Gymshark is a global fitness apparel & accessories brand, manufacturer and online retailer in the United Kingdom, supported by over 4 million highly engaged social media followers and customers in 131 countries. Created in 2012 by teenager Ben Francis and a group of his high-school friends. Gymshark has grown from a screen printing operation in a garage, into one of the fastest growing and most recognisable brands in fitness. This growth comes from a devotion to producing innovative, effective performance wear and an ever-expanding social presence, and above all a commitment to the Gymshark vision. 

Our Tech team is wholly responsible for the running and development of our online stores, native applications, integrations and software. We are an agile team applying the company’s ethos, ‘Be a visionary’, to the Tech & Digital aspect of the business.  

As Gymshark’s InfraSec Governance & Awareness Lead, you will be responsible for maintaining Gymshark’s Security framework, as well as assisting in delivering a Security Training & Awareness programme to Gymshark staff. This programme looks to gauge our staffs current understanding and provide a high-quality tailored training to meet their individual needs.

  • Supporting the maintenance and development of the Gymshark’s Security Framework.
  • Implement and develop appropriate policies, processes and reports.
  • Providing guidance to decision-makers on information security policy and practice.
  • Assisting in the development and maintenance of organisational Security Framework, by leading internal & external audits and reviews to safeguard business requirements.
  • Facilitating and reviewing externally commissioned security testing (Penetration Tests, Game Days etc.) activities and working with the Infrastructure Security Incident & Threat Lead and relevant stakeholders, to ensure that any deficiencies are promptly resolved.
  • Participating in the Incident Management process, assisting in managing incidents relating to information security.
  • Promoting the business benefits of information security, including general information security awareness, to the organisation through briefings and other representations.
  • Create and administer Gymshark’s Security Training and Awareness Programme and test our user base using games and real-life scenarios.
  • Work with our internal teams on the selection process when choosing third party suppliers and/or systems and produce risk reports highlight our supply chain risk.
  • Remain up to date with the latest industry standards and announcements to adapt, implement and update existing policy accordingly.
  • Own or work towards, an industry recognised qualification in Cyber/InfraSec.
  • Past experience within information security management and/or related functions (such as information security solution design or architecture, IT Audit, IT Controls/Risk Management)
  • Formal information security frameworks, such as PCI-DSS, ISO 27001 or NIST Cybersecurity Framework.
  • General High level of organisational skills.
  • Practical work experience in generating reports and management information.
  • Solid understanding of relevant technologies and associated technical information security controls.
  • An understanding of due diligence processes, as they relate to information security and data privacy.
  • Experience in supporting a Mid-Sized HQ and Satellite Office user base in all Cyber/InfraSec related questions and queries.
  • Experience in organisations that handle large volumes of PII across multiple SAAS systems, integrations and proprietary software
  • Experienced with governance and support for software on cloud infrastructure providers
  • General computer and systems literacy are essential, as is the ability to understand system architecture and information flows.
  • Ability to work collaboratively with other team members to deliver immediate tasks.
  • A creative problem solver with the ability to think laterally and understand the cost and value drivers within a competitive business environment.