Information Security Manager - Application Security


United Kingdom

Job Family


For over 80 years, GfK has been a reliable and trusted insight partner for the world’s biggest companies and leading brands who make a difference in every consumer’s life - and we will continue to build on this. We connect data, science and innovative digital research solutions to provide answers for key business questions around consumers, markets, brands and media. With our headquarters in Germany and a presence in around 60 countries worldwide, you benefit from our global company with a diverse community of ~9,000 employees.

Harnessing the power of our workforce, the greatest asset we have is our people. As part of GfK, you can take your future into your own hands. We value talent, skills and responsibility and support your development within our international teams. We are proud of our heritage and our future: Currently we are in the latter stages of a transformational journey from a traditional market research company to a trusted provider of prescriptive data analytics powered by innovative technology. This is only possible with extraordinary people and this is why we are looking for YOU to help create our future. For our employees as well as for our clients we pursue one goal: Growth from Knowledge!

Job Description

The Informatioon Security Manager - Application Security will report to the Head of Information Security where you will lead Senior and Junior Application Security roles and work alongside the Global Security Team. The Information Security Manager is responsible for all aspects of application security across GfK covering web, desktop and mobile applications. The role will support the Head of Information Security in coordinating improvements in the end-to-end product/system lifecycle spanning the whole SDLC and post launch operations. The role combines leadership including the management of the Security Champions programme, Developer Security training as well as technical application security activities related to validating the security of existing and new products and services and enabling the Application Security team and Security Champions to quickly and effectively address vulnerabilities discovered in GfK products and systems. The ultimate goal is to drive continual improvement in the security of our products, systems and behaviours and ensure colleague and customer success.

Key Responsibilities

  • Providing leadership to the GFK Application Security Team members, ensuring high levels of engagement, alignment to GFK goals, effective personal development.
  • Ensuring the Application Security Team aligns with recognised industry standards, levels of competence and emerging threats, vulnerabilities and techniques.
  • Planning and managing Application Security Team workload focusing on GFK priorities and coordinating a roadmap of activities in sync with the other Security teams and Security Champions.
  • Driving continual improvement in the secure software development lifecycle and supporting our drive to a modern and innovative DevSecOps approach.
  • Working with Application Security team and Lead Security Champions on improving the effectiveness of the overall Security Champion program.
  • Creating and evolving GfK’s Bug Bounty program in support of the Security team.
  • Support the Application Security team analysis of vulnerabilities and other findings to identify systemic weaknesses and drive continual improvement in products, systems and behaviours
  • Publishing blogs/articles and representing GfK at external events to establish us as a recognised centre of excellence for security
  • Supporting security compliance as it relates to assigned products as part of our Information Security Management System, aligned to ISO27001
  • Provides technical security leadership for significant projects or workstreams Skills, know-how and experience
  • Provide business-friendly explanation of  risk posed by  application security weaknesses & vulnerabilities  back to businesses
  • Advise and actively support with remediation activities, including via attending development/engineering stand-upsWork with business application owners/technical engineering teams on remediation plans and provide assistance to the teams on what to fix and how to fix it
  • Support security incidents involving Cloud environments and web services
  • Assist with management and tuning of the Web Application Firewall (WAF)
  • Manage independent penetration test process
  • Conduct risk assessments of web applications in collaboration with IT, Business & Application teamsTake ownership of additional duties as required


  • Managing a global Application Security team
  • Building an Application Security program to address highest priority risks
  • Scoping and delivery Application Security projects on time and in budget
  • Vendor/supplier management
  • Should have the ability to understand customer scenario and application requirements
  • Good knowledge of various development technologies, including: .Net, Java, Python,  php
  • Good understanding of vulnerability management concepts and working experience with one or many of these terminologies: Application vulnerability scanning (Authenticated and Un-authenticated), vulnerability prioritisation, vulnerability reduction, vulnerability ticketing, vulnerability remediation, vulnerability closure and vulnerability tracking
  • Good troubleshooting skills
  • Excellent communication skills and ability to work with global counterparts

We offer an exciting work environment that brings people together. We encourage an entrepreneurial and innovative spirit. We make use of the latest digital technologies. We are looking for self-starters, who accept challenges and create solutions.

Can there be a better place to take center stage in the digital revolution? We are excited to getting to know you!

Posted: 53 days ago

City: London

Work Area: -

Job Time: Full Time

Requisition ID: R00007148