Cyber Security Partner

About the role

As a Senior Cyber Security Partner; you will

transform the security maturity of key product areas and teams. You will be the

face of security group for them. Everything you do is in the context of the

product; roadmap; its risk acceptance level; the technology stack; and its

architecture.

You build a comprehensive understanding of the threat landscape and its

potential risks to the business. Through effective partnership; you engage the

leadership to make well-informed decisions about security and privacy.

You will be responsible for

Following our Business Code of Conduct and always

acting with integrity and due diligence and have these specific risk

responsibilities:

• Provide product and engineering teams with direction and guidance on all

security matters. There is a whole security

group to back you up; so it is not as scary as it sounds.

• Engage engineering leadership on security roadmap and oversee security

posture of what they build.

• Co-own the security roadmap; discuss; prioritise; and co-develop plans for

remediation for the product areas.

• Empower security champions to succeed and creating a strong feedback loop for

improvements.

• Represent security in all product and architecture meet-ups. Be part of

critical decisions about security.

• Oversee product security activities; from the early development of security

requirements; architecture reviews; and

threat modelling; to strengthening application security; mitigating

supply-chain risks; securing secrets; pipelines;

reviewing vulnerabilities; and infrastructure security.

• Perform security architecture reviews of third-party services.

• Identify acceptable risk levels and assist with action plan; policy; and

procedural changes for risk mitigation.

• Adopt a risk-based approach and guide management in identifying business

risks and potential impact to Tesco.

Continuously seek both tactical and strategic solutions to enhance security.

• As the security expert for the product area; engage across the security group

to strengthen controls across

identification; protection; detection; response; and recovery.

• Oversee assurance activities like security testing; purple testing;

assurance; auditing.

• Reduce security fatigue for engineering and provide faster feedback within

existing developer workflows; not adding

another tool for them to check.

• Empower the teams you work with; but also challenge the status-quo.

• As a senior member of the team; engage across the security group on new ideas

and initiatives.

• Contribute to strengthen organisation standards and policies; develop cookbooks;

secure patterns; take part in

security research and tool evaluations.

• You are committed to continuous improvement; seizing opportunities; and

inspire change for the team.

• Mentor others in the team and take part in enhancing their skills and career

development.

You will need

To excel in this position, we expect you to have

the following:

• Possess experience across multiple sectors and have undertaken diverse roles

in engineering and security.

Demonstratable accomplishments of collaborating with leadership and management

on security programmes and initiatives.

• Good knowledge of various security domains, and solid experience in

architecture practices and design patterns – the technology might have changed

but most of the security challenges have not.

• Experience in designing security and privacy controls with sound

understanding of standards and regulation.

• Experience in threat modelling, attack trees, vulnerability chaining,

applying MITRE ATT&CK framework.

• Good understanding of web applications, REST APIs, micro services, eventing,

modern application frameworks, and mobile apps.

• Good understanding of software architecture, network topologies, SaaS, PaaS,

IaaS (infrastructure as a service).

• Proficient in applying industry standards such as OWASP ASVS (Application

Security Verification Standard), OWASP Top

10, CIS (Centre of Internet Security) controls and benchmarks.

• Experience with cloud native and hybrid architectures with an emphasis on

containerised workloads and Kubernetes.

• Some development experience is always a plus - Java, cloud, Golang, python.

You do not need to "be a developer" but we need you to understand the

implications of security on engineering velocity.

• Degree in computer science / information systems or engineering field, or

equivalent experience.

• Experience with regulations like GDPR (General Data Protection Regulation),

PCI-DSS is desirable.

• Azure or AWS (Amazon Web Services) cloud security certifications is

desirable.

• Excellent interpersonal skills and leadership skills.

Whats in it for you?

At Tesco, we are committed to providing the best for you.

As a result, our colleagues enjoy a unique, differentiated, market- competitive reward package, based on the current industry practices, for all the work they put into serving our customers, communities and planet a little better every day.

Our Tesco Rewards framework consists of pillars - Fixed Pay, Incentives, and Benefits.

Total Rewards offered at Tesco is determined by four principles -simple, fair, competitive, and sustainable.

• ·
  
  Salary -

Your fixed pay is the guaranteed pay as per your contract of employment.
- ·

Leave & Time-off -

Colleagues are entitled to 30 days of leave (18 days of Earned Leave, 12 days of Casual/Sick Leave) and 10 national and festival holidays, as per the company's policy.
- ·

Making Retirement Tension-FreeSalary -

In addition to Statutory retirement beneets, Tesco enables colleagues to participate in voluntary programmes like NPS and VPF.
- ·

Health is Wealth -

Tesco promotes programmes that support a culture of health and wellness including insurance for colleagues and their family. Our medical insurance provides coverage for dependents including parents or in-laws.
- ·

Mental Wellbeing -

We offer mental health support through self-help tools, community groups, ally networks, face-to-face counselling, and more for both colleagues and dependents.
- ·

Financial Wellbeing -

Through our financial literacy partner, we offer one-to-one financial coaching at discounted rates, as well as salary advances on earned wages upon request.
- ·

Save As You Earn (SAYE) -

Our SAYE programme allows colleagues to transition from being employees to Tesco shareholders through a structured 3-year savings plan.
- Our green campus promotes physical wellbeing with facilities that include a cricket pitch, football field, badminton and volleyball courts, along with indoor games, encouraging a healthier lifestyle.

About Us

Tesco in Bengaluru is a multi-disciplinary

team serving our customers, communities, and planet a little better every day

across markets. Our goal is to create a sustainable competitive advantage for

Tesco by standardising processes, delivering cost savings, enabling agility

through technological solutions, and empowering our colleagues to do even more

for our customers. With cross-functional expertise, a wide network of teams,

and strong governance, we reduce complexity, thereby offering high-quality

services for our customers.

Tesco in Bengaluru, established in 2004 to

enable standardisation and build centralised capabilities and competencies,

makes the experience better for our millions of customers worldwide and simpler

for over 3,30,000 colleagues

Tesco Technology

Today, our Technology team consists of over

5,000 experts spread across the UK, Poland, Hungary, the Czech Republic, and

India. In India, our Technology division includes teams dedicated to

Engineering, Product, Programme, Service Desk and Operations, Systems

Engineering, Security & Capability, Data Science, and other roles.

At Tesco, our retail platform comprises a wide

array of capabilities, value propositions, and products, essential for crafting

exceptional retail experiences for our customers and colleagues across all

channels and markets. This platform encompasses all aspects of our operations –

from identifying and authenticating customers, managing products, pricing,

promoting, enabling customers to discover products, facilitating payment, and

ensuring delivery. By developing a comprehensive Retail Platform, we ensure that

as customer touchpoints and devices evolve, we can consistently deliver

seamless experiences. This adaptability allows us to respond flexibly without

the need to overhaul our technology, thanks to the creation of capabilities we

have built.