Charlotte Tilbury Beauty
Information Security & Compliance Manager

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
About Charlotte Tilbury Beauty
Founded by British makeup artist and beauty entrepreneur Charlotte Tilbury MBE in 2013, Charlotte Tilbury Beauty has revolutionised the face of the global beauty industry by decoding makeup applications for everyone, everywhere, with an easy-to-use, easy-to-choose, easy-to-gift range. Today, Charlotte Tilbury Beauty continues to break records across countries, channels, and categories and to scale at pace.
Over the last 10 years, Charlotte Tilbury Beauty has experienced exceptional growth and is one of the most talked about brands in the beauty industry and beyond. It has become a global sensation across 50 markets (and growing), with over 2,300 employees globally who are part of the Dream Team making the magic happen.
Today, Charlotte Tilbury Beauty is a truly global business, delivering market-leading growth, innovative retail and product launches fuelled by industry-leading tech — all with an internal culture of embracing challenges, disruptive thinking, winning together, and sharing the magic. The energy behind the brand is infectious, and as we grow, we are always looking for extraordinary talent who want to be part of this our success and help drive our limitless ambitions.
About The Role
Security and Compliance are critical business functions within Charlotte Tilbury. As a company that deals with a large volume of sensitive customer data, it is imperative that we adhere to modern security standards and remain compliant with the relevant regulations in each region we operate. Equally, the protection of our intellectual property and the productivity of our teams is essential to our continued success.
The Information Security and Compliance Manager will be responsible for developing and overseeing control systems to prevent or deal with breaches of data security and privacy. You will also evaluate the efficiency of these controls and improve them continuously. You will collaborate with the IT department, the Legal department, and other stakeholders to monitor and enforce compliance standards and regulations. You will also provide guidance and training on information security matters and best practice to employees and partners of the business.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
As a Information Security & Compliance Manager you will:
Policy, Process and Documentation
- Coordinate the development of best practice policies and standards related to IT security and data processing
- Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements
Security Operations
- Be accountable for technical security controls including EDR, SIEM, DLP, SSE/SWG, CSPM, vulnerability management, identity security and endpoint compliance ensuring it is fit for purpose and being used to its full potential
- Partner with and challenge Technology Operations on secure design, implementation and operational support of workplace, identity and endpoint technologies
- Define and maintain build standards for Windows, MacOS, Android and iOS devices
- Define security and compliance standards for cloud hosting environments, including AWS and GCP
- Oversee penetration testing, bug bounty programs and red team exercises
- Investigate security events and contain incidents in a timely manner
Compliance
- Manage and oversee technology risk management activities
- Identify areas of non or weak compliance and drive improvement. This could be related to process, system security, documentation or any aspect of security/compliance
- Develop and implement relevant security and compliance reporting to management and risk committees
- Develop and manage an information security risk register to address risk issues and action plans from all sources
- Coordinate information security internal audit and participate in external audits
- Collaborate with the IT department, the Legal department, and other stakeholders to monitor and enforce the compliance standards and regulations
- Take ownership of vendor assessments, third party risk assessments and supply chain vulnerabilities


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Awareness
- Develop and lead information security awareness and training initiatives, including phishing exercises and compliance training
- Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance
Who You Will Work With
Reporting into the Technology Operations Director Lead the Information Security team, consisting of two direct reports.
About You
- Experience in managing Cyber Security and Compliance positioning for an enterprise organisation
- Practical experience delivering hands on security improvements
- An understanding of relevant security and regulations (e.g. GDPR, CCPA, ISO27001, PCI-DSS)
- Customer focussed approach
- Effective communicator with ability to adapt style for intended audience
- Capable of managing the relationship with 3rd party service providers
- Highly organised and able to prioritise workload effectively
- Pro-active and able to work off your own initiative.
- Able to influence and communicate your own point of view
- Creative and unorthodox thinker, able to push projects forward in an unstructured environment.
- Methodical, logical, organised and calm under pressure
- Excellent English written & verbal skills.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location