FreeHire

indigobooksmusic

Team Lead, Information Security & Risk Management

Show

The Information Security Lead provides cybersecurity expertise across Security Awareness, Identity and Access Management (IAM), Cloud Security, Security Risk Assessments, and Security Projects. The role works closely with business and IT teams to identify and manage security risks, support the implementation of security controls, and ensure security requirements are considered in new technologies and projects. As a senior member of the Information Security team, the position serves as a trusted advisor, providing guidance and support to help protect the organization while enabling business objectives.

KEY PERFORMANCE METRICS

  • High completion rates for enterprise security awareness training and positive phishing simulation metrics.
  • Successful design, implementation, and management of Identity and Access Management (IAM) controls, including Azure PIM and PAM.
  • Timely completion of security risk assessments for new technologies, applications, and vendors.
  • Strong cloud security posture maintained across Azure and SaaS environments.
  • Successful support of PCI DSS compliance activities and audits.

KEY ACCOUNTABILITIES

Strategic

  • Act as the security representative on business and technology initiatives, serving as a trusted advisor to protect the organization while enabling business objectives.
  • Lead and support cybersecurity projects from planning through implementation, ensuring security requirements are incorporated into project designs and deployments.
  • Coordinate with internal stakeholders, vendors, and consultants to deliver strategic security solutions.

Functional

  • System Inventory: Maintain an accurate and up-to-date inventory of critical information systems and data assets to support risk assessments, compliance audits, and continuous security monitoring.
  • Risk Management: Support the cybersecurity IT risk management framework by identifying, quantifying, and mitigating cybersecurity risks across corporate, retail, and e-commerce environments. Maintain the IT risk register and facilitate data-driven risk decisions to prioritize remediation efforts.
  • Security Awareness: Manage the enterprise security awareness and phishing simulation program. Develop and deliver security awareness campaigns and communications. Monitor training completion and phishing metrics. Support security culture initiatives across the organization.
  • Identity & Access Management (IAM): Support the design and implementation of Identity and Access Management controls. Manage and improve processes related to user access, privileged access, and multi-factor authentication. Lead IAM initiatives, including Azure PIM and Privileged Access Management (PAM) projects. Collaborate with IT teams to strengthen identity governance and access controls. Conduct periodic access reviews of access to critical information systems.
  • Disaster Recovery: Participate in the development, testing, and execution of disaster recovery procedures and business continuity plans to ensure the resilience and availability of critical information assets and systems.
  • Tabletop Exercises: Facilitate cross-functional incident response and disaster recovery tabletop exercises to validate playbooks, evaluate organizational readiness, and identify actionable improvements.
  • Cloud Security: Support the implementation and operation of cloud security controls across Azure and SaaS environments. Review cloud solutions and provide security recommendations. Participate in cloud security assessments and remediation activities. Work with internal teams and service providers to improve cloud security posture.
  • Security Risk Assessments: Conduct security assessments for new technologies, applications, vendors, and business initiatives. Identify security risks and recommend appropriate mitigating controls. Review solution designs and architectures from a security perspective. Support risk management activities for strategic business and IT projects.
  • Security Operations & Incident Response: Support investigation and remediation of security incidents. Participate in incident response activities and lessons learned reviews. Work with managed security providers and IT teams to address security issues. Support continuous improvement of security monitoring and response processes.
  • Compliance Support: Support PCI DSS compliance activities, audits, and assessments. Assist with security documentation, evidence collection, and remediation efforts. Collaborate with governance, risk, and compliance teams on security initiatives.
  • Vendor & Solution Reviews: Participate in vendor security reviews and product evaluations. Support RFPs and selection of security technologies and services. Review vendor security documentation and recommend security requirements.

People

  • Supports the creation and maintenance of a talent succession plan
  • Collaborate with others to drive flexible and iterative solutions, quickly and easily
  • Share technical knowledge with others and actively seek to learn from those more knowledgeable than yourself
  • Help others see the impacts of their efforts and proactively engage other functions to get input
  • Encourage others to freely share their point of view and be open to feedback
  • Understand and follow Indigo's core HR process - staffing, performance management, rewards, and development
  • Has the ability to see the total organization with an integrated perspective
  • Develops positive and productive peer relationships

Cultural

  • Model Indigo’s beliefs and convey a positive image in everything you do
  • Understands/demonstrates in a manner that promotes, and is aligned with, Indigo's Mission, Vision, Beliefs
  • As a leader, hold others accountable in maintaining the integrity of Indigo's culture
  • Celebrate diversity of thought and have an open mindset
  • Take an active role in fostering a culture of continual learning, taking risks without the fear of making mistakes
  • Embrace, champion, and influence change through your team and/or the organization

SCOPE
Reports to: Director, Information Security
Manager once Removed (MOR): VP Enterprise Technology

KEY RELATIONSHIPS

Internal:

  • IT – Enterprise Applications
  • IT – Information Security
  • PMO
  • Digital
  • Finance
  • Supply Chain
  • Commercial Group
  • Creative
  • Consumer Experience
  • Human Resources
  • Retail leadership

External:

  • Approved Vendors
  • External auditors
  • Regulatory bodies

Work Experience / Education / Certifications

  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • 5+ years of progressive experience in Information Security, preferably in a
  • A professional certification in the security field (CISSP, CISM, or relevant cloud security certifications like AZ-500) is considered an asset.
  • Strong experience supporting frameworks and regulations (specifically PCI DSS).
  • Proven experience working with cloud environments (Azure preferred) and IAM/PAM solutions.

Competencies / Skills / Attributes

  • Analytical thinker with strong problem-solving capabilities.
  • Strong ability to influence and translate complex technology risks into business terms.
  • Excellent communicator capable of coordinating with cross-functional stakeholders and vendors.
  • Adaptable and capable of managing multiple priorities in a dynamic environment.