Skip to main content

InfoSec CIRT Manager

Location(s) London Job ID 29351 Closing Date 16/07/2022 16:22 Contract Full time Contract Type Permanent Shift NA Salary and Benefits Competitive

Advance the world of digital through M&S

Leading the transformation of an industry. The continuous pursuit of new information, resourcefulness and invention. Thousands, if not millions of people benefiting from your product-led ideas, every day. That’s why you join M&S Tech. Here, you’ll be proud of your projects, enhance your understanding of new technologies, and shape the future of a new, digitally prevailing brand of retail. Progress isn’t in the pipeline, it’s already happening. And we’re as determined to advance technology through M&S, as we are to advance M&S through technology. Want to help us?

It’s a mindset, a special drive and an enthusiasm that says, ‘We can’t wait to solve this problem’. It’s growing closer as a team through deep discussions about the technologies we love, whether next-gen or old classics. Most of all, it’s wanting to share that excitement with our customers and colleagues – reinventing retail into its most innovative form, then unlocking fresh potential and raising the bar yet again.

Explore M&OS

Success Profile







Our salaries are competitive and reviewed every year.

Colleague Discount

Receive 20% discount in-store and online for you and a partner or family member.


A minimum 28 days’ statutory holiday per year, pro-rata if you’re part time.

Holiday Buy

You can reduce your salary in exchange for up to one contractual week of additional holiday, subject to eligibility and National Living Wage requirements.


We have discretionary bonus schemes depending on the role that you do and the performance of our business.


If you save 3% of your pay into our Pension Saving Plan we will add an extra 6%. More details at

Life Assurance

Free cover of two times your annual salary up to age 70. If you pay into our Pension Saving Plan we double this to four times.


Allows you to save between £5 and £250 per month for three years with the option to buy shares at a 20% discount – or simply take your savings back.


Invest between £10 and £180 each month from your gross salary to buy M&S shares and build up an investment.

My Choices

Enjoy savings on everyday costs to holidays, recognise your colleague’s success and get more information and support on your wellbeing & benefits.

Cycle to Work

Hire a bike and accessories through Cycle to Work and save on tax and national insurance.


Buy the latest technology with interest free financing directly from your salary.

Health & Wellbeing

Save money on you and your families medical and dental expenses. Get great discounts on gym memberships, active wear, and health products.

Mental Health Support

Free 24/7 support from our expert health and wellbeing partners PAM Wellbeing - including free counselling and CBT as well as support for your family.

Giving Back

Support charities you care about the most by donating through your pay or even volunteer for them for one day.

Financial Wellbeing

Access to information and support to help you manage your finances from long term savings to managing your debt or money worries.

Celebration Time

Celebration time provides additional time off (up to one day per year) for a special occasion.

Virtual GP service

Free and unlimited access to a qualified GP for all UK colleagues and their families.

InfoSec CIRT Manager

Job purpose

The Information security incident response team (IIRT) manager is in the front line of defence against security incidents directed at M&S. The IIRT manager is also responsible for the performance of the IIRT. This team is the focal point for the execution of the response process and coordination of relevant parties when an information security incident occurs. The team is also responsible for maintaining the preparedness of M&S for effective response and for supporting other teams responding to incidents.

Key Accountabilities & Responsibilities

Protect company and its customers from materially impactful events to its Business, Brand and Customer e.g., catastrophic events, significant financial losses, and highly embarrassing events

Act as a liaison between industry peers, government agencies (including law enforcement) and other specialists.

Apply commercial intelligence providers to gain insight into existing activities in the hacker and fraudster communities, as well as planned activities and emerging motivations.

Coordinate with the M&S Global Security Operations Centre and third-party incident retainer providers to assess security incidents!

During high-impact incidents, the IIRT manager may be required to brief senior management directly and get along with the crisis management team.

In consultation with the crisis management team, develop and deliver desktop preparedness exercises at the executive committee level, at least annually!

Participate in industry exercises.

Operationalise effective IIRT Services and controls to protect core business processes and customer data i.e. (Identify, Detect, Protect, Respond and Recovery controls

Develop and maintain the M&S security incident response plan, including all required supporting materials!

Develop functional requirements for roles that will be involved in the IIRT program.

Work with business units, IT functions and external providers to ensure that the process is mutually understood and agreed on, and that responsibilities are clear and accepted.

Act as a liaison throughout M&S (including, lines of business, public relations, legal counsel, and customer contact centres).

Initiate the security incident response process and implement decision authority to the extent of the role within that process.

Ensure execution of the incident response process to the resolution of the incident.

Ensure generation, maintenance, and protection of required incident records, such as investigator journals.

Coordinate, participate in and, if required, chair post incident reviews for presentation to the senior management.

Identify and respond to threats: Incorporating industry intelligence to enable proactive threat detection, containment, and response

Work with the InfoSec Mangers, Leads and Service Delivery Managers to deliver activities within the continuous programme of IIRT improvement relating to incident response for application, infrastructure, and all critical services

If advised outside of normal working hours of a potential incident, then the IIRT manager will be encouraged to perform the role out of hours to the extent required to protect the organisation.

The CSIRT manager will be encouraged to work with other Managers to ensure that the IIRT is suitably equipped to operate out of hours and off-site where desirable.

Development of a global IIRT network

Provide specialised security support for other events that fall outside the IT security incident realm, such as fraud attempts based on electronic channels or high-impact outages due to reasons other than security.

Lead and maintain IIRT tooling owned

Handle third party incident retainer providers

Chair daily, IIRT Stand-Up calls, maintain actions and advance any issues

Report and Maintain Key Risk, Performance and Success Indicators for the team

Act as a liaison between industry peers, government agencies (including law enforcement) and other specialists

Apply commercial intelligence providers to gain insight into existing activities in the hacker and fraudster communities, as well as planned activities and emerging motivations

Develop and maintain the IIRT response and management process, including all required supporting materials

Advise the InfoSec Management team of significant emerging threats, and recommend tactical steps to counteract these threats

Deliver Management Reporting on a regular and ad-hoc basis

Effectively connect with internal partners (technical and non-technical) and suppliers to provide updates on threats and/or to deliver key projects

Make and drive recommendations to improve operational efficiency

Measure, manage and mitigate Information Security risk to and acceptable level and demonstrate compliance

Key Experience– the ideal candidate will have


  • Strong management and influencing skills
  • Demonstrable experience of delivering ground-breaking changes to IIRT culture and processes related to incident
  • Strong verbal and written communication skills are crucial to success in this role
  • Proficiency in preparation of reports, dashboards, and documentation
  • Demonstrable experience of training and developing incident response teams
  • Ability to work well in a diverse team
  • Methodical and principled work approach
  • Good problem-solving analytical skills
  • Good interpersonal skills
  • Solid experience of Security Incident Management and Response, including within a DevSecOps operating model
  • Knowledge and demonstrable experience of Information security technologies and methodologies,
  • Security event log collection and analysis
  • Experience of vulnerability and threat assessment
  • Experience of Intrusion detection and prevention systems
  • Experience of Web-based application security
  • Experience of Cloud systems and their Architecture (Azure, AWS)
  • Experience of working in a 24/7 Security Operations Centre environment
  • Experience of Incident Handling processes and procedures
  • Proven experience of working optimally with managed suppliers and vendors
  • Awareness of Agile environments and practices
  • Awareness of various operating system flavours including but not limited to Windows, Linux, Unix
  • Awareness of Database technologies (SQL, Oracle, DB2, Mongo) and associated threats
  • Awareness of security controls in widely used technologies e.g., MS Office 365
  • Experience of Incident Management and Response tools - IBM Resilient, Remedy, ServiceNow
  • Excellent communications skills – both oral and written
  • Effective planning and prioritisation skills
  • Proven negotiation and influencing skills


  • Ideally have Industry Standard qualifications and training such as SANS; GIAC; CISSP
  • Preferably a bachelor’s or master’s degree in Information Technology and/or Information Security
Works closely with
  • Reporting into the Head of Product (Security Operations)
  • Indirect reports are Information Security Operations Centre and Information Security Operations leads
  • Business Continuity, Technology and Product teams
  • Other Information Security managers and leads in Architecture, Controls, Governance, Risk and Assurance


View more