Digital Security - Security Assurance Analyst

Here at DS Smith, a multi‑national sustainable packaging provider, we are looking for a Security Assurance Analyst to join our growing Security Team.

The mission of the I&T Digital Security organisation is to deliver an efficient and effective service that has scalability and flexibility to support the demands of a FTSE 100 business.

Supporting Head of Information Security Architecture and Assurance as well as working closely with key stakeholders including Head of Governance, Risk and Compliance, Digital Security, IT and business teams you will focus on core areas such as risk management and security due‑diligence reviews ensuring compliance with legal, regulatory and relevant security policies and best practices.

In this position you will provide assurance and guidance that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policies.

Visibility and the ability to build close working relationships with Information & Technology (I&T) team members, business stakeholders as well as external partners is essential. This will require some "on site" visits, on a planned basis.

The role demands business insight, technical acuity, and the ability to think, communicate and write at various levels of abstraction.

You will have experience in:

• Interpreting information assurance and security policies and applies these to manage risks.
• Providing advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
• Planning, organising and conducting information assurance and accreditation of complex domains areas, cross‑functional areas, and across the supply chain.
• Validating operating systems, networks, software, and hardware are protected and compliant with organisation's policies.
• Identifying security risks and producing effective reports to articulate and report those risks along with proposed remediations in appropriate risk forums.
• Engaging with information security operations to maintain acceptable levels of control and risk throughout the business.
• Contributing to the development and implementation of robust set of policies, standards and guidelines.
• Maintaining relevant documentation related to information security.
• Supporting monitoring of the external environment and assessment of emerging technologies.
• Identifying risks and vulnerabilities, assesses their impact and probability, develops mitigation strategies and reports to the business.
• Conducting formal assessments or reviews for given domain areas, suppliers, or parts of the supply chain. Collating and examining records, analysing the evidence and drafts all or part of formal compliance reports.
• Determining the risks associated with findings and non‑compliance and proposes corrective actions.

• Competitive salary
• Company bonus
• Pension scheme
• Life assurance
• Income protection
• 25 days holiday plus bank holidays
• Electric car scheme
• Annual Cycle to Work Scheme