Senior Information Security Manager

Senior Information Security Manager – Waterloo (Hybrid Working) – Full Time – Permanent – Grade 5

We’re iD Mobile, one of the UK’s leading mobile virtual network operators. We launched in May 2015 and have over 2.4 million Pay Monthly customers. We offer everything from super‑value Pay‑as‑you‑go and SIM‑only deals to the latest smartphones from major manufacturers. iD Mobile is part of Currys PLC, Europe’s leading electrical and mobile retailer.

We’re looking to recruit a senior Information Security Manager to act as the key interface between iD Mobile, Commercial, IT operations, and Currys information security & risk teams. The role is crucial to ensuring the security and resilience of iD Mobile’s systems, applications and data and will lead iD Mobile’s response to the UK Telecommunications (Security) Act (TSA). Knowledge and prior application of the TSA is essential; a core responsibility will be delivering measurable improvements to iD Mobile’s risk posture against TSA Security Measures across architecture, delivery, operations, supplier management and contractual frameworks.

TSA Compliance & Governance

• Lead the development and continuous improvement of the TSA compliance and control framework to improve iD Mobile’s risk posture
• Embed TSA requirements and design checkpoints into Architecture Board, Portfolio governance, project teams and change processes
• Provide structured TSA reporting, compliance insights and risk updates to senior leadership and the Board
• Deliver TSA‑aligned supplier audits and contract uplifts to reduce supply‑chain risk exposure
• Establish a TSA Steering Forum with defined RACI, KPIs and governance cadence

iD Mobile Security Leadership

• Maintain an in‑depth understanding of all iD systems, processes and people through hands‑on operations
• Act as the Information Security & TSA SME within governance forums
• Produce monthly iD Mobile Cyber dashboards, reporting on iD project delivery & assurance, incidents and alerts

In Conjunction with iD Operations Teams

• Regularly review IT asset inventories for accuracy and completeness in line with TSA compliance, annotating with installed security tooling and coverage
• Compile a register of iD Mobile third‑party suppliers, their criticality level and associated risks and any regulatory frameworks (such as TSA) required of them
• Maintain an audit‑ready evidence repository
• Provide security advisory input to the Change Approval Board
• Collaborate with technical leads, business analysts and project managers on a wide range of technology projects, including software development, package implementations and infrastructure upgrades/changes
• Act as a Data Governance champion within iD Mobile, ensuring data is classified and processed in an authorised manner

In Conjunction with Currys Information Security Teams

• Provide second‑line challenge for iD Mobile security incidents, crisis management and resilience planning
• Lead post‑incident lessons‑learned reviews and enact improvements in incident playbooks and operational processes to reduce risk
• Liaise with Security Operations to identify trending threat patterns, security tool uptime and SLAs
• Design and schedule an annual programme of penetration testing / red teaming (TBEST aligned) for relevant iD Mobile environments
• Review penetration test, vulnerability scans and exposure management tool output and determine appropriate risk scores and remedial activities
• Assist Capex delivery within iD Mobile through provision of non‑functional security requirements, RFP scoring, architectural review and presentation to the Data & Security Approval Board
• Regularly review the ID Mobile risk register, drive risk closure and management, monitor for ongoing non‑compliance, escalating where necessary
• Lead the response to regulatory and business‑to‑business audits and security reviews of iD Mobile operations

Experience

• Extensive experience in telecoms, cyber security, operational risk or regulatory compliance
• Deep knowledge of the UK Telecommunications (Security) Act and Ofcom Security Measures
• Strong track record influencing senior governance forums and decision‑making bodies
• Hands‑on experience with supplier assurance, third‑party risk management and security audits
• Ability to drive improvements that strengthen organisational risk posture
• Certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor
• Knowledge of MNO/MVNO network environments and telecom operational processes
• Experience in second‑line assurance or internal audit functions

Why Join Us

Join our team and we’ll be with you every step of the way, helping you develop the career you want with new opportunities, ongoing training and skills for life. As the biggest recycler and repairer of tech in the UK, we can help you make a real impact on people and the planet. Every voice has a space at our table and we’re committed to making inclusion and diversity part of everything we do. We want to make sure you have a fair opportunity to show us your talents during our application process. If you need any additional assistance with your application, we’ll do our best to help.

#J-18808-Ljbffr