Gymshark HQ is based in Solihull, however this role can be both flexible & remote. There will be an expectation (post-Covid, government guidelines dependant) for the successful candidate to also be flexible and be open to coming into HQ occasionally.
As Gymshark’s InfraSec Identity Security Lead, you will be responsible for managing, maintaining and assuring Gymshark’s identity be it User or Device, to ensure that Gymshark stays secure and compliant to Gymshark’s Security Framework and industry best practices.
You will support the Tech Support team as a 3rd line engineer and work with the Tech team to resolve any Identity related issues as well as designing and architecting Gymshark’s global Identity capability and security strategy.
What You Will Be Doing
Management and Support:
- Working with key stake holders to manage and maintain and improve Gymshark’s Global Identity (Devices and IAM/ SSO) capabilities.
- Looking to improve and automate where possible the Joiners, leavers and movers process, including the assignment and deprovisioning of corporate applications and systems.
- Implementing security features and monitoring tools and assuring our security assessment needs for Gymshark’s IAM/ SSO and Device estate.
- Implement and develop of appropriate standards to meet Gymshark’s Compliance needs and integrate them into Gymshark’s Security Framework.
- Providing guidance to decision-makers on Identity security related policies and practices.
- Coordinate with the Incident & Threat Lead and with key stakeholders on how to respond swiftly to new and emerging security threats and vulnerabilities, and aid in the investigation, management and recovery of any suspected attacks.
- Facilitate in reviewing externally commissioned security testing activities. Working with the InfraSec team and relevant stakeholders, to ensure that any vulnerabilities are promptly resolved.
- Promoting the business benefits of Cyber Security, including general information security awareness, to the organisation through briefings and other representations (e.g., Onboarding).
- Working with key stakeholders to develop and document Gymshark’s Business Continuity, Disaster Recovery and Incident processes for our Global Identity services.
- Work to secure Gymshark’s Global Identity capability, by onboarding Gymshark’s corporate systems into our IAM/ SSO environment and look to automate the provisioning and deprovisioning of access to these systems, based on the employee’s role.
- Work with key stakeholders to work towards a Zero trust model so only authorised user or devices can access Gymshark’s systems.
- Produce, maintain and test Gymshark’s device hardening standard to ensure it meets the security needs of the Gymshark’s Security framework and compliance needs.
- Architect and design Gymshark’s Global Identity security strategy, focusing on Zero trust and BYOD.
- Work alongside InfraSec team, and key stake holders to manage vulnerabilities and risk in our Global Identity estate.
- Act as the SME for Identity security and work collaboratively with teams on new projects (New or Replacement systems, etc.) and when you organically find unmanaged systems, If possible onboard them into our SSO environment.
- Act as 3rd line support capability for the Tech Support and Systems teams by assisting them in resolving any identity-based systems.
- Ability to navigate continuously expanding organisational structures and collaborate with multiple stakeholders across functional and technical skillsets.
- Excellent communication skills with the ability to explain Identity Security requirements in business risk terms.
- Work with InfraSec team to perform war games to understand different security compromise scenarios.
- Uses analytics to measure the effectiveness of our global identity solutions (IAM/ SSO and MDM’s) to understand if we’re succeeding the management of our vulnerability management programme, ensuring in Gymshark’s estate is staying compliant.
- Work with InfraSec Team to build clear jargon free Standards and processes so everyone can understand it with ease.
- Identify any current gaps or updates to existing global identity solutions and remedy them.
- Benchmark Gymshark global identity capability against key compliance legislation and global security standards.
- Work with the InfraSec team to perform penetration tests and black box exercise to understand the effectiveness and resilience of Gymshark’s global identity security capabilities.
Knowledge and Opportunity:
- Attend relevant 3rd party events & Webinars to further knowledge/skills/contacts within the industry.
- Using Data extracted from our systems to identify common issues/patterns and establish a strategy to understand why events are happening and resolve accordingly.
- Periodically benchmark our systems to ensure we are staying with the platforms that are most relevant as we continue to grow and expand – think longer term.
- No direct reports at present, scope for this within the future
- Responsible for working with the key stakeholders in larger project management/direction.
- To drive learning and growth within Gymshark.
- To identify problems and issues within the team and take steps to resolve them.
- Identify strengths within the team and utilise these efficiently, whilst coaching and developing weaker areas.
- Will be an ambassador for the function.
- To work outside of hours where necessary/required.
- Identifies areas where training/certification is required and proactively arrange such training/certification once identified.
- To lead by example on best practices and tech policy.
What You'll Need
- Own or work towards, an industry recognised qualification in Cyber/InfraSec or industry related solution.
- Experience identity security management and/or related functions (such as Identity/ MDM solution design or architecture, Identity & Access Engineer or IAM Manager)
- Formal understanding of information security frameworks, such as PCI-DSS, ISO 27001 or NIST Cybersecurity Framework.
- Good understanding of JAMF, Office 365 Suite (specifically Azure AD and End Point Manager) and SSO Platforms.
- Work collaboratively with global stakeholders to align on international projects and joint tasks.
- General High level of organisational skills
- Practical work experience in generating reports and management information.
- Solid understanding of relevant technologies and associated technical information security controls.
- An understanding of due diligence processes, as they relate to information security and data privacy.
- Knowledge of contemporary and emerging enterprise security standards, approaches, practises and industry trends.
- Experience in supporting a Mid-Sized HQ and Satellite Office user base in all InfraSec related questions and queries
- General computer literacy is essential, as is the ability to understand system architecture and information flows.