GRC Analyst

GRC Analyst (Mid Level) | Hatfield | Hybrid (2 days office)

About us:

Ocado Technology is powering the future of online retail across the globe through disruptive innovation and automation. Join us to create world-class systems at the intersection of robotics and IoT, cloud platforms, big data, machine learning, software development, and beyond.

We're constantly reinventing ourselves, learning fast, evolving our craftsmanship and taking risks as we strive to fulfil our mission to change the way the world shops. We enable some of the world's most forward-thinking retailers to do grocery online profitably, scalably and sustainably.

Over the past two decades, we have developed a wide technology estate that includes robotics, AI and machine learning, simulation, forecasting and edge intelligence which all form part of our game changing 'Ocado Smart Platform' product.

We champion a value-led culture to get our teams working at their very best and to help create a collaborative working environment that our people love. Core values of Trust, Autonomy, Craftsmanship, Collaboration and Learn Fast help drive our innovative culture.

About the role:

The Information Security Analyst will support the InfoSec GRC team in all aspects of information security across the whole organisation, including overall information security governance, compliance programs, third-party vendor risk management, education, and Vendor Risk Management tool administration.

This role is not a technical hands on role, but would suit an individual who has a technical background having worked with a range of technology and security tools who is now looking for an information security GRC role. You'll be working on things like;

• Contributing to the creation and refreshment of information security documents, policies, processes and procedures.
• Working with business stakeholders and project teams to understand, scope and define security requirements.
• Assisting in developing control testing strategies, to ensure our security controls are meeting their objectives.
• Performing internal security and vendor risk assessments.
• Supporting Data Protection activities.
• Supporting the Information Security teams and Business functions in maintaining security attestations, which include PCI DSS and SSAE18/SOC 2.
• Providing effective reporting to the Head of Information Security Governance of trends, audit findings and risk ratings.
• Performing internal and third-party vendor risk assessments, and writing risk assessment reports.
• Managing and analysing security controls, while understanding the risk of certain controls not being in place.

What we're looking for:

• Experience in an Information Security GRC related role.
• Knowledge of Vendor Risk Management tools such as OneTrust
• Knowledge of current information security standards, frameworks and regulations such as ISO27001, NIST, SSAE18/SOC 2, PCI-DSS, GDPR.
• Third-Party Vendor Risk Management experience
• Experience in writing Information Security related Policies, Processes and Procedures

It would also be advantageous if you had the following, but not essential;

• Knowledge of DPA, GDPR
• Working for a SaaS service provider - private/public cloud security best practices knowledge
• Any of the following: CISA, CRISC, or CISM certifications

What do I get in return:

• 30 Day 'work from anywhere' policy
• Remote working for the month of August
• 25 days annual leave, rising to 27 days after 5 years service (plus optional holiday purchase)
• Pension scheme (various options available including employer contribution matching up to 7%)
• Private Medical Insurance
• 22 weeks paid maternity leave and 6 weeks paid paternity leave (once relevant service requirements complete)
• Train Ticket loan (interest-free)
• Cycle to Work Scheme
• Opportunity to participate in Share save and Buy as You Earn share schemes
• 15% discount on Ocado.com and free delivery for all employees
• Income Protection(can be up to 50% of salary for 3 years) and Life Assurance(3 x annual salary)

#LI-JT1

#LI-OT

---