention and management of breaches.
- Provides expert advice to internal and external stakeholders on IT security matters and evaluate system security, vulnerability analyses and risk assessments reports.
- Supports awareness and effective communications and/or training for the proactive management of IT security.
Set, manage and maintain the IT security policies
- Developing the Information Security Management Framework and supporting processes
- Defining and ensuring adherence to security policies and standards,
- Update security policies to leverage new technology, threat information or compliance changes.
Audit, Risk and Compliance
- Report IT risks and associated information both at an operational and strategic level. Supports the generation of risk mitigation strategy and third-party risk management processes and governance.
- Works collaboratively with senior business stakeholders within Legal, Risk and Compliance and provides support across all IT functions for IT Risk and compliance.
What’s on Offer:
We take a holistic approach to employment, promoting professional development, career, employee wellbeing initiatives and encouraging deep connections with the local community through the Aesop Foundation, volunteering and matched giving programs. Employee benefits include:
- Flexible, hybrid working pattern – we balance office-based in-person collaboration with remote working
- Generous product discount, up to 50% and bi-annual complimentary product allocation
- Home office set-up reimbursements
- Paid volunteering allowance for all employees and paid 24 weeks parental leave for primary carer
- Short term incentive bonus programs to reward performance
- Suite of options to aid development, including complimentary access to all LinkedIn Learning, in-house Product and Core skills training and study support opportunities
- Access to employee assistance programs and complimentary subscription to Headspace mindfulness app
- Team lunches, sponsored social clubs, team events, and celebrations
- View some of our benefits and policies through https://work180.com/en-au/for-women/employer/aesop
What we are looking for:
- Demonstrated technical expertise in IT security and the application of IT security measures.
- Experience across other security areas including penetration testing, security architecture or design and security governance including
- IT Risk and/or compliance management experience is preferred
- CISSP/CISM or equivalent certifications preferred
- Relevant experience in an IT security management role.
- Exposure to a broad range of IT functions and disciplines, with a strong working knowledge of IT governance and/or information governance
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ASD, COBIT and NIST.
- Knowledge of enterprise information and cyber security processes, concepts, and best practices, with an exposure to cloud models is desirable.
- Regulatory compliance knowledge including PCI, knowledge and experience of network and infrastructure security and vulnerabilities is preferred
Aesop is committed to attracting, developing and retaining the very best people by offering a creative and inclusive workplace where talent is truly recognised and rewarded. We are committed to promoting inclusion for all with the belief that diversity, inclusion and belonging plays an important role in the success of our organisation. We actively encourage everyone to consider becoming a part of our journey.
If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please contact our TA team on email@example.com