ASOS Technology is going through an exciting period of transition and major investment. – this includes a number of strategic programmes to deliver the amazing technology and business solutions to support our ambitious global growth plans. At the heart of these plans is the rebuilding of our digital platforms and channels to provide the best shopping experience for our customers. Our plan is designed to enable us to really put our mobile experience first, enable personalisation and support a data driven organisation. We are also making significant investments in all our Buying, Merchandising, Finance and People systems with the latest toolsets and applications to accelerate the next phase of our global growth. We are also improving our ways of working within Technology to enable autonomous platform development and improve our engineering and agile practices.

SUMMARY

To lead the Cyber, Fraud & physical security functions within the technology department; deliver the security strategy and associated technologies, policies and governance.

Principal accountabilities

• Develop an enterprise-wide security strategy and ensure the execution of these plans
• Establish, implement, monitor and enforce security standards and technologies for all ASOS systems
• Lead the on-going enterprise-wide security risk assessment and status reporting efforts
• Monitor industry trends, evolving threats, vulnerabilities and control techniques; and keep senior management informed about related security risks and implications for the enterprise (including company secretary and CTO)
• Responsible for ongoing security risk management and mitigation,
• Responsible for the policies, procedures and governance associated with physical security, information security and fraud prevention,
• Responsible for PCI & ISO standards, development plans and reporting compliance
• Responsible for security governance on projects, platform teams, security operations and architecture
• Responsible to establish, operate & govern the Security Incident response processes, investigations and security operational centre   
• Collaborate with teams across ASOS to ensure security risks in both ongoing and planned operations are properly considered and all compliance matters are being adhered to as required.
• Responsible for the creation/roll-out of security awareness and training programs enterprise-wide for audiences up to board level executives.
• Advise and collaborate with executives throughout the enterprise and be responsible for overall enterprise security compliance
• Lead and / or advise business units as necessary to investigate security incidents; to pursue associated potential disciplinary and legal actions in collaboration with the People team and Legal as appropriate
• Develop and grow the talent and people capability within the security team, optimising the mix of internal vs external individuals and 3rd parties
• Manage internal & external stakeholders relationships; report to stakeholders on security related technology investments
• Develop and maintain relationships with governing and other external bodies as needed
• Conduct regular and ongoing monitoring of and reporting on enterprise-wide compliance with information security standards and policies
• Responsible for ensuring that global fraud prevention is effective and efficient
• Responsible for ensuring that the technology platforms associated with customer identity and profile are secure, meets the needs of product owners and operates efficiently
• Responsible for ensuring the payments technology platform is secure, PCI compliant, meets the needs of product owners and operates efficiently
• Responsible for security operations, fraud operations & physical security for all major ASOS sites

Knowledge, skills and experience

• Proven leadership qualities (Direct/Matrix)
• Proven ability to drive a team to achieve its goals within a fast paced and highly agile environment
• People development across the function
• Bachelor’s degree in Information Security, Computer Science, Information Management Systems
• Previous experience as a CISO
• Proven ability to managed and mitigate enterprise wide security incidents
• Strong experience managing technology teams
• Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, network security, SIEM and risk analysis
• Familiarity with Information Security industry standards/best practices and relevant regulations (e.g. PCI DSS, SOX, ISO)
• Analytical and detail-oriented
• Strong understanding of security technologies and best practices
• In-depth understanding of ecommerce / internet based industries
• Senior stakeholder management up to board level
• Management of specialist security suppliers and software vendors / 3rd parties 
• Proven strong experience in commercial negotiation skills
• Strong communication and presentation skills
• CISM [optional]