Security Governance, Risk and Compliance Analyst
Function: Technology Location:
London, LND, GB
Work Arrangement: Hybrid
Position Title: Security Governance, Risk and Compliance Analyst
Reports to: Head of Security Governance
ABOUT THE WELLA COMPANY
Together, WEenable individuals to look, feel, and be their true selves.
THE ROLE
The Cyber Governance, Risk and Compliance Analyst is responsible for ensuring that Wella can demonstrate compliance with industry standards and regulatory obligations in the use of technology to meet business objectives, including performing, tracking, and reporting on the effectiveness of controls, compliance activities, and risk assessments.
KEY RESPONSIBILITIES
You will execute Cyber governance, risk, and compliance activities to ensure that Wella can demonstrate that its control environment is aligned with audit, risk, industry, and regulatory requirements. Work with key stakeholders to drive consistent and continuous compliance with Cyber controls framework and coordinate internal and 3rd party assessments.
1. Provide subject matter expertise on industry-recognized control frameworks, such as COBIT, NIST, ISO, and similar standards
2. Manage the development and implementation of Cyber governance, risk, and compliance policies and procedures
3. Provide expert-level guidance on implementation, monitoring, and evidence collection to demonstrate alignment with industry-recognized control frameworks
4. Plan, schedule, track, monitor, and manage issues related to audit, compliance, and risk assessments
5. Provide guidance on company policies that affect the Cyber and IT control environment
6. Perform periodic reviews and evaluations of Wella Cyber governance, risk, and compliance program to validate that the program adequately aligns with Cyber, audit, risk, industry, and regulatory reporting and evidence requirements
7. Provide subject matter expertise and guidance to the lines of business on interpretation of Cyber requirements to ensure successful completion of internal and external assessments
8. Ensure strategic objectives of the Compliance & Ethics Program are met in the context of Security governance, risk, and compliance, including execution of program assessment activities, coordination of response and tracking of action items for remediation
9. Identify areas of potential improvement
10. Create reporting for Cyber governance, risk and compliance activities to the wider Cyber team and key stakeholders
11. Perform third party due diligence Cyber reviews, assist with responses to audit and customer questionnaires
12. Prepare Wella staff for planned Cyber governance, risk, and compliance assessment activities
ESSENTIAL SKILLS, EXPERIENCE & QUALIFICATIONS
Education:
13. Bachelor’s degree or an equivalent combination of education and experience
Experience:
14. Experience implementing, documenting, tracking, and maintaining technology compliance frameworks
15. Experience performing compliance assessments, information security, risk management, and/or technology risk management
16. Industry certifications are highly preferred
WHAT WE OFFER
17. 25 days holiday + additional day off for your birthday (not including bank holidays)
18. 3 days’ personal leave for your own signification life events
19. 2 paid days off for volunteering/charity work
20. Optional Wella Pension Scheme (8% employer contribution, 3% employee contribution)
21. Optional Family Private Medical Insurance Cover
22. Income Protection
23. Life Insurance (8x base salary up to 2 million payable in the event of your death in service of Wella)
24. Staff Discount (80% of all hair products, 40% OPI, 1 x 50% ghd)
25. EAP (Employee Assistance Program)
26. Enhanced maternity, paternity, and adoption leave
27. Gym Benefits
28. Eye Tests
29. WOW Program (Bonus following exit from KKR, eligible after successful probation. For permanent employees only)
30. Workplace/Nursery Benefits
31. 4 weeks working remotely abroad
32. Early Friday Finish during Summer