Home
Jobs
JD Sports Fashion
Security Architect - Modern Workplace

Security Architect - Modern Workplace

On site

Bury, United Kingdom

Full Time

31-03-2025

Share this job:

Score my CV Apply

Job Specifications

Established in 1981 with a single store in the Northwest of England, the JD Group is a leading omni-channel retailer of Sports Fashion, Outdoors and Gyms with our colleagues working in stores across several retail fascias in many markets around the world.

JD Sports Fashion Plc was listed on the London Stock Exchange in 1996 and has been a FTSE100 publicly quoted company since 2019 and continues to grow in the UK and internationally.

We want to be the leading global omnichannel retailer in the sports and outdoor industry. To be a part of this successful company and help us to achieve this you will have the desire to ingrain our strategic goals of being a people-led, innovative and customer-focused organisation which provides operational excellence whilst identifying new areas of growth as part of our day to day objectives.

Role Purpose

We are looking for an experienced Modern Workplace Architect to join our growing Information Security team.

Reporting to the Global Head of Security Strategy, Architecture & Engineering and working closely with IT technology and architecture functions, you will develop and implement information security architecture and technology solutions to ensure information security and compliance requirements of the organisation as we go through our Digital Transformation and modernisation and beyond.

As a Modern Workplace Security Architect, you will bring deep expertise in securing a wide array of technologies—devices, applications, and services—that enhance the employee experience, productivity, and collaboration across JD Sports

The Modern Workplace Security Architect will lead the development and execution of the digital workplace strategy designed to foster an optimal employee experience, boost productivity, and facilitate seamless collaboration across JD Group.

Key Responsibilities

Ensure JD employees have seamless access to digital workplace tools that enhance efficiency and collaboration, including Microsoft 365, cloud platforms, and mobile technology.
Champion digital initiatives that improve workplace productivity, reduce friction, and foster a digitally dexterous workforce.
Implement digital workplace solutions that enhance both retail and head-office operations, aligning with JD Sports' omnichannel business model.
Champion the rollout and optimisation of the Microsoft E5 suite of capabilities and services for JD Sports and its Fascias, working closely with IT, privacy and legal to ensure alignment
Ensure information security aspects of applications and services safeguard JD Sports’ data, IP, customers, and brand reputation.
Provide security guidance to business technology teams, ensuring security is integrated from the outset of projects throughout their lifecycle
Translate security requirements into architectural blueprints and patterns, balancing risk, budget, and operational challenges.
Build and maintain relationships with technology vendors and business partners.
Provide subject matter expertise and assess security measures, recommending improvements in collaboration with IT teams.
In conjunction with JD’s Managed Detect and Respond services, develop and maintain incident response plans for modern workplace security breaches, ensuring quick and effective resolution.

Qualifications And Skills

Professional certifications in Information Security or Cybersecurity (e.g. Certified Information Systems Security Professional, Certified Information Security Manager).
5+ years of experience leading digital workplace initiatives in a fast-paced environment.
Strong knowledge of digital workplace platforms (e.g., Microsoft 365, Google Workspace, AWS Workspace, collaboration tools, and endpoint management solutions).
Experience driving digital transformation and employee enablement in a retail, e-commerce, or multi-site environment.
Strong understanding of security frameworks like NIST, ISO 27001, and CIS Controls, and their application to enhance security and ensure compliance
Strong understanding of identity lifecycle management, IAG, and privileged access security.
Considerable technical writing proficiency, oral presentation skills, problem solving and decision-making skills
Experience in using architecture methodologies such as TOGAF and SABSA
Practical experience in Agile/DevOps organizations and cultures

We know our colleagues work tirelessly to make JD Sports the success it is today and in turn, we offer them some amazing benefits including staff Discount On JD Group and other brands within the organisation and personal development opportunities to learn and develop at work.

Thank you for your time

#JD

Apply Now

About the Company

JD Group has been serving customers with an industry-leading blend of recognised sports fashion brands and own brand labels such as DAILYSZN, Pink Soda and Supply & Demand since 1981. We have a strong presence in Europe, North America, and Asia Pacific, and we are still growing... Our culture is fun, fast, and challenging. We encourage our colleagues to be creative, passionate, and ambitious, solving problems and seizing opportunities across all levels of the business. With a commitment to providing a best-in-class custo... Know more

Related Jobs

Company Name: TieTalent
Job Title: Cyber Security Engineer
Job Description: About Location : Bristol or Edinburgh, Hybrid. In this position, you’ll be based in the Bristol or Edinburgh office for a minimum of three days a week, with the flexibility to work from home for some of your working week. Find out more about our flexible work culture at computershare.com/flex. We give you a world of potential The Global Information Security (GIS) team is responsible for driving the development, deployment, monitoring and management of information and cyber security across the Computershare businesses, globally. Along with delivering a comprehensive portfolio of technical security control and monitoring services across all of the global Computershare environments. Through partnerships with the business units, Technology Services and other support functions, the Global Information Security team actively supports the business objectives whilst reducing the overall composite risk to Computershare. A role you will love The Cyber Security Engineer role has hands-on responsibilities for the implementation and maintenance of our on prem and cloud-related infrastructure and technologies. This role’s primary focus will be on the integration between cloud and on-prem security infrastructure. Responsibilities will expand into other technical information security projects and provide opportunities to cross-train and upskill in additional leading technologies. This role is part of a global team of information security professionals that deliver in-depth technical security services for our most critical applications and infrastructure, to ensure that they are highly resilient against existing and emerging cyber security threats. Key Accountabilities Provide technical design, implementation and maintenance of our technical security infrastructure and policies. Develop technical solutions and new security toolsets to mitigate security vulnerabilities and automate repeatable tasks. Build, implement and tune SIEM event correlation rules/logic, and content, to filter out security events associated with known network behaviour, known false positives and/or known errors. Build, implement and tune Web content protection rules/logic. Work with the Security Monitoring team to appropriately and practically defend the enterprise in accordance with established policies, procedures, guidelines and practices. Prepare and document standard operating procedures and protocols. Work with the Threat Intelligence and Cyber Assurance teams to monitor and research industry information sources, for zero-day threats and vulnerabilities that impact Computershare. Establish and maintain strong, collaborative working relationships with global and regional technology infrastructure, application, and architecture teams. What will you bring to the role? The successful candidate will have experience in developing, implementing, and monitoring security solutions, preferably with an Azure Security Engineer Associate certification or similar. You will have proficient knowledge of cloud architecture and its security concerns, along with a strong understanding of security protocols, encryption, and authentication methods/excellent troubleshooting skills. Essential Experience SIEM Data Loss Prevention Cloud Security IDS/IPS Email Threat Prevention Endpoint Detection and Response Identity Protection Privileged Password Management Identity Access Management Rewards designed for you Flexible work to help you find the best balance between work and lifestyle. Health and wellbeing rewards that can be tailored to support you and your family. Invest in our business by setting aside salary to purchase shares in our company, and you’ll receive a company contribution as well. Extra rewards ranging from recognition awards and team get togethers to helping you invest in your future. And more. Ours is a welcoming and close-knit community, with experienced colleagues ready to help you grow. Our handbook will help you find out more about our rewards and life at Computershare, visit https://computershare.com/careershub Nice-to-have skills Cloud Architecture Encryption Cloud Security Edinburgh, Scotland Work experience Cyber Security Specialist Languages English

Edinburgh, United Kingdom

Hybrid

Full Time

02-04-2025

Company Name: Quilter
Job Title: Identity Security Analyst
Job Description: About The Business Quilter plc is a leading provider of financial advice, investments and wealth management, committed to being the UK’s best wealth manager for clients and their advisers. Quilter oversees £119.4 billion in customer investments (as at end December 2024). It has an adviser and customer offering spanning financial advice, investment platforms, multi-asset investment solutions, and discretionary fund management. The business is comprised of two segments: Affluent and High Net Worth. Affluent encompasses the financial planning business, Quilter Financial Planning, the Quilter Investment Platform and Quilter Investors, the multi-asset investment solutions business. High Net Worth includes the discretionary fund management business, Quilter Cheviot, together with Quilter Cheviot Financial Planning. At Quilter we never stand still. Our foundations are rooted in our extraordinary expertise, which is trusted by hundreds of thousands of customers, but we have great ambitions to stay one step ahead and make an even greater difference to the people and communities we serve. Our business is transforming, continually modernising, and becoming even more customer centric. So, if you want to be bold in the pursuit of your ambitions, bring new ideas, and challenge and evolve what we do, it’s the perfect time to join us! About The Role Level: Level 3 Department: Technology: Information Security Location: Southampton or London Contract type: Permanent The Security Architecture team at Quilter provide standards, guidance and expert challenge in support of Quilter across strategic Programmes and Projects, corporate actions, new supplier onboarding and ad-hoc requests. Our goal is to enable the business to deliver solutions that are Secure by Design in an efficient and predictable way through a consistent, modern control base and through timely and appropriate design and implementation guidance. The role will work with a small team of Security Architects who work collaboratively with the broader Technology Architecture community in support of Quilter’s initiatives. The role will also work closely with colleagues across Infrastructure team, Security Operations team and broader Information Security function to continuously improve tools and processes in this space. The Identity Security Analyst will own Identity Security at Quilter, supporting Security and Enterprise Architects as appropriate, and working with stakeholders across the business and technology to ensure Identity Security controls are well designed and effectively delivered. The role would suit an experienced Security, End User or Infrastructure Analyst looking for a step into Security Architecture. Key responsibilities: Act as the technical Identity Security lead at Quilter, supporting the Security Architects Define, maintain and own the technical standards in relation to Identity across Enterprise and Customer Authentication, Authorisation, Access Management, Identity Management and Adaptive Trust / Zero Trust concepts. Define appropriate, but proportionate, metrics to effectively measure our identity risk and work with our Governance, Risk and Controls team to ensure they are reported coherently. Provide input and approval for processes that have been designed by our operational teams to achieve our Identity Security standards. Work with the Information Security and Wider Technology Leadership teams, in particular our Digital Technology team, to drive the roadmap for Identity Security tooling and controls Support Security Architects with Identity Security related items across projects and initiatives Act as a point of escalation for Identity Security issues Act as a trusted advisor to the Head of Information Security and the CIO on Identity Security related matters Maintain strong understanding of identity related risks and ensure any risks to Quilter’s environment are robustly assessed Be responsible for assuring delivery of key BAU identity and access related processes, to ensure they align to expected standards About You Exceptional understanding of the risks associated with poor identity security management and typical patterns used to resolve / mitigate these risks is essential Experience working with Identity Provider (IdP) tooling such as Microsoft Entra ID / Active Directory is essential Broad understanding and/or experience of working with concepts and capabilities such as Identity Governance, Authorisation, Authentication, Privileged Access Management (PAM), Privileged Identity Management (PIM) and Cloud Infrastructure Entitlement Management (CIEM) is essential Experience with implementing Zero Trust concepts, including Conditional Access or Adaptive Trust type controls is desirable Understanding of machine identities and managing these as part of a cloud-first DevOps model, enabling secure and efficient development is desirable Practical experience of cloud-native concepts such as Cloud Security Posture Management (CSPM) and SaaS Posture Management (SSPM) is desirable Excellent attention to detail and ability to work comfortably with data in Microsoft Excel (essential) and Power BI (desirable) Business outcome orientated with a desire to apply technology and security to enable delivery Drive to continually develop skills, maintain expertise and relevance in a fast-changing technology and threat landscape Holding, or willingness to study for, qualifications such as CISSP, CISM, Microsoft Security Certifications or similar is desirable Collaborative style, ability to communicate effectively and work with Security, Technology and Business Stakeholders of all levels of seniority Excellent written and verbal communication skills Inclusion & Diversity We value diversity and strive to promote inclusivity in all aspects of our culture. We believe in equal opportunities for all, ensuring that no applicant encounters less favourable treatment based on anything but their skills, qualifications, experience, and potential. We celebrate the unique contributions of a diverse workforce and create a respectful, nurturing environment where every colleague can thrive. Values Do the right thing: We act with integrity and are proudly committed to going above and beyond in service of our clients and the support we provide our communities. Always curious: We continuously seek new ideas and knowledge so we’re one step ahead of our clients’ needs. We look for inspiration everywhere and encourage experimentation, recognising that this is how we create brilliant solutions for brighter futures. Embrace challenge: We aim high to transform our potential into meaningful outcomes. With ambition as our driving force and a steadfast commitment to growth, we succeed for the good of every generation. Stronger together: Combining our diverse talents, we accomplish more collectively than we ever could do alone. We speak openly, actively listen, and support each other, and constructively challenge and embrac...

London, United Kingdom

On site

Full Time

03-04-2025

Company Name: Endava
Job Title: SOC Manager (Security Operations Manager)
Job Description: Company Description Technology is our how. And people are our why. For over two decades, we have been harnessing technology to drive meaningful change. By combining world-class engineering, industry expertise and a people-centric mindset, we consult and partner with leading brands from various industries to create dynamic platforms and intelligent digital experiences that drive innovation and transform businesses. From prototype to real-world impact - be part of a global shift by doing work that matters. Job Description We are seeking a Security Operations Manager to lead and enhance our global Security Operations Center (SOC) across multiple regions. This role is responsible for strategic leadership, operational oversight, and continuous improvement of security monitoring, incident response, and threat detection capabilities. The ideal candidate has strong leadership skills, a deep understanding of SOC operations, and experience in managing global security teams to ensure a proactive and effective security posture. Responsibilities: Lead and manage the global Security Operations Center (SOC), ensuring 24/7 security monitoring, incident response, and threat management. Develop and execute SOC strategies to enhance security operations, automation, and efficiency. Oversee SOC processes, staffing, and operational workflows to align with business and security objectives. Drive continuous improvement in SOC capabilities, ensuring adherence to industry best practices and frameworks (NIST, MITRE ATT&CK, ISO 27001, SOC2, etc.). Establish and refine KPIs, metrics, and reporting to measure SOC performance and risk reduction. Lead the incident response function, ensuring rapid detection, containment, and remediation of security incidents. Oversee threat intelligence integration and proactive threat hunting efforts to identify and mitigate risks before exploitation. Collaborate with cross-functional teams to improve security response capabilities and drive automation using SOAR platforms. Act as the primary escalation point for major security incidents, coordinating response and communication across global teams. Build and mentor a high-performing global SOC team, fostering a culture of continuous learning and collaboration. Define and implement SOC training programs, including tabletop exercises and attack simulation drills. Ensure SOC analysts, engineers, and threat hunters are aligned with emerging threats and evolving security landscapes. Oversee the implementation and optimization of security technologies, including SIEM, SOAR, EDR, IDS/IPS, and cloud security tools. Drive SOC automation and orchestration to improve response times and operational efficiency. Collaborate with IT, DevOps, and Security Engineering teams to integrate security best practices into broader business processes. Qualifications Required Qualifications & Experience: 5+ years of experience in security operations, SOC management, or cybersecurity leadership roles. Proven experience leading global security operations teams in an enterprise environment. Strong understanding of SOC tools and technologies Experience with security frameworks such as MITRE ATT&CK, NIST, ISO 27001, SOC2, and CIS Controls. Expertise in incident response, threat intelligence, and security automation. Strong leadership, stakeholder management, and communication skills. Familiarity with cloud security best practices (AWS, Azure, Google Cloud). Ability to work in a fast-paced, high-pressure environment and handle security incidents efficiently. Preferred Qualifications: Security certifications such as CISM, CISSP, GCIA, GCIH, CSOM or SOC-related credentials. Experience in security automation and orchestration (SOAR) to improve SOC efficiency. Experience working with regulatory compliance (SOC2, ISO27001, GDPR, NIST 800-53, etc.). Additional Information Discover some of the global benefits that empower our people to become the best version of themselves: Finance: Competitive salary package, share plan, company performance bonuses, value-based recognition awards, referral bonus; Career Development: Career coaching, global career opportunities, non-linear career paths, internal development programmes for management and technical leadership; Learning Opportunities: Complex projects, rotations, internal tech communities, training, certifications, coaching, online learning platforms subscriptions, pass-it-on sessions, workshops, conferences; Work-Life Balance: Hybrid work and flexible working hours, employee assistance programme; Health: Global internal wellbeing programme, access to wellbeing apps; Community: Global internal tech communities, hobby clubs and interest groups, inclusion and diversity programmes, events and celebrations. Our diversity makes us stronger - it drives meaningful change and enables us to build innovative technology solutions. We are committed to creating an inclusive community where all of us, regardless of background, identity, or personal characteristics, feels valued, respected, and free from discrimination. As an equal opportunity employer, we welcome applications from all individuals and base hiring decisions on merit, skills, qualifications, and potential.

Leeds, United Kingdom

Hybrid

Full Time

02-04-2025

Company Name: Duel Tech
Job Title: Information Security Engineer
Job Description: Hybrid: Remote/Bristol Reporting to: Joe Mathews - VP of Technology Salary: £45,000 - £50,000 About Us Duel is a SaaS company on a mission to make Brand Advocacy the industry standard playbook for building brilliant retail brands. It was founded by world record breaking adventurer and former brand ambassador Paul Archer, alongside viral games developer Naio Tsarouchis, and we exist to show there’s a better way to build businesses, to build a better future, proving that caring for people builds brand, which builds long term and exponential profit returns. The Duel Brand Advocacy Platform allows enterprise brands to do just that, scaling how they manage their relationships with thousands of advocates, customers, creators and brand ambassadors. We’re proud today that brands such as Abercrombie & Fitch, Charlotte Tilbury, Spanx, Victoria’s Secret and Elemis (to name a few, but not to name some household names that we can’t talk about yet) are doing just that. The Duel team comprises psychologists, brand experts and community builders, combining cutting edge brand expertise, with seasoned SaaS experience. The Role We’re hiring an Information Security Engineer to join our growing engineering team. As a company, we are ISO 27001-certified and need to maintain this certification while preparing for SOC 2 compliance. Security responsibilities currently sit across different teams, but as compliance requirements increase, a dedicated security engineer is needed to support ongoing security initiatives, manage compliance tasks, and improve Duels overall security posture. The focus of this role is to help maintain our compliance responsibilities through Secureframe, support ISO 27001 and SOC 2 audits, manage security vulnerabilities, and work within engineering to introduce security best practices into development, infrastructure, and operations. We’re Looking For Someone Who Will… Assist in managing ISO 27001 renewals by maintaining compliance documentation and ensuring key security practices are followed. Help support the company’s transition towards SOC 2 certification by tracking requirements and implementing necessary security measures. Work within Secureframe to maintain compliance records, ensuring a structured and organised approach to security audits. Ownership of the external security audits and penetration testing cycles, addressing findings and assisting in remediation. Assist in identifying and tracking security vulnerabilities across the platform, working with engineering teams to ensure proper mitigation. Support the handling of Common Vulnerabilities and Exposures (CVEs), ensuring patches and fixes are applied in a timely manner. Learn and implement security monitoring and automation solutions to detect and respond to threats. Help manage security tooling, including SIEM, IDS/IPS, and vulnerability scanning solutions. Work closely with engineers to support secure coding practices and help embed security considerations early in the development process. Assist in securing infrastructure and cloud environments, ensuring security best practices are followed. Help analyse penetration testing reports and support the implementation of fixes and improvements. Learn and apply security principles in IAM, least privilege access controls, and role-based access management. Maintain up-to-date documentation of security policies, controls, and best practices. Clearly communicate security requirements and improvements to engineering teams. Help build awareness around security risks and compliance needs across the company. We’d love to hear from you if you.. 3 years of experience in a security-related role, such as security engineering, security operations, or compliance-focused security work Exposure to security compliance frameworks such as ISO 27001 or SOC 2, even if not previously responsible for certification processes Experience working within security risk management, vulnerability tracking, or operational security efforts Prior experience working with engineering teams on security topics is beneficial, particularly around secure development practices Ability to clearly communicate security requirements and risks to internal teams A proactive mindset, eager to learn and improve security processes Ability to work across teams, collaborating with engineering and compliance efforts CISSP, CISM certifications are desirable Technical Skills Experience with ISO 27001, SOC 2, or other security compliance frameworks Familiarity with compliance automation tools such as Secureframe, Drata, or Vanta Experience working with pen testing and bug bounties a plus Basic understanding of security tools such as SIEM, IDS/IPS, and vulnerability management solutions Experience or knowledge of cloud security (AWS, GCP, or Azure) Awareness of security best practices in application and infrastructure security Some exposure to IAM, role-based access control, and identity management principles Some experience working with penetration testing findings and basic security audits In-person and remote working balance ... We have small HQ’s in Bristol & London (Holborn) with a growing team of people on the ground in our NYC office also. Although our approach to hybrid working is flexible (we don’t mandate specific days in office), priority for this role will be given to candidates who are available to travel to the Bristol office and keen to spend some days each month in a shared space partnering with the VP of Technology and wider engineering team on shared projects. Why Duel We want to build a remarkable company with remarkable people and a remarkable culture that you will want to shout from the rooftops about. In a relaxed, flexible, and fun environment, the team is driven to making the business a success while enjoying what we do and who we do it with. We have a growing benefits package, including; Flexible working hours - if you need to fit around childcare or need to work around your life, we understand. Around 32 days of Annual Leave (28 excluding bank holidays and an extended break between Christmas and New Year, when we close the office). On-going training where required. Options scheme for all full-time employees - it’s important to us that everybody owns a part of the company and shares in the benefits of what we build. Company MacBook to work from £350 WFH Set-Up Headspace Contributions Personal Development budget and support 2 additional days leave for volunteering

Bristol, United Kingdom

Hybrid

Full Time

02-04-2025