Burberry Senior Manager, Information Security Risk

About Burberry

A leading luxury maison within a global luxury group, the employer operates across fashion, leather goods and selective retail channels. The organisation combines heritage craftsmanship with modern, international operations and invests in enterprise-grade information security to protect intellectual property, client data and digital services across multiple markets.

Role & Responsibilities

• Lead the enterprise information security risk program, establishing risk appetite, governance and reporting to senior stakeholders and the executive risk committee.
• Conduct, oversee and validate risk assessments across IT, cloud, applications, third parties and operational processes; translate technical risk into business impact and remediation roadmaps.
• Develop and maintain security risk policies, standards and controls aligned with ISO 27001, NIST CSF and applicable privacy regulations (e.g., GDPR).
• Coordinate third-party and supply-chain risk management activities including vendor assessments, contractual requirements and continuous monitoring.
• Partner with Cloud, IT Ops, Product and Engineering teams to integrate security risk requirements into architecture, change management and release processes.
• Manage remediation workflows, track risk treatment plans, and ensure timely closure of high and critical findings.
• Design and oversee risk metrics, dashboards and periodic reporting to senior leadership and audit/compliance functions.
• Support incident response and business continuity planning from a risk perspective, including post-incident root-cause analysis and preventive controls.
• Coach, mentor and develop information security risk analysts and liaise with regional security leads to ensure consistent risk practices globally.

Qualifications

• Proven experience leading enterprise information security or cyber risk programs in complex, multi-national organisations.
• Strong understanding of information security frameworks (ISO 27001, NIST CSF), privacy regulations (GDPR) and risk management methodologies.
• Demonstrable experience with third-party risk management and cloud security risk assessment.
• Excellent stakeholder management with experience communicating technical risk to senior executives and non-technical business leaders.
• Professional certifications preferred: CISSP, CISM, CRISC or equivalent.

Skills

Experience

Typically 8+ years in information security or cybersecurity roles with at least 3–5 years managing security risk programs or a small team, preferably within the luxury retail, fashion, or retail technology sectors.

Education

Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related discipline; advanced degree or equivalent professional experience preferred.

Workplace

Culture

The organisation values craftsmanship, discretion and high standards of quality across all functions. The corporate culture blends rigorous, risk-aware decision-making with cross-functional collaboration and an international mindset, offering opportunities to work with creative and technical teams across regions.

About Cerulean

Cerulean is the definitive career portal for the global luxury industry. We match exceptional professionals with exclusive opportunities at the world's most prestigious brands. From haute couture and fine watchmaking to prestige beauty, hospitality, and boutique retail, Cerulean centralises luxury employment to help you find the career for which you were destined.