The Body Shop to hire chief information security officer

Body Shop CISO would be based at the company's global HQ in Littlehampton, West Sussex

High Street retailer The Body Shop is recruiting a chief information security officer (CISO) to join its team.

Over the weekend, it was revealed that the company, currently owned by French cosmetics and luxury goods group L'Oreal, is set to be sold to Brazilian make-up company Natura Cosmeticos in a €1bn deal.

Its global headquarters is in Littlehampton, West Sussex, and that's where the incoming CISO would be based.

In a job advert, the company said the CISO would be in charge of implementation and control of the group security policy globally, with a direct hierarchical link to the head of CIO office.

The CISO will be expected to maintain and build upon the security policy by making propositions, giving feedback on the drafts and approving the final release.

They will have to follow up on the implementation of the security policy, assess IT risks and ensure that they are correctly mitigated. They will also have to implement and maintain what The Body Shop calls ‘the IT crisis organisation'.

In other words, the candidate has to ensure that there is an organisation in place able to react quickly in case of a security incident or other IT-related disaster. This organisation must be closely linked to a separate ‘business crisis organisation'.

The company must validate the disaster recovery plan, ensure that it is up to date, and that tests are regularly performed. In addition, the successful candidate must maintain a local security dashboard with security KPIs. The Body Shop CISO will report to the group CISO.

He or she will be in charge of puting in place a security-incident report process, this will include validating the post-mortem analysis, the action plan and the follow-up of the action plan.

Finally, The Body Shop said that the incoming CISO will be in charge of the PCI-DSS compliance programme on an ongoing basis - a welcome acknowledgement of the security threats targeting retail payment processes.

The company is looking for a candidate with more than a decade's experience in IT or functions close to IT, such as a business analyst.

They must have a strong technical background, and any security experience is considered a plus. Other prerequisites include excellent communication skills, and being comfortable leading or chairing meetings, and being able to attend frequent trips.

The salary is not disclosed in the job advert.