We’re here to unite the conditioning community. We believe that putting the sweat in today, prepares us for tomorrow. So, we give people the tools they need to reach further, go faster, be stronger. We celebrate those who show up – for themselves – to be their physical or mental best, whatever that means for them. It’s what we want for our community, and our team. A team that’s growing rapidly around the world. A collective of talented individuals working together to invent Gymshark’s future. Our plans are ambitious, and we’re looking for people who want to join us for the ride – our growth will be your growth.
As Gymshark’s InfraSec Identity Security Lead, you will be responsible for managing, maintaining, and assuring Gymshark’s identity be it User or Device, to ensure that Gymshark stays secure and compliant to Gymshark’s Security Framework and industry best practices.
You will support the Tech Support team as a 3rd line engineer and work with the Tech team to resolve any Identity-related issues as well as designing and architecting Gymshark’s global Identity capability and security strategy.
Are you our next Identity Security Lead? Here’s the role up close:
Management & Support
- Working with key stakeholders to manage and maintain and improve Gymshark’s Global Identity (Devices and IAM/ SSO) capabilities.
- Looking to improve and automate where possible the joiners, leavers, and movers process, including the assignment and de-provisioning of corporate applications and systems.
- Implement and develop appropriate standards to meet Gymshark’s Compliance needs and integrate them into Gymshark’s Security Framework.
- Providing guidance to decision-makers on Identity security-related policies and practices.
- Coordinate with the Incident & Threat Lead and with key stakeholders on how to respond swiftly to new and emerging security threats and vulnerabilities, and aid in the investigation, management, and recovery of any suspected attacks.
- Facilitate and review external commissioned security testing activities. Working with the InfraSec team and relevant stakeholders, to ensure that any vulnerabilities are promptly resolved.
- Promoting the business benefits of Cyber Security, including general information security awareness, to the organisation through briefings and other representations (e.g., Onboarding).
- Working with key stakeholders to develop and document Gymshark’s Business Continuity, Disaster Recovery, and Incident processes for our Global Identity services.
- Work with key stakeholders to work towards a Zero trust model so only authorised users or devices can access Gymshark’s systems.
- Produce, maintain and test Gymshark’s device hardening standard to ensure it meets the security needs of the Gymshark’s Security framework and compliance needs.
- Architect and design Gymshark’s Global Identity security strategy, focusing on Zero trust and BYOD.
- Uses analytics to measure the effectiveness of our global identity solutions (IAM/ SSO and MDM’s) to understand if we’re succeeding in the management of our vulnerability management programme, ensuring Gymshark’s estate is staying compliant.
- Identify any current gaps or updates to existing global identity solutions and remedy them.
- Benchmark Gymshark global identity capability against key compliance legislation and global security standards.
- Work with the InfraSec team to perform penetration tests and black box exercises to understand the effectiveness and resilience of Gymshark’s global identity security capabilities.
Knowledge & Opportunity
- Attend relevant 3rd party events & Webinars to further knowledge/skills/contacts within the industry.
- Using Data extracted from our systems to identify common issues/patterns and establish a strategy to understand why events are happening and resolve accordingly.
- Periodically benchmark our systems to ensure we are staying with the platforms that are most relevant as we continue to grow and expand – thinking long term.
- To own or work towards, an industry-recognised qualification in Cyber/InfraSec or industry-related solution equivalent.
- Experience in identity security management and security frameworks, or equivalent
- To work collaboratively with global stakeholders to align on international projects and joint tasks.
- General high level of organisational skills
- Solid understanding of relevant technologies and associated technical information security controls.
- An understanding of due diligence processes, as they relate to information security and data privacy.
- Knowledge of contemporary and emerging enterprise security standards, approaches, practices, and industry trends.
- General computer literacy is essential, as is the ability to understand system architecture and information flows.
Here are some of the perks we offer:
🙌 Opportunity to work on high traffic, high performing e-commerce systems
🤑 Competitive ‘Win Together, Lose Together’ Bonus
🩺 Full private medical insurance with no excess
🏖 25 days holidays + your birthday and all the Bank Holidays which can be substituted and taken whenever you want.
💻 A truly flexible working culture (role needs someone to come to HQ at least twice a week but not every day).
👥 A collaborative, creative and inspiring working environment
💰 Employer pension contributions up to 7%
🤩 Life Assurance at four times your basic salary
🦈 50% Gymshark Discount & Gymshark Gift Card for each year of service
🥇 Financial, Physical and Mental Wellbeing Support
📚 Great training and learning resources & 10% time for personal development
🖥 Choice of hardware and access to the best software
🤒 Paid time off when you’re physically and mentally unwell
🧸 Very Generous Family Leave package – we support you extending your family
GS Campus Perks:
🍎 Refuel – Healthy fresh food at GSHQ
🏋️♂ Free Lifting Club (LC) Gym Membership for yourself and two friends/family
👉 Free monthly massages
💈 Beauty and Barber facilities
🚘 Free on-site parking