Creating original and innovative luxury soft toys, Jellycat combines luxurious fabrics with quirky and cute designs and sells its products online and via stockists throughout the UK, Europe and the rest of the world.

The Head of Information Security role is the leader our Information Security strategy and operations. The ideal person will be responsible for protecting our digital assets, eCommerce channels, ensuring the security of customer data, managing a team of 3rd party Information Security professionals, and overseeing third-party Information Security Operations Centers (CSOC) and Virtual Chief Information Security Officers (VCISO) input with the CTO. This role requires a strategic thinker with a strong technical background and excellent leadership skills.

This role will work closely with Jellycat’s Legal and Finance teams on matters of compliance, risks and fraud prevention.

You’ll be;

• Developing and Implementing Information Security Strategy by designing and executing a comprehensive Information Security strategy to protect the company’s information systems and digital assets.
• Identifying, assessing, and mitigating Information Security risks across the organisation. Conducting regular security risk assessments and audits.
• Leading the incident response team to quickly and effectively respond to security breaches and incidents. Developing and maintaining incident response plans and protocols.
• Developing and delivering Information Security awareness training programs for global employees to promote a culture of security within the organisation
• Mentoring a matrix team of cross functional IT professionals providing guidance and support to ensure the team’s success (scope for future management of a direct team)
• Overseeing and coordinate with third-party Information Security Operations Centre (CSOC) and Virtual Chief Information Security Officers (VCISO) to ensure alignment with the company’s Information Security strategy and goals.
• Ensuring compliance with relevant Information Security regulations and standards (e.g., ISO27xxx / Cyber Essentials, DPA 2018, GDPR, CCPA , PIPL & CDSL & PCI-DSS). Developing and enforcing security policies and procedures.
• Managing relationships with external vendors and service providers, ensuring that their security practices meet company standards.
• Evaluating, implementing, and managing security technologies and tools to protect the organisation’s digital assets.
• Working closely with other departments (e.g., Legal, finance, compliance) to ensure a holistic approach to Information Security.
• Providing regular reports to Leadership Team (& occasionally the Board) on the status, KPIs and risks of the organisation’s Information Security posture and initiatives.

You’ll have;

• Experience in Information Security, with at least 3 years in a leadership /senior role, preferably within the retail and e-commerce sector.
• The ability to demonstrate awareness and skills via relatable experience or a formal degree in a related subject matter. A formal Infosec certification will be a distinct advantage.
• A deep understanding of Information Security frameworks, technologies, and best practices. Proficiency in risk management, incident response, and security operations.
• A proven ability to lead and inspire a security culture in cross-functional teams. Strong communication and interpersonal skills.
• Excellent problem-solving abilities and attention to detail with the ability to analyse complex security issues and develop effective solutions.
• Experience of oversight, design and management of security measures on ecommerce platforms
• Familiarity with relevant global Information Security regulations and standards (e.g., GDPR, PCI-DSS).
• Experience in managing third-party Information Security services, including CSOC and VCISO.