Marks and Spencer

About the Company

At M&S, we're dedicated to being the most trusted retailer, prioritising quality and delivering value. Every day, we bring the magic of M&S to our customers, whenever, wherever and however they want to shop with us.
For over a century, we've set the standard, doing the right thing and embracing innovation. Today, with over 65,000 colleagues serving 32 million customers globally, we're putting quality products at the heart of everything we do.

Tomorrow holds boundless opportunities with us. We're pioneering digital innovation and shaping the future of retail where our values drive every action.

We stay close to customers and colleagues, always curious and connected. Our decisions are bold, our actions ambitious. Transparency is paramount, with straightforward, honest communication. We're constantly innovating, always striving for the best. Our focus is on aiming higher and winning together, combined with wise financial decisions to secure our future.
Join us at M&S to shape the future of retail.

Listed Jobs

Company Name

Marks and Spencer

Job Title

Senior HR People Partner - Fashion, Home & Beauty

Job Description

**Job Title:** Senior HR People Partner - Fashion, Home & Beauty **Role Summary:** Senior HR People Partner drives strategic people strategy aligned with commercial goals, supporting organizational development, talent management, and performance optimization in the Fashion, Home & Beauty division of a global retail organization. **Expectations:** - Experience supporting cross-functional teams in retail or consumer sectors. - Proven ability in organizational development and change management. - Strategic mindset for influencing leaders to enhance productivity and engagement. **Key Responsibilities:** - Partner with leadership to align people plans with commercial objectives and drive organizational effectiveness. - Champion talent strategy, succession planning, and high-performance culture. - Leverage data and HR analytics to improve decision-making and digital platform adoption. - Lead diversity, equity, and inclusion (DEI) initiatives to foster inclusive teams. - Collaborate with HR teams to standardize and enhance people practices. **Required Skills:** - Senior-level generalist HR expertise in organizational development, talent, performance, and change management. - Strong stakeholder engagement, leadership coaching, and influencing at senior levels. - Commercial awareness and ability to deliver results through people strategies. - Proficiency in data analysis and digital HR tools. - Adaptability in ambiguous environments and problem-solving agility. **Required Education & Certifications:** - Bachelor’s degree in HR, business, or related field. - Preferred HR certifications (e.g., SHRM, CIPD) in organizational development or talent management.

London, United kingdom

Hybrid

Senior

02-10-2025

Company Name

Marks and Spencer

Job Title

Security Platform Engineer

Job Description

**Job title**: Security Platform Engineer **Role Summary**: Design, implement, and maintain security controls for SaaS, PaaS, and internal cloud platforms. Provide technical consulting to detect misconfigurations, automate security checks, and enforce platform security standards across development and operations teams. **Expectations**: - Deliver robust identity, access, and configuration security across Microsoft, Google, Atlassian, MongoDB Atlas, and proprietary services. - Drive automation of security reviews within CI/CD pipelines and promote repeatable, scalable security practices. **Key Responsibilities** - Advise on secure adoption of cloud services and first‑party platforms, ensuring least‑privilege, zero‑trust, and proper authentication/authorization. - Identify and remediate platform misconfigurations and vulnerabilities, conducting workshops and creating risk documentation. - Review and configure access controls for databases, API gateways, code repositories, and integration services. - Develop and maintain Terraform modules and Python/Bash scripts for automated security scans and configuration enforcement. - Integrate security checks into CI/CD pipelines (e.g., GitHub Actions) to detect misconfigurations, vulnerabilities, and policy violations. - Monitor platform health, respond to security events, and maintain governance baselines. **Required Skills** - 3+ years platform/infrastructure security experience. - Expertise in identity and access management: least privilege, zero trust, SSO, JWT, RBAC/ABAC/PBAC. - Strong understanding of database and API security principles. - Proficiency in Terraform, Python, Bash. - Knowledge of security threats (DDoS, brute force, exfiltration, spoofing). - Experience with CI/CD security integration and automated compliance checks. **Required Education & Certifications** - Bachelor’s degree in Computer Science, Information Security, or related field (equivalent experience acceptable). - Relevant certifications preferred: CISSP, CISM, CISA, or equivalent cloud security certifications (e.g., Azure CISSP, CompTIA Security+).

London, United kingdom

Hybrid

Junior

25-11-2025

Company Name

Marks and Spencer

Job Title

Threat Intelligence Associate

Job Description

Job Title: Threat Intelligence Associate Role Summary: Support the Threat Intelligence team by triaging security alerts, monitoring global threat feeds, and analysing emerging cyber threats. Translate technical findings into actionable intelligence for technical and non‑technical stakeholders, and aid in integrating threat insights into security controls and incident response. Expectations: * Junior analyst role with direct oversight of threat intelligence processes and tooling. * Demonstrate ability to learn and apply advanced threat‑intel methodologies and tools. * Collaborate across information security functions to deliver timely, relevant intelligence. Key Responsibilities: * Operate threat intelligence tools and maintain standard processes. * Monitor global cybersecurity incidents and trends; assess potential impacts on the organization. * Analyse threat data, develop insights on adversary TTPs, and produce concise intelligence briefings. * Convert technical threat findings into actionable guidance for incident response and security teams. * Update and maintain threat landscape knowledge, focusing on tactics, techniques, and procedures (TTPs). * Assist in integrating threat intelligence into controls, detection rules, and response playbooks. Required Skills: * Experience in a cyber threat intelligence, SOC analyst, or related cybersecurity role. * Knowledge of threat actors, TTPs, and threat‑intelligence lifecycle. * Familiarity with TIPs and SIEM platforms; ability to develop custom detection rules. * Strong analytical and problem‑solving abilities. * Effective written and verbal communication; able to present findings to diverse audiences. * Ability to work collaboratively in a cross‑functional security environment. Required Education & Certifications: * Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or related field (or equivalent experience). * Relevant certifications such as CompTIA Security+, GCIH, or related threat‑intelligence credentials are a plus.

London, United kingdom

Hybrid

03-12-2025

Company Name

Marks and Spencer

Job Title

Culture, Training and Awareness Principal - Information Security

Job Description

**Job Title:** Culture, Training and Awareness Principal – Information Security **Role Summary:** Design, implement and evolve a global cybersecurity culture, training, and awareness program that fosters a secure mindset across all business units. Lead the creation of a Cyber Security brand, launch targeted training initiatives, and cultivate a Security Champion network to embed best practices company‑wide. **Expectations:** - Deliver measurable improvements in security awareness and engagement. - Translate Information Security objectives into concrete, result‑driven deliverables. - Build and maintain a peer‑to‑peer Security Champion network, particularly within Digital & Technology teams. - Strengthen the organization’s Cyber Security brand through coordinated communication campaigns. **Key Responsibilities:** 1. Develop and execute a comprehensive security culture strategy that aligns with InfoSec goals. 2. Design, roll out, and continuously improve tailored training modules for different departments and roles. 3. Establish and sustain a Security Champion network across all units, with a dedicated sub‑network in D&T. 4. Create and manage branding materials, communication plans, and campaigns that promote cybersecurity awareness. 5. Measure and report on training effectiveness and awareness levels using established metrics. 6. Collaborate with technical teams to ensure secure‑by‑design principles are communicated and adopted. 7. Advise colleagues on security responsibilities and best practices, acting as a bridge between InfoSec and the broader organization. **Required Skills:** - 3+ years of experience in cybersecurity training, awareness, or culture roles. - Proven track record of developing and delivering security training programs. - Strong understanding of secure‑by‑design, SDLC requirements, and secure development practices. - Ability to measure and assess employee awareness and translate insights into actionable plans. - Excellent written and verbal communication, with the skill to craft engaging messaging and influence stakeholders. - Experience managing or contributing to a Security Champion or similar peer‑leadership network. - Familiarity with marketing or public relations principles for brand building in a security context. - Ability to work cross‑functionally with technical, operational, and senior executive teams. **Required Education & Certifications:** - Bachelor’s degree (preferred in Marketing, Public Relations, Cyber Security, Information Technology, or related field). - Relevant security certifications (e.g., CISSP, CISM, CRISC, or equivalent) are advantageous but not mandatory.

London, United kingdom

Hybrid

Senior

03-12-2025