Head of Information Security

Department: Operations

Employment Type: Permanent - Full Time

Location: Head Office, Chelsea House

Reporting To: Simon Pakenham-Walsh

As River Island's Head of Information Security, you'll play a strategic and hands on leadership role in shaping and strengthening our security posture across the business.

Reporting to the CIO and working as part of the Technology Leadership Team, you'll define, embed, and continuously improve River Island's information security framework - ensuring we remain compliant, resilient, and trusted by our customers, partners, and people.

This is a highly visible role, blending strategy and delivery. You'll oversee security operations, vulnerability management, compliance, and risk governance, while partnering with Technology, Data, Legal, and wider business teams to ensure security is embedded into everything we do - from store systems to eCommerce and cloud platforms.

• Define, implement, and evolve River Island's information security strategy in line with business objectives, regulatory obligations, and risk appetite.
• Lead the development and maintenance of Information Security policies, standards, and controls, ensuring alignment with frameworks such as ISO 27001, NIST CSF, and the SANS Top 18.
• Define and report security KPIs/KRIs to senior management to senior leadership representing risk posture, compliance status, and strategic improvement initiatives.
• Own and manage the Information Security Risk Register; ensure risks are assessed, documented, and mitigated effectively.
• Lead compliance efforts across GDPR, PCI DSS, and other applicable regulations.
• Conduct and coordinate enterprise-wide risk assessments, audits, and internal reviews.
• Champion a pragmatic, risk based approach to security - balancing protection, productivity, and customer experience.
• Own and govern IAM standards (RBAC, joiner/mover/leaver, privileged access, MFA, SSO) across corporate, store and customer facing platforms.
• Oversee operational security activities, including threat detection, vulnerability management, and incident response.
• Coordinate penetration testing, red team, and vulnerability remediation across applications, infrastructure, and cloud environments.
• Develop and maintain incident response playbooks and lead investigations where required.
• Partner with our Managed SOC and technology teams to strengthen detection, response, and automation capabilities.
• Embed secure by design principles and DevSecOps practices across engineering and delivery teams.
• Partner with Legal and the DPO on DPIAs, data transfer assessments and privacy by design:
  • Define and maintain the information classification and handling standard.
  • Ensure security controls for customer data, employee data and payment data are implemented and monitored.
• Provide specialist input into solution design, architecture reviews, and third party integrations.
• Support major transformation projects, ensuring security controls and data protection measures are built in from the start.
• Oversee third party risk management, including supplier due diligence, onboarding, and continuous monitoring.
• Support client assurance and audit activities, providing evidence of River Island's security posture.
• Maintain trust and transparency in all information security communications internally and externally.
• Drive ongoing maturity of the security function through measurable improvement plans, tooling optimisation, and process automation.
• Lead awareness initiatives and promote a strong security culture across the business.
• Mentor and develop members of the Information Security team.
• Proven experience in a senior information security role, ideally within a complex, multi channel retail or technology environment.
• Strong technical grounding across key security domains: network, cloud, endpoint, application, and data security.
• Experience managing or working with vulnerability management tools, SIEM/SOC environments, and incident response processes.
• Familiarity with frameworks and standards such as ISO 27001, NIST, CIS, PCI DSS, and GDPR.
• Excellent communication and stakeholder management skills, with the ability to influence at all levels of the organisation.
• Analytical, pragmatic, and calm under pressure - with a focus on enabling the business, not blocking it.
• Desirable:
  • Security certifications such as CISSP, CISM, or equivalent.
  • Experience in retail, eCommerce, or cloud transformation programs.
  • Understanding of emerging technologies (AI, machine learning, cloud native architectures) and associated security considerations.

We're a much loved brand with an exciting future. Our Islanders are a diverse bunch of bright, talented people who love working together - and are proud of the work they do. Progression here can take you in all kinds of directions. This is what a career at River Island is like. And this is where yours starts.

This role is based at our Head Office in West London. Check us out here on a map.

• Generous 50% staff discount so you can treat yourself to the latest products, and a bargain staff shop on site!
• Reducing Islanders everyday expenses through discounts, benefits, financial advice, wellbeing solutions and more through Reward Gateway!
• A free onsite gym, subsidised restaurant & café to fill you needs. Various social events to socialise throughout the year.
• Every family is unique, we support Islanders with all different family setups enhanced maternity, paternity, adoption & fertility treatment. We also work closely with the Retail Trust to create dedicated support for all our Islanders!
• Flexible working is a given, on top of payday and summer early finish Fridays.
• Give as you earn scheme, a 'Giver Island' day each year and receive matched funding.
• Support with upskilling through on the job training and qualifications. A succession plan if you want to progress.
• A generous bonus scheme & private pension plan.
• The choice to opt in for healthcare through our provider AXA.
• An allowance supporting your commute to work.
• ️ 25 days paid holiday, exclusive of Bank Holidays. With the added option to purchase additional holiday twice a year for whatever the need!

At River Island we are committed to the safeguarding of all of our employees regardless of age or job role. We will fulfil our obligation under the Prevent duty which seeks to stop extremism and extremist views from materialising in our business. We promote and encourage the belief in British Values- including democracy, the rule of law, individual liberty and mutual respect and tolerance of different faiths and beliefs. To find out more, please visit .

Our Island is made up of a diverse community, where we all belong and feel part of something bigger. We are committed to equality of opportunity and welcome applications from individuals, regardless of age, gender, ethnicity, disability, sexual orientation, gender identity, socio economic background, religion and/or belief. We will consider flexible working requests for all roles unless operational requirements prevent otherwise. To find out more about this interview process, check out our hiring process below.