Senior Security GRC Specialist

Join to apply for the Senior Security GRC Specialist role at Votre Sommelier.

Get AI-powered advice on this job and more exclusive features.

An exciting opportunity has arisen for a Senior Security GRC Specialist to join the ASOS Governance, Risk, and Compliance (GRC) team in Cyber Security.

Reporting to the Security Governance, Risk, and Compliance Manager, this role will assist in developing, enhancing, and executing ASOS's information security risk and compliance functions. Responsibilities include maintaining PCI DSS compliance, updating security policies and standards, and managing third-party supplier risks. The role also offers subject matter expertise and support on security risk management, requiring a proactive approach in a dynamic security landscape.

You will operate at multiple levels: collaborating within the GRC team, supporting the wider Security team, and assisting other ASOS business areas with their risk and compliance needs.

• Managing and maintaining ASOS compliance projects, including coordinating audit activities.
• Assisting in maintaining the CISO's security risk registers and conducting risk assessments/workshops.
• Supporting security assessments of third-party suppliers via the ASOS risk management platform.
• Tracking and managing corrective actions for audit findings, standards exceptions, and control deficiencies.
• Supporting other security teams and business units with risk and compliance requirements.
• Authors and maintains ASOS security policies and standards.

• Being an integral part of the GRC team to ensure smooth operations.
• Building effective relationships across business areas.
• Mentoring and guiding junior GRC team members.

At ASOS, we blend fashion with technology and foster an environment where you can be your authentic self. Our 'Fashion with Integrity' strategy promotes diversity, equity, and inclusion, encouraging everyone to bring their best selves to work.

The ideal candidate will demonstrate security competency through relevant experience, a degree, or industry certifications (e.g., CISSP, CISM, CISA, CRISC). Experience with standards like ISO 27001, PCI DSS, NIST CSF, and knowledge of data privacy laws (DPA, GDPR) are essential. A broad understanding of network technologies, especially cloud, and strong organizational, analytical, and communication skills are required.

• Employee discount
• Personal development opportunities
• Employee sample sales
• Access to LinkedIn Learning
• 25 days paid leave + a celebration day
• Discretionary bonus
• Private medical care
• Flexible benefits allowance