GRC Analyst

GRC Analyst

At WHSmith our people are at the heart of everything we do. They are the ones that go the extra mile for our customers. The ones that enable our growth. That’s why our IT team works closely with stakeholders to develop and implement technology solutions.

As an Information Security Analyst here you will be responsible for the operational and process assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organisation's information security policies.

What you will be doing :

• Maintaining information security policies, processes, and standards in coordination with internal security and business stakeholders

• Managing and maintain the information & data security roadmap, incident, and information requests

• Working directly with business partners to facilitate risk assessment and management, assessing, and communicating in line with relative policies and processes

• Facilitating the delivery of the information and data security education and awareness training framework across the business to ensure consistent application of policies and standards

• Maintaining technical solutions and procedural controls required to manage information security risk in line with the organisation’s information security policies

• Facilitating regular access control, asset inventory reviews and remediation plans, in line with the access control policy and asset management policy

• Partnering with all technology groups (internal and external) as the data security representative on development projects to deliver secure and compliant security operational services

• Documenting evidence in support of annual PCI DSS and privacy impact assessments (DPIA)

What we are looking for:

• Experience in a combination of risk management, information security and IT roles (including Audit)

• Knowledge gained through working with common information security management frameworks (e.g.ISO27001, Cyber Essentials, NIST, PCI DSS, SOC2)

• A strong knowledge of Office 365, Teams, and SharePoint

• Knowledge of data protection regulations and requirements

• Experience of PCI-DSS controls and implementation

How we reward our teams:

• Hybrid Working Model from home and in the office

• 4pm Friday Finish

• Flexible Working

• 25 Days holiday, plus your Birthday off, plus Bank Holidays with an opportunity to buy extra days holiday

• Family Friendly Leave

• Competitive Pension Contribution

• Sharesave Scheme

• Annual Bonus based on company and personal performance

• Competitive Salary and Car Allowance

• Private Medical Insurance

• Staff Discount Card for stores and online

About us:

WHSmith have occupied our place in our customers’ hearts for over two decades. You’ll find our stores and our family of brands in airports, hospitals, railway stations, on high streets and in shopping centres – as well as right across the world! We are an ambitious team that thrives on pace, collaboration and innovation resulting in a real entrepreneurial culture.

Celebrating 230 years, we’re proud to have grown and evolved into a globally recognised brand present in over 30 countries around the world, and we’re proud to be that air of familiarity people love and trust on their journey, both in life and through life. As a diverse group of over 12,000 colleagues, we are all on the same journey to a better business through our commitments to our planet, people and the communities we serve.

WHSmith are proud to be an inclusive employer, we want our colleagues to feel welcome, and free to be themselves with us.