2,224 Security Policy Development jobs in the United Kingdom

Kurt Geiger | About Us

We are an inclusive, creative footwear and accessories brand powered by kindness. We want to empower our talent to be confident and true to themselves, the London way. London is our home, our heartbeat, and we draw inspiration from the energy and spirit of the city; its diversity and creativity. For over fifty years our team of in-house shoe and accessory designers have been creating authentic, distinctive designs from our London headquarters. The rainbow is our signature. It represents the good energy and love we have for our community and the many ways we collectively express our individual style.

We are looking for a detail-oriented and dependable GRC Analyst to join our Technology and Information Security team. This role is ideal for someone with a strong work ethic, experience in information security, and a collaborative mindset.

You will help protect our digital assets, ensure compliance with regulatory standards, and promote a security-first culture across the organisation.

Requirements

Key Responsibilities

• Coordinate and support security incident response activities.
• Support in Investigating security incident and data breaches.
• Assist with security audits and risk assessments across cloud and on-prem environments.
• Help develop and maintain security policies and standards (ISO 27001, NIST, GDPR).
• Support data protection efforts and GDPR compliance.
• Support access controls and identity management (Microsoft Entra ID, AWS IAM).
• Collaborate with teams across DevOps, IT, and digital marketing to embed security practices.
• Conduct third-party risk assessments and vendor reviews.
• Participate in change advisory boards to assess risks.
• Prepare documentation for audits and compliance reviews.
• Promote security awareness and provide guidance to teams.

Skills and Experience

• Previous experience in Information Security or a similar role.
• Experience in incident response, audits, and data privacy.
• Familiarity with cybersecurity frameworks (ISO 27001, SOC 2, NIST).
• Familiarity with SIEM/EDR tools (e.g., CrowdStrike, Microsoft Defender).
• Knowledge of cloud platforms (Azure, AWS) and security tools.
• Understanding of VPNs, firewalls, and Zero Trust principles.
• Strong communication and collaboration skills.
• Self-motivated and detail oriented.

Preferred Qualifications

• Certifications such as ISO 2700, Security+ or similar.
• Experience with risk registers and mitigation planning.
• Familiarity with GDPR breach protocols and privacy impact assessments.

What We Offer

• A collaborative and supportive work environment.
• Opportunities for professional development and certifications.
• A chance to make a meaningful impact in a security-conscious organisation.

Benefits

• Competitive basic salary
• Pension and life assurance
• Enviable discounts
• Gym Discounts
• Summer Hours - 3pm Friday finish
• Half Day, Pay Day Friday (once per month)
• RetailTrust support
• And so much more!

Our Culture  

We’re an energic fast-paced brand that embraces progress and strives for innovation. Hard work is rewarded with new opportunities at every level and kindness is celebrated in everything we do. Our summer working hours accommodate a healthy work life balance. Wellbeing is important to our working culture, which is why we nurture a friendly environment for talent to thrive in, alongside a vibrant social community.

Our Stores

The first Kurt Geiger store opened on London Bond street in 1963.  Today, our brand has global appeal and is distributed in hundreds of cities around the world. We operate over 70 stand-alone stores nationwide, including our new flagship store on London Oxford street, and in over 400 stores globally. Beyond stand-alone stores and retail pop ups, our retail partners include some of the world’s most famous department stores.

We Are One: For Love | For Diversity | For Change | For Equality | For Kindness |  For Freedom | For Unity Against Racism

Security Governance Manager 

Reports to: Head of Information Security 

Location: Hybrid (Newmarket) and or Remote

Hours: 32 hours across a 4-day week (no salary sacrifice) 

Salary: £50,000 - £60,000 

Product: Group level - Wonde, Evouchers & Secure Schools 

Who we are and what is important to us:

Beyond unifies three technology-driven brands, Wonde, Evouchers and Secure Schools. 

Each brand shares a vision to reduce the friction of adapting technology, to help customers navigate an often overwhelming area and provide powerful solutions that make their everyday life easier. 

The three brands run independently with the autonomy to continue to prosper although as part of the Beyond team, you’ll join a wider, supportive environment where you’ll be able to pull on the expertise and capabilities of the group. 

We do not limit ourselves to standing still. We look ahead and strive to disrupt the sector we operate in. We believe technology should not be complicated or overwhelming. It should do what it says - quickly, safely and efficiently.

Job snapshot:

As Security Governance Manager, you will be responsible for ensuring the effectiveness of security policies and control frameworks. You will support the group in adopting a security mindset using a combination of coaching, supporting and leading by example. 

This is a newly created position where you will be provided with a genuine opportunity to create impact and drive the best security practices across the group. 

What you’ll be doing:

• Management and maintenance of the central Information Security Management System
• Maintain and certify new products to ISO  
• Create, consult and operationalise security policies 
• Organise, lead and manage all security-related audit activity 
• Track and manage audit findings from conception through to delivery 
• Coordinate, monitor and measure activities to ensure the ISMS continues to operate as expected  
• Support and manage the supplier security assurance process 
• Manage the security awareness and training programme 
• Manage the continuous improvement process to ensure improvements and efficiencies within Security are achieved

Requirements

What we’re hoping you’ll bring:

• Previous experience in a security-focused role, particularly focusing on the implementation and management of an information security management system supporting ISO
• A qualified ISO 27001 Lead Implementer or auditor (a nice to have)
• Excellent written and oral communication skills
• Natural capabilities to communicate with a diverse range of stakeholders
• Ability to influence and coach technical and non-technical stakeholders 
• Ambition and initiative to drive change in an evolving sector
• Self-motivation with the confidence and enthusiasm to take the initiative and get things done 
• Ability to prioritise workflow and ensure deadlines are met
• The willingness to learn and adapt in an ever-changing environment

Benefits

What you’ll get:

Beyond is much more than just a place to work. It is a place to grow, innovate, excel and learn. We have tech people, creative people and people people, all focused on providing a superior customer experience. 

We value, support and champion those we work with - promoting personal growth and happiness. We get that our success is dependent on the collective energy, intelligence and contributions of all our team members and we are committed to ensuring our work environment is the best it can be. 

We value your commitment and have worked hard to create adaptable and comprehensive benefits packages to suit individual needs, although you can expect the below as standard:

• 4-day working week 
• Flexible working schedule/work-from-home opportunities
• Onsite gym and well-being (quiet room) facilities 
• Buying and selling holiday scheme
• Additional holiday for length of service 
• Annual allowance for volunteering days 
• Onsite trained mental health and well-being champions 
• Monthly lunch club (on us) 
• Comprehensive wellness programmes (think meditation retreats and continuous access to well-being apps/initiatives) 
• Enhanced maternity, paternity and adoption benefits 
• Electric car scheme 
• Cycle to Work Scheme 
• Eye examination scheme 
• Financial contribution to the set up of work-from-home environments 
• Use of new and leading technology in the form of apple products 
• Frequent company-funded social events
• Office closure between Christmas & New Year 
• Access to continuous learning and development opportunities
• Comprehensive employee referral scheme 
• Casual Dress Code

In addition to the above, you’ll have access to our ‘take your pick’ benefits scheme which is tailored specifically to you! 

Beyond is an equal-opportunity employer. We encourage interest from all candidates and do not discriminate against any non-merit factors. If you require any adjustments to the application or selection process please call or email us so we can ensure you have the correct support: careers@wonde.com/ .

• Monitor security systems, including firewalls, intrusion detection/prevention systems, and anti-virus software, for suspicious activity.
• Investigate security breaches and cyber-attacks, determining the scope and impact.
• Develop and implement security policies, procedures, and best practices.
• Conduct vulnerability assessments and penetration testing to identify and remediate weaknesses.
• Respond to security incidents, coordinating remediation efforts and post-incident analysis.
• Manage security awareness training programs for employees.
• Stay up-to-date with the latest security threats, trends, and technologies.
• Assist in the development and maintenance of incident response plans.
• Collaborate with IT teams to ensure security is integrated into all systems and applications.
• Maintain accurate records of security incidents and actions taken.
• Ensure compliance with relevant data protection regulations (e.g., GDPR).

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Proven experience in information security, cybersecurity operations, or a similar role.
• Strong understanding of network security, operating systems security, and common attack vectors.
• Experience with security tools such as SIEM, IDS/IPS, and vulnerability scanners.
• Relevant certifications such as CISSP, CompTIA Security+, CEH are highly desirable.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to explain technical concepts clearly.
• Ability to work effectively under pressure and manage critical incidents.
• Proactive mindset towards identifying and mitigating security risks.
• Familiarity with regulatory compliance requirements is a plus.

• Conduct regular security assessments and vulnerability scans to identify potential weaknesses.
• Develop, implement, and enforce security policies and procedures.
• Monitor security systems, including firewalls, intrusion detection/prevention systems, and SIEM tools.
• Investigate and respond to security incidents, providing timely and effective remediation.
• Assist in the development and delivery of security awareness training for employees.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies.
• Collaborate with IT teams to ensure security is integrated into all system designs and implementations.
• Prepare reports on security status, incidents, and recommendations for management.
• Manage and maintain security-related hardware and software.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3-5 years of experience in information security or cybersecurity roles.
• Strong understanding of security principles, frameworks (e.g., ISO 27001, NIST), and best practices.
• Hands-on experience with security tools such as SIEM, vulnerability scanners, endpoint protection, and firewalls.
• Knowledge of network security, cryptography, and threat intelligence.
• Excellent analytical and problem-solving skills.
• Strong communication and reporting abilities.
• Relevant certifications such as CISSP, CEH, or Security+ are highly desirable.

• Develop, implement, and maintain robust information security strategies, policies, and procedures across the organization.
• Lead and manage the information security team, providing guidance, mentorship, and performance management.
• Oversee the implementation and operation of security technologies, including firewalls, IDS/IPS, SIEM, DLP, and endpoint protection solutions.
• Conduct comprehensive risk assessments, vulnerability management programs, and penetration testing activities.
• Develop and manage the incident response plan, leading investigations and remediation efforts for security breaches.
• Ensure compliance with relevant industry regulations and data protection laws (e.g., GDPR, PCI DSS).
• Manage security awareness training programs for all employees.
• Collaborate with IT, development, and business units to integrate security into all aspects of operations and system lifecycles.
• Stay abreast of emerging threats, vulnerabilities, and security technologies, and proactively adapt security measures.
• Manage relationships with third-party security vendors and service providers.
• Develop and manage the information security budget.

• Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree or equivalent experience preferred.
• Minimum of 7 years of progressive experience in information security, with at least 3 years in a management or leadership role.
• In-depth knowledge of cybersecurity principles, frameworks (e.g., ISO 27001, NIST), and best practices.
• Proven experience in managing security operations, incident response, risk management, and compliance.
• Hands-on experience with a variety of security technologies and tools.
• Excellent leadership, communication, and stakeholder management skills.
• Strong analytical and problem-solving abilities.
• Relevant security certifications such as CISSP, CISM, CISA are highly desirable.
• Ability to balance strategic planning with hands-on operational oversight.