Senior Security GRC Specialist

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.

Company Description

We're ASOS. We blend our flair for fashion with our love of cutting-edge technology, but more importantly we're interested in how we can bring the best out of you.

We exist to give people the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you're free to be your true self without judgment, and channel your creativity into a platform used by millions.

Through our Fashion with Integrity strategy, we are driving diversity, equity, and inclusion across every aspect of ASOS, ensuring every ASOSer can be their authentic self at work. We want our people to be whoever they want to be, because we believe people who bring their best selves to work, do their best work.

Job Description

An exciting opportunity has arisen for a Senior Security GRC Specialist to join the ASOS Governance, Risk, and Compliance (GRC) team in Cyber Security.

Reporting to the Security Governance, Risk, and Compliance Manager, this role will assist in the development, enhancement, and execution of ASOS's information security risk and compliance functions. Responsibilities include maintaining compliance with PCI DSS, updating security policies and standards, and managing third-party supplier risk. The role will also provide expert support on security risk management. We seek someone who can thrive and grow in a dynamic security landscape, protecting colleagues and the ASOS brand.

You will need to operate at various levels: collaborating within the GRC team, working with the wider Security team, and supporting other ASOS business areas with their risk and compliance needs.

Key Responsibilities

• Manage and maintain ASOS compliance projects, including coordinating audit activities.
• Assist in maintaining the CISO's security risk registers and conducting security risk assessments and workshops.
• Support security assessments of third-party suppliers via the ASOS risk management platform.
• Track and manage corrective actions for audit findings, exceptions, and control gaps.
• Support other security teams and business units with risk and compliance requirements.
• Create and update ASOS security policies and standards.

What Success Looks Like

• Contribute effectively to the GRC team to ensure smooth operations.
• Build strong relationships across business areas.
• Mentor and guide junior GRC team members.

Qualifications

• Relevant work experience, a degree, or industry certifications such as CISSP, CISM, CISA, or CRISC.
• Experience with industry standards like ISO 27001, PCI DSS, and NIST CSF.
• Knowledge of data privacy laws such as GDPR and DPA.
• Broad understanding of network technologies, especially cloud and security.
• Excellent organizational skills to manage multiple projects.
• Analytical thinking, problem-solving skills, and attention to detail.
• Strong communication and influencing skills at all organizational levels.

Additional Information

Benefits

• Employee discount on ASOS products.
• Opportunities for personal development through ASOS Develops.
• Access to sample sales.
• Resources via LinkedIn Learning.
• 25 days of paid annual leave plus a celebration day.
• Discretionary bonus scheme.
• Private medical care.
• Flexible benefits allowance, customizable as cash or benefits.