Senior Security GRC Specialist
Senior Security GRC Specialist
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
An exciting opportunity has arisen for a Senior Security GRC Specialist to join the ASOS Governance Risk and Compliance (GRC) team in Cyber Security.
Reporting to the Security Governance Risk and Compliance Manager this role will assist in the development enhancement and execution of ASOSs information security risk and compliance function. This will include activities such as helping to maintain our compliance with the Payment Card Industry Data Security Standard (PCI DSS) maintenance of our security policies and standards and managing thirdparty supplier risk. The role will also provide subject matter expert knowledge and support on security risk management. Were passionate about protecting our colleagues and the ASOS brand so we would love someone who can thrive and develop in an ever growing and changing security landscape.
You will need to operate at several different levels: from being a team player in the GRC team working alongside the wider Security team and helping other colleagues in all ASOS business areas with their risk and compliance requirements.
Key Responsibilities
Responsibilities include although not limited to:
- Management and maintenance of ASOS compliance projects including coordination of audit activities
- Assist in maintaining the CISOs security risk registers and conduct security risk assessments/risk workshops as required
- Management and support for the security assessment of thirdparty suppliers using the ASOS thirdparty risk management platform
- Management and tracking of corrective action plans for security audit findings standards exceptions and control deficiencies
- Supporting other Security teams and ASOS business areas with their risk and compliance requirements
- Authorship and maintenance of ASOS security policies and standards
What Success Looks Like
- Being an integral member of the GRC team to support the smooth running of GRC activities
- Building effective relationships across ASOS business areas
- Providing mentorship and guidance to junior GRC team members
Qualifications :
- The successful candidate will demonstrate competency in security by having either the relevant work experience completed a degree or obtained industry relevant certifications (e.g. CISSP CISM CISA CRISC)
- Experience in industry standards and frameworks such as ISO 27001 PCI DSS and NIST CSF
- Good knowledge of applicable data privacy practices and laws (e.g. DPA GDPR)
- Broad knowledge around network technologies (especially cloud) and technical security
- Excellent organisational skills to plan and manage multiple projects across the business
- Analytical problem solving and detailoriented with a proven ability to multitask conflicting priorities
- Strong communication and presentation skills and ability to influence at all levels of an organisation
Additional Information :
BeneFITS
- Employee discount (hello ASOS discount!)
- ASOS Develops (personal development opportunities across the business)
- Employee sample sales
- Access to a huge range of LinkedIn learning materials
- 25 days paid annual leave an extra celebration day for a special moment
- Discretionary bonus scheme
- Private medical care scheme
- Flexible benefits allowance which you can choose to take as extra cash or use towards other benefits
Remote Work :
No
Employment Type :
Fulltime
Employment Type
Full-time
