Join to apply for the GRC Analyst role at JD Sports Fashion
Join to apply for the GRC Analyst role at JD Sports Fashion
Get AI-powered advice on this job and more exclusive features.
Established in 1981 with a single store in the Northwest of England, the JD Group is a leading omni-channel retailer of Sports Fashion, Outdoors and Gyms with our colleagues working in stores across several retail fascias in many markets around the world.
JD Sports Fashion Plc was listed on the London Stock Exchange in 1996 and has been a FTSE100 publicly quoted company since 2019 and continues to grow in the UK and internationally.
We want to be the leading global omnichannel retailer in the sports and outdoor industry. To be a part of this successful company and help us to achieve this you will have the desire to ingrain our strategic goals of being a people-led, innovative and customer-focused organisation which provides operational excellence whilst identifying new areas of growth as part of our day to day objectives.
Job Description For GRC Analyst
Business Area
Information Security
Job Title
GRC Analyst
Scope and Coverage
Global
Outline Purpose of Role
This Role Will
* Support in the development and maintenance of the GRC policy, risk and controls frameworks and the associated processes and artefacts.
* Conduct internal and external compliance and controls reviews, testing and audits.
* Support effective stakeholder engagement and maintenance of GRC information repository such as policies and standards, risk register, etc…
* Help drive a robust security posture for a large, complex organisation, trading globally within a constantly evolving IT and information security threat environment.
Impact of Role
* Supports the organisation’s IT and cyber governance, risk and compliance processes.
* Help drive good risk culture and behaviours into the business culture of JD Sports.
Reports to
This role resides in the Information Security Function and reports to a GRC Lead.
Direct Reports
Individual contributor with possible periodic oversight of seconded resources, contingent workers and systems integrators.
Key Elements of the Role
Governance And Policy
The job holder will be responsible for assisting and supporting in a range of activities across the Governance, Risk and Compliance function. The job holder will be responsible for the following activities:
* Develop a clear understanding of the organisation, its various entities (business units, subsidiaries, partners, and interdependent entities)to assess existing and applicable policy requirements.
* Contribute and manage IT and cyber policy, standards and guidelines development, maintenance and reviews.
* Identify, analyse and report on key policy metrics such as policy exceptions, breaches and identify relevant risks arisen from policy exception.
* Maintain and develop the IT and cyber GRC internal governance processes, such as monitoring of compliance changes, technological advancement, engagement activities, information repositories, stakeholder engagement, etc…
Risk Management
* Maintain and manage the IT and cyber risk register including conducting of risk assessments and agreeing risk mitigating actions with stakeholders.
* Analyse and categorise IT and cyber risks, aligning risk assessment activities with business priorities and objectives.
* Track and prepare regular risk reporting to senior leadership highlighting KRIs, status and mitigations.
* Assess and monitor third party risks in accordance with the IT and cyber risk framework.
* Analyse incidents and events to Identify omissions and opportunities for improvement in according with the organisation risk exposure and appetite.
Compliance
* Assist in maintenance and improvements of IT and cyber controls framework with changes in compliance and technology requirements.
* Perform IT and cyber controls testing in line with the GRC assurance plan.
* Conduct reviews and assessments of third parties in line with JD compliance requirements.
* Support internal and external audits related to IT and cyber risk and ensure timely remediation of identified risks or control gaps.
Cross-functional Collaboration
* Communicate with internal stakeholders (technical and non-technical) and suppliers to discuss GRC requirement and queries.
* Collaborate with third-party vendors and partners to enforce consistent GRC requirements within the supply chain and vendor ecosystem.
* Work closely with HR, procurement, legal, and other departments to ensure that GRC requirements are integrated into key business processes.
* Provide guidance and training to teams across the organization on IT and cyber GRC and best practices.
* Establish strong working relationship with the internal and external stakeholders to champion GRC processes and activities.
Key Attributes of The Jobholder
Experience And Qualifications
* Bachelor’s degree in Cybersecurity, Information Technology, Compliance or a related field.
* 5+ years of experience in IT and cyber governance frameworks, policy development, cyber assurance, compliance or a related discipline.
* Certifications such as CISSP, CISM, CRISC, or equivalent are strongly preferred.
* In-depth understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and risk management methodologies.
* Experience of third-party risk management.
* Knowledge of regulatory requirements and compliance frameworks (e.g., GDPR, ITGC, PCI-DSS, etc…) related to IT, cybersecurity and risk management.
* Awareness of various operating systems including but not limited to Windows, Linux, Unix.
* Experience with cloud environments (AWS, Azure, GCP) and understanding of cloud security risks.
* Awareness of Agile environments and practices.
Key Skills
The job holder is expected to possess the following skill set:
* Ability to extract clarity from fast-paced, evolving scenarios by helping to clarify the inevitable ambiguity arising within a large, complex, and interdependent organisation.
* Strong analytical and problem-solving skills, with the ability to make informed risk-based decisions.
* Excellent communication skills, both written and verbal, to effectively present risks to senior leadership and non-technical audiences.
* A proven ability to work collaboratively and constructively with other managers to ensure clarity of purpose, effective communication, and mutual understanding IT and cyber frameworks and how to apply them.
* Strong organisational skills with experience of working collaboratively within multi-disciplined teams.
* Competent, engaging communication skills and an ability to articulate goals, achievements, risks, expectations, and needs to individuals and teams at all organisational levels.
* An ability to collaborate effectively in a diversely located team to focus on common goals and timelines.
Values and Behaviours
The Job Holder Will Be a Strategic Thinker Who Is Respectful And Collaborative And Able To Work Easily Within a Diverse And Dispersed Team Of Professionals And Will Exhibit
* Goal-oriented focus,
* Strong schedule keeping,
* Openness,
* Integrity,
* Empathy,
* Accountability.
* Enthusiasm,
* Flexibility,
* Creativity.
We know our colleagues work tirelessly to make JD Sports the success it is today and in turn, we offer them some amazing benefits including staff Discount On JD Group and other brands within the organisation and personal development opportunities to learn and develop at work.
Thank you for your time
#JD
Seniority level
* Seniority level
Mid-Senior level
Employment type
* Employment type
Full-time
Job function
* Job function
Business Development and Sales
* Industries
Retail
Referrals increase your chances of interviewing at JD Sports Fashion by 2x
Get notified about new Analyst jobs in Bury, England, United Kingdom.
Exeter, England, United Kingdom 2 weeks ago
Exeter, England, United Kingdom 2 weeks ago
Exeter, England, United Kingdom 1 week ago
Bridgwater, England, United Kingdom 6 days ago
Exeter, England, United Kingdom 12 hours ago
Exeter, England, United Kingdom 1 week ago
Exeter, England, United Kingdom 2 days ago
Shoreditch, England, United Kingdom 3 weeks ago
Exeter, England, United Kingdom 6 hours ago
Exeter, England, United Kingdom 1 day ago
Taunton, England, United Kingdom 2 weeks ago
Exeter, England, United Kingdom 14 hours ago
Senior Business Analyst (12 month fixed term contract)
Exeter, England, United Kingdom 4 weeks ago
Business Applications Support Analyst (BC)
Bury, England, United Kingdom 1 month ago
Exeter, England, United Kingdom 1 week ago
Exeter, England, United Kingdom 1 week ago
Farringdon, England, United Kingdom 6 days ago
Taunton, England, United Kingdom 2 weeks ago
Poole, England, United Kingdom 1 month ago
Exeter, England, United Kingdom 1 month ago
Devon, England, United Kingdom 4 weeks ago
Exeter, England, United Kingdom 1 month ago
Exeter, England, United Kingdom 1 week ago
Taunton, England, United Kingdom 22 hours ago
Exeter, England, United Kingdom 2 months ago
Corporate Senior Associate/Partner (hybrid)
Exeter, England, United Kingdom 2 weeks ago
Exeter, England, United Kingdom 1 week ago
Exeter, England, United Kingdom 1 week ago
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr