Information Security Engineer

To work with multidisciplinary teams across Clarks Technology and business areas to identify, design, and build security controls to protect Clarks’ applications, networks, and data from security risks.  To develop and embed best-practice security processes and knowledge into technical teams aligned to Zero Trust principles and in line with industry standards and frameworks (e.g. NIST, PCI DSS).  To identify opportunities for automation and optimization and drive maximum value from existing technologies and services to strengthen Clarks’ overall security posture.

Financial:  No direct financial responsibilities, though the role may be required to assist ITLT and other Clarks Technology managers in strategic planning linked to budgeting linked to security and related technologies

Reports: No direct line reports currently

Impact the job has on the business:  The company’s exposure to security risks has never been greater - with an ever-changing threat landscape, continually evolving privacy regulations, the growth in Software-as-a-Service (SaaS) and AI, and the centrality of data to meet our business objectives it is vital companies implement effective controls to reduce their security exposure and protect their networks, systems, applications and data.  The Information Security Engineer plays a vital role through the identification, design, and implementation of appropriate security controls supporting our legal/regulatory, financial, and commercial requirements while helping improve our overall security resilience.

Core responsibilities include:

• Identification, design and implementation of effective security controls across Clarks’ IT and Technology landscape incorporating Azure, M365 and other SaaS services - identifying new product features, functionality, and service improvements for existing solutions & designing new security solutions to improve the posture on endpoints, servers, and other assets – covering email security, data loss prevention, Azure Active Directory, InTune, Conditional Access, Teams, OneDrive, SharePoint Online, Power Platform, Defender etc
• Conducting relevant assessment activity to identify and prioritize Clarks' risk scenarios and proactively work with infrastructure, project and architecture teams to plan and deliver remediation activities
• Supporting the development of relevant security roadmaps and activity plans aligned to Zero Trust principles and common industry frameworks (NIST, PCI DSS etc)
• Assisting in the review and development of operational processes and procedures required to maintain cyber security for IT services, including managing endpoint compliance, system hardening, host firewall settings, endpoint applications, regulatory requirements, audit issues, endpoint security tools such as DLP, AV, EDR, patching etc.
• Development of monitoring processes and relevant measures/KPIs/metrics to support ongoing assessment of Clarks’ security posture
• Support business continuity and disaster recovery processes and assist in the development and implementation of activities to improve Clarks’ cyber resilience
• Support of security incident response activities, including providing expertise in triaging and resolving key issues, engaging with outsourced security operations and internal SecOps teams to ensure standards and policies are appropriately applied, and assisting in the creation and updating of relevant run books to help ensure effective incident management planning and execution
• Support for compliance and audit activities, working with internal and external stakeholders to understand requirements, identify remedial activity, and monitor progress
• Analysing emerging and developing threats and working with stakeholders to validate the potential impact on Clarks - and recommend measures to address these
• Assist in the development and implementation of the overall security strategy for Clarks’
• Act as a technical security expert within the business, providing advice and guidance to other team members and the wider business as required

Other tasks and activities consummate with the profile of the role as necessary.

Technical/Experience attributes:

• Demonstrable experience in information security roles with a proven track record of developing and implementing effective security control environments both tactically and strategically
• Knowledge of security and IT risk management methodologies and practical experience of applying these to operational business environments
• Good understanding of security controls and best practices across a number of the following areas/domains:
  • Network and infrastructure (networking protocol knowledge is an advantage

- TCP/IP, HTTP, HTTPS, DNS, firewalls, proxies, IDS, IPS etc.)

• • Endpoint (e.g. DLP, Endpoint Detection and Response, File Integrity, SIEM)
  • Operating Systems (Windows, Linux)
  • Database technologies (SQL, Oracle)
  • General cryptography practices (e.g. PKI)
  • Cloud environments (Azure, AWS)
• Fundamental understanding of privacy and data protection laws and regulations and how they apply to technology environments (e.g. GDPR, PIPL etc)
• Knowledge of other regulatory or compliance frameworks such as ISO, PCI DSS, NIST etc
• Likely to hold at least one common security certification (CEH, CCSP, CISSP, OSCP) alongside other relevant IT certifications (ITIL, AMP, Prince2 etc) preferred

Additional technologies/experience:

Experience with any of the below technologies or in the below areas would be advantageous:

• Awareness of DevOps/DevSecOps practices and tooling ideally gained through Agile working environments
• Experience with large, multinational retail organizations
• Experience in enterprise resource planning / SAP environments

Personal Attributes:

• Strong, credible impact, with a demonstrated capability to collaborate and build, maintain and utilize relationships with key internal and external stakeholders to achieve optimum business outcomes
• Excellent communicator, mentor, and facilitator, able to pull people together across different services and systems and motivate them to deliver common aims and targets
• Strong analytical and conceptual reasoning skills and highly effective communication skills – the ability to articulate complex issues and concepts to a wide range of recipients both written and verbally
• Good understanding of developing trends in the industry and related technologies to provide a context for the development of Clarks security and technology strategy
• Demonstrable resilience and highly developed competence in situational awareness and leadership

•            This role is typically hybrid but may require occasional travel (e.g. to other Clarks or partner locations)

•            The role may require working outside of normal business hours on occasion

•            This role is a key member of the Security and wider Technology teams and will work closely with internal and external stakeholders, including Infrastructure, project teams, Legal, Privacy and Compliance