Location: Reading or Dublin – hybrid (2 days a week)
Travel: Occasional travel between sites
Salary & Package: Competitive
A global retail organisation is seeking a Security Assurance Analyst to join its Cyber Security function. This is a permanent role within a growing security team, supporting a major technology transformation and helping to strengthen enterprise‑wide security posture.
This position will play a key role in delivering security assurance across projects, programmes and third‑party suppliers, ensuring that security controls, documentation and governance processes are consistently applied.
What You’ll Do
- Support the assurance team in conducting project security reviews across major technology initiatives
- Maintain key assurance repositories including supplier registers and project assurance lists
- Coordinate penetration testing logistics and ensure required documentation is completed to the right standard
- Validate that security controls are implemented and compliant prior to go‑live
- Support third‑party assurance reviews for new and existing suppliers
- Populate and maintain the Third‑Party Risk Management tool, ensuring data accuracy and completeness
- Collate and track third‑party documentation (SOC, PCI, ISO 27001 etc.) and flag outdated reports
- Work with the Risk Management team to ensure third‑party risks are accurately reflected in the GRC platform
- Contribute to continuous improvement of security assurance processes and governance
What You’ll Bring
- Knowledge of GRC platforms and TPRM modules
- Understanding of Waterfall and Agile delivery methodologies and security‑by‑design principles
- Familiarity with penetration testing approaches and remediation guidance
- Strong analytical skills and high attention to detail
- Knowledge of security frameworks such as ISO 27001 and NIST
- Understanding of GDPR, PCI and how regulations influence project requirements
- Ability to assess third‑party risk based on service scope, posture and supporting evidence
- Awareness of key certifications (ISO 27k, Cyber Essentials) and their relevance
- Strong organisational skills with the ability to analyse and present data clearly
- Minimum 3 years’ experience in an information security role with a focus on assurance
- Experience supporting security accreditation programmes (ISO 27001, PCI, Cyber Essentials)
- Exposure to data analytics tools such as Power BI
- Experience working with GRC tools such as OneTrust
- Ability to communicate clearly with stakeholders across technology and business teams
- Proactive mindset with the ability to work independently and manage multiple priorities
