Job Description
An exciting opportunity has arisen for a Senior Security Analyst to join the ASOS Governance Risk and Compliance (GRC) Team in Cyber Security.
Reporting to the Information Security, Governance, Risk and Compliance Manager, this role will assist in the development, enhancement and execution of ASOS’s information security risk and compliance function. This will include activities such as helping to maintain our compliance with the Payment Card Industry Data Security Standard (PCI DSS), maintenance of our security policies and standards, and managing third-party supplier risk. We’re passionate about protecting our colleagues and the ASOS brand, so we would love someone who can thrive and develop in an ever growing and changing security landscape.
You will need to operate at several different levels: from being a team player in the GRC team, working alongside the wider Cyber Security Team and helping other colleagues in all ASOS business areas with their risk and compliance requirements.
Key Responsibilities
Responsibilities include, although not limited to:
1. Management and maintenance of ASOS compliance projects and certifications ( PCI DSS and ISO 27001), including co-ordination of internal audit activities
2. Assist in maintaining the CISO’s cyber security risk registers and conduct cyber security risk assessments/risk workshops as required
3. Management and tracking of corrective action plans for security audit findings, standards exceptions and control deficiencies
4. Supporting other Cyber Security Teams and ASOS business areas with their risk and compliance requirements
5. Authorship and maintenance of ASOS security policies and standards
6. Management and support for the security assessment of third-party suppliers using ASOS third-party risk management platform
What Success Looks Like
7. Being an integral member of the GRC Team to support the smooth running of GRC activities
8. Building effective relationships across ASOS business areas
9. Providing mentorship and guidance to junior GRC Team members
Qualifications
We’d Love To Meet Someone With
10. The successful candidate will demonstrate competency in cyber security by having either the relevant work experience, completed a degree or obtained industry relevant certifications ( CISSP, CISM, CISA, CRISC)
11. Experience in industry standards and frameworks, such as ISO 27001, PCI DSS and NIST CSF
12. Good knowledge of applicable data privacy practices and laws ( DPA, GDPR)
13. Broad knowledge around network technologies (especially cloud) and technical security
14. Excellent organizational skills to plan and manage multiple projects across the business
15. Analytical, problem solving and detail-oriented, with a proven ability to multi-task conflicting priorities
16. Strong communication and presentation skills and ability to influence at all levels of an organisation
Additional Information
What’s in it for you?
17. Employee discount (hello ASOS discount!)
18. ASOS Develops (personal development opportunities across the business)
19. Employee sample sales
20. Access to a huge range of LinkedIn learning materials
21. 25 days paid annual leave + an extra celebration day
22. Discretionary performance related bonus scheme
23. Private medical care scheme
24. Flexible benefits allowance - which you can choose to take as extra cash, or use towards other benefits