Senior Risk Analyst - Information Security

No direct reports – however 3 analysts will be supported in conjunction with the risk manager. Expectation is that the senior risk analyst will be a subject‑matter‑expert referral point for the risk analysts in day‑to‑day risk management while also supporting the risk analysts’ role‑based development and coaching. There is no direct budget responsibility, but you will be expected to assist the Risk Manager with risk‑treatment budgeting decisions and risk governance and tooling long‑term funding strategy.

The risk team is instrumental in managing and reducing threats to Sainsbury’s data and systems, ensuring minimised exposure. You will support the development and operational management of risk, ensuring the business operates within internal policies, standards and risk appetite. As the senior risk analyst you will:

• Support the development of risk framework and help mature and embed risk management processes alongside the risk manager.
• Support the risk manager in assessing and driving development of controls and policies that align with the organisation’s risk appetite.
• Deputise for the Risk Manager as required, providing updates and presenting in various forums.
• Ensure the Risk Manager is made aware, through work with the risk team analysts or wider stakeholders, of key or emerging risks that could significantly affect the business.
• Work in collaboration with and support the risk manager as the point of contact for Service Assurance and Tech/Engineering Operations stakeholders for joint DGIS and Service risk common processes and reporting.
• Support the KRI and MI collation and production for inclusion into key escalation routes to help steer senior management decisions regarding DGIS risks.
• Assist with creating and help deliver risk training for risk team development.
• Help support the risk manager in raising the profile of effective DGIS and Service risk management across the business through stakeholder engagement.
• Support the ongoing maturity assessments of the Risk Management Policy.
• Work collaboratively with stakeholders and support the risk team analysts to review and assess mitigating actions and remediation plans by risk owners.
• Help facilitate processes which proactively identify and interpret changes in regulatory requirements, legislation and industry best practice, escalating to the Risk Manager as appropriate.
• Assist in creating and delivering the risk roadmap.
• Support the risk team to ensure ongoing refinement and improvement of risk methodologies and processes, keeping them up to date.

• Embrace new ways of doing things without fear of failure, supporting others to do the same.
• Open‑minded and proactively adapt your approach during times of change, supporting others to deal with unforeseen situations.
• Show curiosity about how the wider business operates.
• Proactively seek feedback from a broad range of colleagues to build a robust development plan and give feedback to colleagues at all levels.
• Be human – appreciate others' moods and feelings and consciously adjust your approach accordingly.
• Proactively build relationships based on honesty and integrity.
• Always consider the customer's perspective, continually looking for opportunities to build a great customer experience.

• Your line manager will provide support and guidance.
• Access to the DGIS teams who have a wide array of skills and knowledge.
• Extensive support and training materials available.
• Other resources as required.

• Risk management experience and working within a risk management framework.
• Good knowledge and passion for information security with an eye for detail.
• Familiar with information security controls, frameworks and tooling.
• Be able to proactively identify and own any issues and follow through to resolve them.
• Excellent stakeholder management skills, able to work collaboratively with a range of people at all levels, both technical and operational.
• Excellent communication skills, written and verbal.
• Excellent presentation skills.
• Ability to prioritise your own workload and deliver quality results on time and to budget.
• Ability to think methodically and logically.

• Knowledge of NIST, ISO27001 and PCI DSS.
• Qualifications such as CRISC, CISSP and the CompTIA+ suite.

• Demonstrate consistent achievement of objectives while exemplifying our core values.
• Own it – consistently deliver on outcomes and communicate clear plans and goals to others, resolving problems independently.
• Speak your mind respectfully; invite others to challenge or build on ideas and actively listen.
• Proactively seek to understand the changing business context and work with peers to solve business challenges; regularly review your goals to remain focused on the right priorities.

We are committed to being a truly inclusive retailer, so you’ll be welcomed, wherever you are, and wherever you work. Around here, there’s always the chance to try something new – whether that’s as part of an evolving team or somewhere else across the business – and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working.

When you join our team, we’ll also offer you an amazing range of benefits:

• Starting off with colleague discounts: 10% off at Sainsbury’s, Argos, TU and Habitat after 4 weeks, increasing to 15% off at Sainsbury’s every Friday and Saturday and 15% off at Argos every pay day.
• Our pensions scheme and life cover.
• Eligibility for a performance‑related bonus of up to 20% of salary, depending on how we perform.
• Annual holiday allowance, with the option to purchase additional holiday.
• Season ticket loans, interest‑free car loan up to £10k, cycle‑to‑work scheme, health cash plans, pay advance.
• Private healthcare and an Employee Assistance Programme.
• Up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave.