Senior Information Security Manager

Senior Information Security Manager

We’re iD Mobile, one of the UK’s leading mobile virtual network operators. We launched in May 2015 and have over 2.4 million Pay Monthly customers. We offer everything from super-value Pay-as-you-go and SIM-only deals, right up to the latest smartphones from the big-name manufacturers. We’re delighted about our success so far and have very ambitious plans for the future. iD Mobile is part of Currys PLC, Europe's leading electrical and mobile retailer. So, while iD Mobile has only been going for a decade, we’re part of a much bigger family.

We’re looking to recruit a senior Information Security manager to act as the key interface between iD Mobile, Commercial, IT operations, and Currys information security & risk teams. The role is crucial to ensuring the security and resilSeience of iD Mobile’s systems, applications, and data and will also lead iD Mobile’s response to the UK Telecommunications (Security) Act (TSA). Knowledge and prior application of the TSA is essential, and a core responsibility will be delivering measurable improvements to iD Mobile’s risk posture against the TSA Security Measures across architecture, delivery, operations, supplier management, and contractual frameworks.

Alongside regulatory experience the successful candidate will be highly attuned to developments in telecommunications security to ensure iD is always ahead of the game. The role must also have proficiency across a broad range of Information Security domains and act as the “go-to” security leader for all iD Mobile matters. This will include triaging security incidents, interpreting technical vulnerability data and prioritising remediation, assuring security-by-design, and ensuring TSA compliance & risk reduction are built into decision making across the business.

Formative understanding and acquisition of accurate inventories of all iD Mobile systems, architecture, people and processes will be paramount, aided by strong stakeholder management skills to influence steering groups and governance forums. There will also be opportunity to work with senior Currys Infosec colleagues in making operational improvements to security methodologies and drive future security strategy across iD Mobile and the wider Group.

Role overview:

TSA Compliance & Governance:

Lead the development and continuous improvement of the TSA compliance and control framework to improve iD Mobile’s risk posture

Embed TSA requirements & design checkpoints into Architecture Board, Portfolio governance, project teams and change processes

Provide structured TSA reporting, compliance insights, and risk updates to senior leadership and the Board

Deliver TSA-aligned supplier audits and contract uplifts to reduce supply-chain risk exposure

Establish a TSA Steering Forum with defined RACI, KPIs, and governance cadence

iD Mobile security leadership:

Maintain an in-depth understanding of all iD systems, processes and people through hands-on operations

Act as the Information Security & TSA SME within governance forums

Produce monthly iD Mobile Cyber dashboards, reporting on iD project delivery & assurance, incidents and alerts

In conjunction with iD Operations teams:

Regularly review IT asset inventories for accuracy and completeness in line with TSA compliance. Annotate inventories with installed security tooling and coverage

Compile a register of iD Mobile third party suppliers, their criticality level and associated risks and any regulatory frameworks (such as TSA) required of them

Maintain an audit-ready evidence repository

Provide security advisory input to Change Approval Board

Collaborate with technical leads, business analysts and project managers on a wide range of technology projects, including software development, package implementations and infrastructure upgrades/changes

Act as a Data Governance champion within iD Mobile ensuring data is classified and processed in an authorised manner

In conjunction with Currys Information Security teams:

Provide second-line challenge for iD Mobile security incidents, crisis management and resilience planning.

Lead post-incident lessons learned reviews and enact improvements in incident playbooks and operational processes to reduce risk

Liaise with Security Operations to identify trending threat patterns, security tool uptime and SLAs

Design and schedule an annual programme of penetration testing / red teaming (TBEST aligned) for relevant iD Mobile environments

Review penetration test, vulnerability scans and exposure management tool output and determine appropriate risk scores and remedial activities

Assist Capex delivery within iD Mobile through provision of non-functional security requirements, RFP scoring, architectural review and presentation to the Data & Security Approval Board

Regularly review the ID Mobile risk register, drive risk closure and management, monitor for ongoing non compliance, escalating where necessary

Lead the response to regulatory and business-to-business audits and security reviews of iD Mobile operations

Experience:

Extensive experience in telecoms, cyber security, operational risk, or regulatory compliance

Deep knowledge of the UK Telecommunications (Security) Act and Ofcom Security Measures

Strong track record influencing senior governance forums and decision-making bodies

Hands-on experience with supplier assurance, third-party risk management, and security audits

Ability to drive improvements that strengthen organisational risk posture

Certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor

Knowledge of MNO/MVNO network environments and telecom operational processes

Experience in second-line assurance or internal audit functions