Location: Reading or Dublin – hybrid (2 days a week)
Travel: Occasional travel between sites
Salary & Package: Competitive
A global retail organisation is seeking a Security Assurance Analyst to join its Cyber Security function. This is a permanent role within a growing security team, supporting a major technology transformation and helping to strengthen enterprise‑wide security posture.
This position will play a key role in delivering security assurance across projects, programmes and third‑party suppliers, ensuring that security controls, documentation and governance processes are consistently applied.
What You’ll Do
* Support the assurance team in conducting project security reviews across major technology initiatives
* Maintain key assurance repositories including supplier registers and project assurance lists
* Coordinate penetration testing logistics and ensure required documentation is completed to the right standard
* Validate that security controls are implemented and compliant prior to go‑live
* Support third‑party assurance reviews for new and existing suppliers
* Populate and maintain the Third‑Party Risk Management tool, ensuring data accuracy and completeness
* Collate and track third‑party documentation (SOC, PCI, ISO 27001 etc.) and flag outdated reports
* Work with the Risk Management team to ensure third‑party risks are accurately reflected in the GRC platform
* Contribute to continuous improvement of security assurance processes and governance
What You’ll Bring
* Knowledge of GRC platforms and TPRM modules
* Understanding of Waterfall and Agile delivery methodologies and security‑by‑design principles
* Familiarity with penetration testing approaches and remediation guidance
* Strong analytical skills and high attention to detail
* Knowledge of security frameworks such as ISO 27001 and NIST
* Understanding of GDPR, PCI and how regulations influence project requirements
* Ability to assess third‑party risk based on service scope, posture and supporting evidence
* Awareness of key certifications (ISO 27k, Cyber Essentials) and their relevance
* Strong organisational skills with the ability to analyse and present data clearly
* Minimum 3 years’ experience in an information security role with a focus on assurance
* Relevant degree or equivalent professional qualification
Desirable Experience
* Experience supporting security accreditation programmes (ISO 27001, PCI, Cyber Essentials)
* Exposure to data analytics tools such as Power BI
* Experience working with GRC tools such as OneTrust
* Ability to communicate clearly with stakeholders across technology and business teams
* Proactive mindset with the ability to work independently and manage multiple priorities