Governance Risk Compliance and Information Security Analyst
Halfords Group PLC
Governance Risk Compliance and Information Security Analyst
£40000
Halfords Group PLC, Redditch
- Full time
- Permanent
- Onsite working
Posted 3 weeks ago, 4 Jun | Get your application in now before you miss out!
Closing date: Closing date not specified
job Ref: f4edbe77616d49b8879fb9f4da60480e
Full Job Description
The primary role of the Governance Risk Compliance and Information Security Analyst is to support the Security Architect in protecting the Confidentiality, Integrity and Availability of the Group's information assets via the delivery of the Halfords Governance, Risk and Compliance framework, as well as by the operation of Halfords security processes and procedures.
You will deliver your work through Halfords Governance, Risk and Compliance framework and its security processes and procedures that:
- Supports the ongoing alignment of information security strategy to business objectives
- Manages risk registers and audit findings, ensuring risks and findings are actively managed by their owners and that exception requests are subject to appropriate authority
- Delivers robust governance processes in the delivery of Halfords Technology capabilities
- Manages an effective information security risk management capability that assesses and manages risk to an acceptable level
- Delivers security processes that include self service capabilities and automation
- Implements an ongoing information security compliance programme
- Supports project and initiatives to ensure that security requirements are incorporated and addressed via a secure by design approach
- Reviews and approves changes as part of Halfords technology change management process.
- Provides a focal point within Halfords for information security expertise
- Supporting the implementation of the information security programme
- Managing and updating Halfords GRC tool to ensure effective operation of Halfords Security and Privacy processes
- Managing the Halfords Security and Privacy project/initiative engagement processes
- Driving information security policy development and annual review processes
- Ensuring that colleagues, contractors, and vendors are aware of and understand Halfords information security requirements and guidance. This may include delivery of training.
- Consolidating relevant audit actions and tracking remediation through to closure
- Acting as an information security subject matter specialist to the business
- Producing monthly metrics and management reports
- Maintaining the information security and technology risk register in the GRC tool
- Carrying out information security risk assessments for projects, key systems, and third parties
- Ensuring that risks/issues are identified and evaluated in line with Halfords risk methodology
- Ensuring risks are owned at the appropriate level, actively managed, and that exception requests are subject to appropriate authority
- Assisting with the development of the GRC tool and processes driving continual improvements in effectiveness and efficiency
- Supporting the information security incident response process as required
- Producing monthly metrics and management reports
- Carrying out compliance assessments including but not limited to:
- Acting as a point of contact for internal and external information security audits
- Tracking noncompliance and audit findings through to remediation and closure
- Contributing to third party due diligence questionnaires received by Halfords
- Maintaining a rolling 12-month compliance schedule
- Producing monthly metrics and management reports
- Coordinating Halfords annual PCI-DSS assessment
Must have proven experience and knowledge of: - Should have experience and knowledge of
- Key Skills
Key Responsibilities
The job holder will be responsible for delivering the following capabilities;
Governance
Risk
Compliance
+ Halfords information security controls
+ Identified external regulations
+ Contractual obligations
+ Information security risk and compliance management
+ Cyber/information security concepts
+ Conducting information security risk assessments
+ Conducting and coordinating compliance assessments
+ Writing information security policies and controls
+ Information security frameworks such as ISO 27001 and Cyber Essentials
+ Payment Card Industry Data Security Standard (PCI DSS)
+ Governance Risk and Compliance tools
+ Information Security Technical controls
+ Enterprise IT environments
+ Data Protection frameworks and requirements
+ Essential
o Excellent written and oral communication skills
o Able to present risk in 'non-technical' business-friendly accessible language
o Ability to effectively prioritise and execute tasks in a high-pressure environment
o Fast learner with a "can do" attitude
o Ability to work independently and as part of a team
+ Desirable
o Working towards one or more of the following qualifications
# Certified Information Systems Security Professional (CISSP)
# Certified Information Systems Auditor (CISA)
# Certified Information Systems Manager (CISM)
# Certified in Risk and Information Systems Control (CRISC)