Information Security Analyst - Product Assurance

Job Title / Role

Information Security Analyst – Product Assurance

Reporting to

Information Security Manager – Sainsbury’s

Division/Dept

Data Governance and Information Security (Corporate Services)

Location

Holborn, Coventry, Manchester (Flexible)

In a nutshell

As an Information Security Analyst in the Data Governance and Information Security Team, you will work within the Product Assurance team, responsible for ensuring that Engineering and Development communities build and maintain secure products throughout their lifecycle.

You will review our security posture regularly and set directions for improvements aligned with evolving threats and business goals.

What you need to do

With solid all-round Infosec experience and stakeholder management skills, you will ensure robust security across our environment.

• Work flexibly within Engineering Teams, maintaining governance and challenge where needed
• Ensure security is integrated by design, with secure product delivery and data protection
• Define and verify Security Non-Functional Requirements for projects
• Coordinate with the Security Testing Team for ethical hacking, code reviews, and scans
• Provide assurance for IT products throughout their lifecycle
• Communicate risks effectively to technical and non-technical audiences
• Identify, assess, and manage risks related to Cloud and Data, monitoring according to risk appetite
• Build relationships with senior stakeholders to understand and manage security risks
• Explain technical issues clearly to business and engineering teams
• Collaborate with third-party partners supporting Sainsbury’s

What you need to know and show

• Minimum 4 years of proven security experience ensuring secure system design and security posture improvement
• Knowledge of containerization (Docker, Kubernetes)
• Understanding of logging, monitoring, load balancing, API gateways
• Experience with GitHub, Jenkins, Jira
• Basic knowledge of OWASP Top 10, Mitre ATT&CK, NIST, PCI-DSS, Cyber Kill Chain
• Understanding of PAM, EDR, AV, IPS, SIEM, WAF, DLP technologies
• Ability to verify solutions through controls and testing
• Awareness of the changing threat landscape
• Ability to challenge concerns and escalate appropriately
• Self-motivated and independent work ethic
• Deep understanding of data and security risks in large enterprises
• Experience with Risk & Vulnerability Management frameworks
• Strong analytical and reporting skills
• Experience with serverless cloud tech like AWS Lambda and storage

Desirable Qualifications

Preferred certifications and qualifications include: CompTIA Security+, AWS Security, CISSP, CISA, MSc in Cyber Security, among others.

Benefits

• Colleague discounts across brands
• Holiday allowance and bonus scheme
• Pension and life cover
• Wellness benefits, flexible working, and development opportunities

We promote work-life balance with flexible, remote, and collaborative working options.