Information Security Analyst - Product Assurance

Information Security Analyst - Product Assurance

Information Security Manager - Sainsbury's

Data Governance and Information Security (Corporate Services)

Holborn, Coventry, Manchester (Flexible)

As an Information Security Analyst in the Data Governance and Information Security Team, you will work within the Product Assurance team, responsible for ensuring our Engineering and Development communities build and maintain secure products throughout their lifecycle. You will review our security posture and guide improvements aligned with the evolving threat landscape and business objectives.

• Work flexibly within Engineering Teams, maintaining governance and challenge
• Ensure security is integrated by design, protecting client and employee data
• Define and verify Security Non-Functional Requirements for projects
• Coordinate with the Security Testing Team for ethical hacking, code reviews, and scans
• Provide assurance of IT products across their lifecycle, granting approvals as needed
• Communicate risks clearly to technical and non-technical audiences
• Identify, assess, and manage risks related to Cloud and Data, aligning with risk appetite
• Build strong relationships with stakeholders to understand and address security risks
• Articulate technical issues effectively to business and engineering teams
• Collaborate with third-party partners supporting Sainsbury's

• Minimum 4 years of experience in security, ensuring secure system design and improvement
• Knowledge of container technologies like Docker and Kubernetes
• Understanding of logging, monitoring, load balancers, API gateways
• Experience with GitHub, Jenkins, Jira
• Basic knowledge of OWASP Top 10, Mitre ATT&CK, NIST, PCI-DSS, Cyber Kill Chain
• Understanding of PAM, EDR, AV, IPS, SIEM, WAF, DLP technologies
• Ability to verify solutions and demonstrate controls and testing
• Awareness of the threat landscape and its impact on systems
• Strong analytical, reporting, and communication skills
• Experience with serverless cloud services like AWS Lambda and storage

You will have one or more of the following certifications or qualifications:

• CompTIA Security+, Network+, Linux+, Cloud+, Data+, DataSys+
• CSA CCSK / CCAK
• AWS Security Certified
• Microsoft Azure Security Engineer Associate
• (ISC)² CISSP / CCSP / SSCP
• ISACA CISA / CISM / CRISC / CGEIT
• MSc. in Information/Cyber Security

We offer extensive training and development, along with benefits including:

• Colleague discounts across our brands
• Holiday allowance and holiday purchase options
• Performance bonus scheme
• Pension plan
• Offers on gym memberships, dining, holidays, retail vouchers, and more

We promote work-life balance with flexible, remote, and collaborative working options. We are committed to diversity and inclusion, supporting your development and recognizing your contributions. Additional benefits include:

• Starting with 10% discount after 4 weeks, increasing to 15%
• Pensions and life cover
• Performance-related bonus potential
• Annual leave, with options to buy extra
• Season ticket loans, cycle schemes, health plans, and employee assistance programs
• Paid maternity, paternity, and adoption leave

For more details, visit www.sainsburys.jobs. Note that eligibility and length of service may apply.