Senior Security GRC Specialist

Get AI-powered advice on this job and more exclusive features.

Company Description

We're ASOS. We blend our flair for fashion with our love of cutting-edge technology, but more importantly, we're interested in how we can bring the best out of you.

We exist to give people the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you're free to be your true self without judgment, and channel your creativity into a platform used by millions.

Through our Fashion with Integrity strategy, we are driving diversity, equity, and inclusion across every aspect of ASOS and ensuring every ASOSer can be their authentic self at work. We want our people to be whoever they want to be because we believe people who bring their best selves to work do their best work.

Job Description

An exciting opportunity has arisen for a Senior Security GRC Specialist to join the ASOS Governance, Risk, and Compliance (GRC) team in Cyber Security.

Reporting to the Security Governance, Risk, and Compliance Manager, this role will assist in the development, enhancement, and execution of ASOS’s information security risk and compliance functions. This includes activities such as maintaining compliance with PCI DSS, updating security policies and standards, and managing third-party supplier risk. The role will also provide subject matter expertise and support on security risk management. We’re passionate about protecting our colleagues and the ASOS brand, so we seek someone who can thrive and develop in a dynamic security landscape.

You will need to operate at various levels: from being a team player within the GRC team to collaborating with the wider Security team and supporting other business areas with their risk and compliance needs.

Key Responsibilities

• Management and maintenance of compliance projects, including coordinating audit activities
• Assist in maintaining security risk registers and conducting risk assessments/workshops
• Manage and support security assessments of third-party suppliers using the risk management platform
• Track and manage corrective actions for audit findings and control deficiencies
• Support other Security teams and business areas with risk and compliance requirements
• Authors and maintains security policies and standards

What Success Looks Like

• Supporting the smooth operation of GRC activities as a key team member
• Building effective relationships across business areas
• Mentoring and guiding junior team members

Qualifications

• Relevant work experience, degree, or industry certifications (e.g., CISSP, CISM, CISA, CRISC)
• Experience with standards and frameworks like ISO 27001, PCI DSS, NIST CSF
• Knowledge of data privacy laws such as GDPR and DPA
• Broad understanding of network technologies, especially cloud and technical security
• Excellent organizational skills for managing multiple projects
• Analytical, detail-oriented, with strong problem-solving skills
• Effective communication and influencing skills at all organizational levels

Additional Information

Benefits

• Employee discount
• Personal development opportunities
• Sample sales access
• LinkedIn Learning resources
• 25 days annual leave plus a celebration day
• Discretionary bonus scheme
• Private medical care
• Flexible benefits allowance