Security Manager - Application Control
- Full-time
- Technology CF Job Family: Security
- Group Function: Tesco Technology
Company Description
Tesco Bengaluru: We are a multi-disciplinary team creating a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility, providing cutting-edge technological solutions and empowering our colleagues to do ever more for our customers. With cross-functional expertise in Global Business Services and Retail Technology & Engineering, a wide network of teams and strong governance we reduce complexity thereby offering high quality services for our customers. Tesco Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 4,40,000 colleagues.
Tesco Technology consists of people from a number of different backgrounds, but having a common purpose to serve our shoppers a little better every day with our retail technological solutions. We shared a common interest in harnessing innovations in technology to enhance their shopping experience at Tesco stores. Whether making products, software or systems, our teams focuses on various aspects from taking strategic ownership of the architecture to delivering technological solutions such as design, testing, deployment, infrastructure, operation and security of the systems to ensure agile, smooth and safe operations. These help us to deliver the maximum business impact. Teams refine their internal processes to best fit their own needs, working to build core capabilities in application and services. We collaborate globally across teams to build end-to-end customer-facing solutions, as well as to share knowledge, experience, tools and techniques.
Tesco Technology consists of people from a number of different backgrounds, but having a common purpose to serve our shoppers a little better every day with our retail technological solutions. We shared a common interest in harnessing innovations in technology to enhance their shopping experience at Tesco stores. Whether making products, software or systems, our teams focuses on various aspects from taking strategic ownership of the architecture to delivering technological solutions such as design, testing, deployment, infrastructure, operation and security of the systems to ensure agile, smooth and safe operations. These help us to deliver the maximum business impact. Teams refine their internal processes to best fit their own needs, working to build core capabilities in application and services. We collaborate globally across teams to build end-to-end customer-facing solutions, as well as to share knowledge, experience, tools and techniques.
Job Description
About the Cyber Security Team
Our cyber security team are the eyes and ears of our organisation. We use the latest technologies to increase visibility and protection of systems services and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling techniques and processes.
Responsible for developing and running security processes day-to-day for the Tesco Group we’re continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK Europe and Asia and we’re looking to add great people to our growing team.
We believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development and learning; and recognise the importance of keeping up with changes in technology and an evolving threat landscape.
Communication is key – working collaboratively with our software and systems engineering teams to support security throughout the development lifecycle as well as to build proactive monitoring and responses to security events.
About the Identity and Access Management (IAM) Team
With 440 000 colleagues across the Tesco group managing joiners movers and leavers presents a significant challenge. The Identity and Access Management team part of our Cyber Security function is using automation and data science to ensure that people have the right access to do their job with as little friction as possible.
The Identity and Access Management team is made up of Product Managers Engineers Security Analysts and Operations Engineers working across the Tesco group to develop and deploy access controls.
We’re responsible for ensuring that colleagues have the access they need to do their job and no more reducing risk for the Tesco group.
About the role
As a Security Manager for Application Controls you will be at the forefront of ensuring that applications across the group are aligned to our access and authentication policies; and are onboarded into our platforms in a consistent and efficient way.
You will be accountable for the delivery of both the volume and quality of application onboarding to the Tesco Access Management platform and responsible for leading improvements to tooling and ways of working in order to improve and simplify the delivery of controls over time. This role requires a data-driven approach in management of the team and the overall measurement of our Application Controls compliance.
You will manage the team day to day handling escalations and aiding with complex onboardings where required. This will require strong interpersonal skills notably in dealing with complex onboardings working with multiple teams to deliver an appropriate solution.
This role will require a strong technical understanding in key areas such as authorisation management models including applying local account controls using API and database provisioning. A strong understanding of single sign-on protocols such as SAML and OIDC and how these can be used to support both authorisation and authentication. You will be expected to be the lead on best practice for applying general IAM controls and development of standard onboarding patterns to achieve controls outcomes.
You are responsible for the development and improvement of the team over time in terms of how work is assigned and handled tools available to the team to increase consistency/efficiency and identification of automation and simplification opportunities.
The Security Manager for Application Controls will be responsible for the people in the Application Controls team acting as a direct line manager and responsible for recruitment into the team as well as identifying training and development opportunities for current team members.
Whilst specific responsibilities will be dependent upon the changing needs of the Tesco business the following provides an overview of the role's key responsibilities and measures:
•Build a high-performance team capable of delivering excellent application controls
•Create a positive team culture with a culture of openness and knowledge-sharing while encouraging curiosity and innovation in all members of the team
•Manage the application controls team set and monitor development opportunities for team members supporting personal development identifying learning opportunities and encouraging technical training as appropriate
•Build strong collaborative relationships within and outside of Technology
•Work with team members and leadership to define outcomes and objectives for application controls
•Apply my knowledge and experience to both existing and new application control issues while continually seeking to improve my knowledge in application controls
•Ensure that all appropriate resources to meet team outcomes and objectives are in place including leading hiring where required to meet resource gaps
•Act as an escalation point where objectives and outcomes are not being met
•Maintain an eye for detail and make appropriate decisions while in tough situations
•Act as an escalation point for complex issues and apply my expertise in application controls to problems
•Use my knowledge to gather relevant data to inform risk assessment and agree and implement resolution/remediation strategies
•Lead the team in responding to critical issues and acting as the ultimate escalation point for technical queries/issues from outside the team
•Ensure that regular reporting gives insight into the performance of the team and overall compliance across application controls
•Gather regular feedback on team performance both internally and externally and identify opportunities to simplify processes and promote understanding of application controls
This role will best suit an individual who enjoys leading a team is well organised outcome-focussed while pragmatic and a lateral thinker with an inquisitive mind who is motivated to make change for the better and most importantly puts our customers first while always protecting our business.
Key Skills and Experience
You'll need to have demonstrated experience of:
•A strong understanding of application control principles and best practices across authentication and authorisation
•2+ years of managing application controls in a large-scale organisation
•Working collaboratively with colleagues across multiple time zones with varying needs
•Engaging and agreeing goals and outcomes in collaboration with other teams
•Reporting on performance and outcomes to stakeholders
•A comfort working with large data sets to gain insight and drive improvements
•Ability to pick up new products and platforms quickly transferring skills and best practices when needed
Personal Skills
•Ability to motivate and develop a team to achieve their full potential as both individuals and collectively
•An attention to detail and accuracy with a strong sense of integrity and diligence
•Flexibility ability to plan and organise responsiveness creativity self-starter
•Able to build solid working relationships with peers and senior leadership
•Ability to demonstrate strong written verbal communication and presentation skills to all levels of seniority and disciplines within the organisation
Our cyber security team are the eyes and ears of our organisation. We use the latest technologies to increase visibility and protection of systems services and data. To do this we need to stay ahead of the latest threats and continuously improve our tooling techniques and processes.
Responsible for developing and running security processes day-to-day for the Tesco Group we’re continually working to step change security capability to further enhance the protection and controls that we offer for our customers and colleagues across the UK Europe and Asia and we’re looking to add great people to our growing team.
We believe that skilled and passionate people are our greatest asset in reducing risk to our business and customers. We encourage and support continual development and learning; and recognise the importance of keeping up with changes in technology and an evolving threat landscape.
Communication is key – working collaboratively with our software and systems engineering teams to support security throughout the development lifecycle as well as to build proactive monitoring and responses to security events.
About the Identity and Access Management (IAM) Team
With 440 000 colleagues across the Tesco group managing joiners movers and leavers presents a significant challenge. The Identity and Access Management team part of our Cyber Security function is using automation and data science to ensure that people have the right access to do their job with as little friction as possible.
The Identity and Access Management team is made up of Product Managers Engineers Security Analysts and Operations Engineers working across the Tesco group to develop and deploy access controls.
We’re responsible for ensuring that colleagues have the access they need to do their job and no more reducing risk for the Tesco group.
About the role
As a Security Manager for Application Controls you will be at the forefront of ensuring that applications across the group are aligned to our access and authentication policies; and are onboarded into our platforms in a consistent and efficient way.
You will be accountable for the delivery of both the volume and quality of application onboarding to the Tesco Access Management platform and responsible for leading improvements to tooling and ways of working in order to improve and simplify the delivery of controls over time. This role requires a data-driven approach in management of the team and the overall measurement of our Application Controls compliance.
You will manage the team day to day handling escalations and aiding with complex onboardings where required. This will require strong interpersonal skills notably in dealing with complex onboardings working with multiple teams to deliver an appropriate solution.
This role will require a strong technical understanding in key areas such as authorisation management models including applying local account controls using API and database provisioning. A strong understanding of single sign-on protocols such as SAML and OIDC and how these can be used to support both authorisation and authentication. You will be expected to be the lead on best practice for applying general IAM controls and development of standard onboarding patterns to achieve controls outcomes.
You are responsible for the development and improvement of the team over time in terms of how work is assigned and handled tools available to the team to increase consistency/efficiency and identification of automation and simplification opportunities.
The Security Manager for Application Controls will be responsible for the people in the Application Controls team acting as a direct line manager and responsible for recruitment into the team as well as identifying training and development opportunities for current team members.
Whilst specific responsibilities will be dependent upon the changing needs of the Tesco business the following provides an overview of the role's key responsibilities and measures:
•Build a high-performance team capable of delivering excellent application controls
•Create a positive team culture with a culture of openness and knowledge-sharing while encouraging curiosity and innovation in all members of the team
•Manage the application controls team set and monitor development opportunities for team members supporting personal development identifying learning opportunities and encouraging technical training as appropriate
•Build strong collaborative relationships within and outside of Technology
•Work with team members and leadership to define outcomes and objectives for application controls
•Apply my knowledge and experience to both existing and new application control issues while continually seeking to improve my knowledge in application controls
•Ensure that all appropriate resources to meet team outcomes and objectives are in place including leading hiring where required to meet resource gaps
•Act as an escalation point where objectives and outcomes are not being met
•Maintain an eye for detail and make appropriate decisions while in tough situations
•Act as an escalation point for complex issues and apply my expertise in application controls to problems
•Use my knowledge to gather relevant data to inform risk assessment and agree and implement resolution/remediation strategies
•Lead the team in responding to critical issues and acting as the ultimate escalation point for technical queries/issues from outside the team
•Ensure that regular reporting gives insight into the performance of the team and overall compliance across application controls
•Gather regular feedback on team performance both internally and externally and identify opportunities to simplify processes and promote understanding of application controls
This role will best suit an individual who enjoys leading a team is well organised outcome-focussed while pragmatic and a lateral thinker with an inquisitive mind who is motivated to make change for the better and most importantly puts our customers first while always protecting our business.
Key Skills and Experience
You'll need to have demonstrated experience of:
•A strong understanding of application control principles and best practices across authentication and authorisation
•2+ years of managing application controls in a large-scale organisation
•Working collaboratively with colleagues across multiple time zones with varying needs
•Engaging and agreeing goals and outcomes in collaboration with other teams
•Reporting on performance and outcomes to stakeholders
•A comfort working with large data sets to gain insight and drive improvements
•Ability to pick up new products and platforms quickly transferring skills and best practices when needed
Personal Skills
•Ability to motivate and develop a team to achieve their full potential as both individuals and collectively
•An attention to detail and accuracy with a strong sense of integrity and diligence
•Flexibility ability to plan and organise responsiveness creativity self-starter
•Able to build solid working relationships with peers and senior leadership
•Ability to demonstrate strong written verbal communication and presentation skills to all levels of seniority and disciplines within the organisation
Qualifications
IAM access controls application authorisation SSO MFA
Additional Information
Hiring Manager- Robert Ainscough
Last Date of OJP Application - 28th Nov 2020