Compliance Analyst

We currently have an exciting opportunity for a Compliance Analyst to join our Cyber team. The Compliance Analyst will ensure that the Anglian Water Group meets regulatory compliance requirements associated with the Payment Card Industry Data Security Standard (PCI-DSS). In the role you can expect a great deal of variety, as you'll be working with business stakeholders, but also with internal technology teams, external technology service providers, supply chain management teams, as well as building relationships with our PCI-DSS auditors. And that variety will carry over to your everyday activities, as you may be diving deep into the detail of how an area of our business processes cardholder information one minute, performing a scan of a payment website, writing supporting papers, then delivering a high-level overview to a business leader the next. This varied role conducts activities across all areas of PCI-DSS compliance. It will require close working with both technical and business functions to ensure on-going compliance with all in-scope PCI-DSS controls. You may be required to provide advice and guidance about the implementation and management of PCI controls, as well as being responsible for the continued auditing requirements for PCI-DSS, ensuring on-going compliance. The role holder will be expected to have a good understanding of a broad range of IT operations activities and technologies alongside detailed technical, and process controls necessary for PCI-DSS 4.0. What will you be doing?

• Work with the business to ensure that compliance requirements for PCI-DSS and its associated privacy requirements are met.
• Own the Anglian Water PCI-DSS compliance processes to ensure adherence to defined PCI standards and Anglian policy
• Maintain compliance metrics and assist with internal and external reporting.
• Engage and build relationships with stakeholders, technical, operational, internal and external.
• Be familiar and stay up to date with the payment industry and wider Info Sec risks and threats.
• Interface with IT Teams to remediate or mitigate areas of risk, as needed.
• Develop training and awareness programs and materials, and conduct required training around regulations affecting IT and the business.
• Promote awareness and help educate employees on the need to comply with regulatory requirements.
• Conduct compliance reviews and assessments.
• Using a PCI-approved scanning toolset to ensure external sites adhere to PCI-DSS requirements
• Identify any control gaps for PCI-DSS, progress with any programmes of work needed to remain compliant as new versions of the standard enforce new requirements.
• Gain and maintain a formal Internal Security Assessor (ISA) qualification.
  
  A creative and analytical mind with good customer interfacing and excellent communications skills.
• An understanding of PCI DSS and achieving PCI DSS compliance.
• Comfortable around technology and technically minded people.
• The ability to establish and operate a proactive and continual compliance approach.
• Have good technical knowledge of PCI-DSS related services (desirable)
• Have experience of auditing practices, such as but not limited to ISO27001.
• Confident in their own abilities and credible with both senior leaders and other technical experts.
• Organised and structured in their approach with tenacity and resilience to drive changes
• Highly analytical approach with a strong attention to detail
• Planning / delivery focussed / completer-finisher.
You will need to hold a full driving licence as the role will involve occasional travel between sites.


• Competitive pension scheme - Anglian Water double-matches your contributions up to 6%
• Personal private health care
• Annual bonus scheme
• 26 days leave, rising with service + Bank Holidays, with the option to swap Christmas and Easter holidays for those celebrated by your religion
• Life Cover at 8x your salary
• Flexible benefits to support your wellbeing and lifestyle