Senior Risk Analyst - Information Security

Division/Department

Data Governance & Information Security (DGIS)/Governance, Risk & Compliance (GRC)/Risk Team

Location

Hybrid working - home and Coventry SSC

Reporting to

Risk Manager

Directly or indirectly manages

No direct reports – however 3 analysts to be supported in conjunction with the risk manager. Expectation is that the senior risk analyst will be a subject matter expert referral point for the risk analysts in day-to-day risk management but also support risk analysts role based development and coaching.

Budget

No direct budget responsibility, but you will be expected to support the Risk Manager with risk treatment budgeting decisions and risk governance and tooling long term funding strategy.

The risk team is instrumental in managing and reducing threats to Sainsbury’s data and systems, ensuring minimised exposure. You will support the development and operational management of risk, ensuring the business operates within internal policies, standards and risk appetite.

You will ensure that all risks, are recorded, assessed, monitored, and have appropriate treatment plans in place. You will also produce reporting to a high standard, ensuring stakeholders including senior management, are fully engaged. This role will also be a subject matter expert referral point for risk management for internal team members and wider stakeholders across the business helping the risk manager to drive ongoing risk culture in the DGIS area and beyond.

• Support the development of risk framework and help to mature and embed risk management processes alongside the risk manager
• Support the risk manager in assessing and driving development of Controls and Policies which align with the organisation’s risk appetite
• Deputise for the Risk Manager as required, providing updates and presenting in various forums
• Ensure the Risk Manager is made aware through work with the risk team analysts or wider stakeholders of key or emerging risks that could significantly affect the business
• Work in collaboration with and support the risk manager as the point of contact for the Service Assurance and Tech/Engineering Operations stakeholders joint DGIS and Service risk common processes and reporting
• Support the KRI and MI collation and production for inclusion into key escalation routes to help steer senior mgmt. decisions with regards to DGIS risks
• Assist with creating and help delivery of risk training for risk team development
• Help support the risk manager in raising the profile of effective DGIS and Service risk management across the business through stakeholder engagement
• Support the ongoing maturity assessments of the Risk Management Policy
• Work collaboratively with stakeholders and support the risk team analysts to review and assess mitigating actions and remediation plans by risk owners
• Help facilitate processes which proactively identify and interpret changes in regulatory requirements, legislation and industry best practice escalating to the Risk manager as appropriate
• Assist in creating and delivering the risk roadmap
• Support the risk team to ensure ongoing refinement and improvement of risk methodologies and processes along with ensuring this is kept up to date

Additionally, the Senior Risk Analyst will offer subject matter expertise and help to assist in shaping the long-term development of the risk function. The role will also require you to continually drive improvements with the risk analysts evolving their capability to ensure our services are delivered effectively and in line with Sainsbury’s future ways of working.

• Risk management experience and working within a risk management framework
• Good knowledge and passion for information security with an eye for detail
• Familiar with information security controls, frameworks and tooling
• Be able to proactively identify and own any issues and follows through to resolve them
• Excellent stakeholder management skills, be able to work collaboratively with a range of people at all levels, both technical and operational
• Excellent communication skills, written and verbal
• Excellent presentation skills
• Ability to prioritise their own workload and deliver quality results on time to budget
• The ability to think methodically and logically

• Knowledge of NIST, ISO27001 and PCI DSS desirable
• Qualifications such as CRISC, CISSP and the CompTIA+ suite

Demonstrate consistent achievement of objectives while exemplifying our core values.

• Own it
  • Consistently deliver on outcomes and communicate clear plans and goals to others, resolving problems independently
  • Clearly and respectfully speak your mind, invite others to challenge or build on ideas and actively listen
  • Proactively seek to understand the changing business context and work with peers to solve business challenges. Regularly review your goals to ensure you are focused on the right things
• Make it better
  • Embrace new ways of doing things without fear of failure, supporting others to do the same
  • Open minded and proactively adapt your approach during times of change, supporting others to deal with unforeseen situations
  • Show curiosity about how the wider business operates
  • Proactively seek feedback from a broad range of colleagues to build a robust development plan. Give feedback to colleagues at all levels.
• Be human
  • Appreciate others’ moods and feelings and consciously adjust your approach accordingly
  • Proactively build relationships based on honesty and integrity
  • Always consider the customer’s perspective, continually looking for opportunities to build a great customer experience

• Your line manager will provide support and guidance
• Access to the DGIS teams who have a wide array of skills and knowledge
• Extensive support and training materials available
• Other resources as required