Role Profile
Senior Compliance Analyst
Division/Dept.
Data Governance and Information Security (DGIS)
Location
Hybrid working with base location of Coventry or London
Reporting to
Compliance Manager
In a nutshell
As a Senior Compliance Analyst, you'll play a key role in driving the compliance assurance programme and will be responsible for delivering, monitoring and reporting on the annual testing programme on IT controls and Information Security (IS) control requirements. You'll be responsible for driving continuous maturity and improvement; and you'll support the delivery of operational effectiveness testing controls.
You'll be responsible for defining the controls testing roadmap, and communicate this with key stakeholders and senior management, as well as driving and reporting on key outputs and remediation activities. Additionally, you'll recommend and drive process enhancements across key control areas, whilst seeking out opportunities to drive compliance activities that support the broader compliance strategy.
What you need to do
* Responsible for delivering the annual assurance programme such as across IS and IT controls, including developing testing scenarios to support design and operating effectiveness testing
* Own and manage the assurance testing roadmap and schedule, and provide key support to the overall Compliance strategy
* Responsible for analysing the adoption of processes, documentation and controls
* Contribute and deliver key reporting for the Audit Committee and Data Governance Committee
* Drive and own the continuous assessment of IS and IT control effectiveness across the business, raising appropriate risks or defining remediation requirements
* Responsible for driving remediation plans across the business to improve maturity, mitigations and reduce risk
* Own and drive improvements to process and documentation, to support controls testing and implementation of policy requirements
* Responsible for ensuring the integrity and efficiency of audit records and compliance activity
* Support with internal Data Governance and Information Security projects where necessary
* Be the liaison and maintain a good relationship with stakeholders to drive resolutions to any issues
What you need to know and show
Essential Criteria
* Demonstrable experience of delivering an assurance testing programme across industry frameworks and regulations, such as but not limited to NIST-CSF, Cyber Essentials, ITGC and ITACs, FRC/Corporate Governance Code, and other relevant frameworks and regulations for example COBIT2019 or COSO
* Ability to collaborate effectively with a range of business stakeholders, and support the wider agenda
* Pro-active in tracking upcoming industry changes, interpreting how may these impact the business and have the ability to implement where necessary
Additional Criteria
* Demonstrate ability to learn and understand business processes particularly those covering Finance, Technology and Information Security.
* Previous experience of IT audit either within an external audit or an internal audit role would be desirable
* Experience of working with internal/ external auditors and ability to manage appropriate timelines, resolve findings and contribute to continuous improvement initiatives from audit outcomes
* Ability to think methodically and logically; and communicate using spoken and written word
* Familiar with standard IT and IS processes and controls such as identity and access, change management, third-party management.
* Be able to proactively identify and own any issues and follows through to resolve them
* Ability to prioritise own workload and delivery quality results on time, and to budget
* Certifications such as CISA and ISO 27001 Lead Auditor are desirable but not essential
Support we will provide
* Your line manager will provide support and guidance
* Access to the Compliance, ITGC, GRC, Finance, Data Governance and Infosec teams who have a wide array of skills and knowledge
* Extensive support and training materials available relating to NIST, IT General Controls, PCI-DSS and GDPR
* Other resources as required
Date of last job evaluation
28/11/2024
Hay rating
C5
Please note: This role profile is aimed at describing the core output that should be achieved in this role. It is not intended to include specific tasks, temporary activities, or projects to recognise flexibility in a changing context.
We are committed to being a truly inclusive retailer so you'll be welcomed whoever you are and wherever you work. Around here, there's always the chance to try something new - whether that's as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we'll also offer you an amazing range of benefits. Here are some of them:
Starting off with colleague discount, you'll be able to save 10% on your shopping online and instore at Sainsbury's, Argos, TU and Habitat, and we regularly increase the discount to 15% at points during the year. We've also got you covered for your future with our pensions scheme and life cover. You'll also be able to share in our success as you may be eligible for a performance-related bonus of up to 20% of salary, depending on how we perform.
Your wellbeing is important to us too. You'll receive an annual holiday allowance, and you can buy up to an additional week's holiday, and we provide private healthcare. We also offer other benefits that will help your money go further such as season ticket loans, interest free car loan of up to £10k, cycle to work scheme, health cash plans, salary advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an Employee Assistance Programme.
Moments that matter are as important to us as they are to you which is why we give up to 26 weeks' pay for maternity or adoption leave and up to 4 weeks' pay for paternity leave.
Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).