Founded in 1856 by Thomas Burberry, Burberry is a global luxury brand with a distinctly British attitude. We are a global business with an extensive network of both owned and franchised stores across EMEIA, Asia Pacific and Americas. We are digital pioneers, and innovative technology underpins every aspect of our business, from product design to distribution and marketing. We believe that modern luxury means being socially and environmentally responsible; this mindset is core to our business and key to our long-term success.

Internal Audit's purpose is to assist Burberry’s Board, Audit Committee and management team by providing independent assurance on the effectiveness of Burberry’s control, governance and risk management processes. 

We’re looking for a Cyber Security Audit Manager to join Burberry in either Leeds or London. Cyber and Information Security is one of the Group’s top principal risks, making this a critical position for Burberry. Leading cybersecurity audits across the group, you’ll engage with our Leadership Team and the Audit Committee, contributing to the wider Internal Audit Strategy. You’ll have a demonstrable record delivering Cyber Security Audit’s and Risk Assessments and be comfortable engaging and challenging a diverse senior stakeholder group.

If you’ve delivered successful Cyber Security Audit’s and Risk Assessments and would like to join a forward thinking, fast paced and stimulating FTSE100 organisation, this could be a great fit.

• Understand the key strategies of Burberry and how they impact IA’s work and overall plan.

• Understand the key cyber and information security risks, and the controls and processes used to mitigate those risks prior to commencing detailed testing.

• Design and conduct tests to evaluate the operation of the controls in place.

• Identify opportunities to improve the efficiency and effectiveness in delivery of the IA plan through integrated auditing activities (e.g. testing of automated/IT dependent controls) and identification of opportunities to utilise data analytics.

• Ensure all work is performed and documented in compliance with established methodology and IIA standards and codes.

• Attend steering groups, committees and working groups where required to stay abreast of emerging risks and.

• Draft audit reports, including assessment of findings and overall report grade, and escalate through management within agreed timeframes.

Required

• Experience in IT Security such as security operations, incident response, information protection, vulnerability management, identity and access management and secure software development

• Understanding of IT and security related industry frameworks (eg: including COBIT, ITIL, ISO27001)

• Experience in auditing ERP systems, IT infrastructure and IT management

• Information Systems / Information Technology degree, or IT Internal Audit/security qualification (i.e.: CISM, CISA, CIA, CISSP etc)

• Minimum of 5 years post graduate experience in an IT Internal Audit role

• Experience in application of risk-based audit methodologies

Desirable

• Programme / project assurance experience

• Retail experience

• Non-IT Audit experience

• Experience performing data analytics

• Accounting qualification (e.g. ICAEW, ACCA, etc)

• Formal SAP training / qualifications or experience with SAP GRC technology