Information Security Compliance Analyst

24 Jun 2018
22 Jul 2018
Contract Type
Working within the Standards and Compliance team, you will assess Sainsbury's Business Partners to assure Administrative, Logical and Physical controls are in line with Sainsbury's Standards and external Industry best practice Standards (eg ISO27001 and PCI DSS) and Regulations (GDPR). Includes Information Security compliance checks and reviews to ensure adherence to with Policy, Standards, Legislation and Regulation and the performance of other administrative duties relating to Information Security management.

What I need to do

  • Support the Information Security Compliance process to ensure adherence to defined Standards and Policy
  • Support and maintain PCI compliance
  • Coordination of the team's work efforts
  • Work with Sainsbury's 3rd Party partners to assure compliance with internal and Industry Standards in order to protect Sainsbury's Information
  • Co-ordinate Information Security risk assessments using the provided Information Security Risk Management process
  • Investigate relationship owners, system owners, service provisions and unknown connections
  • Have involvement with all Information Security functions including 3rd Party Assurance, PCI, Projects, SOC and Security Testing to ensure Policies, Standards and Awareness initiatives support their processes
  • Support other Information Security related tasks as required
  • Administer our supplier 3rd Part Assessment management application, triage email, write reports and engage with Suppliers on the phone and in person (including on-site visits)
  • Occasional out-of-hours' work may be required when dealing with Suppliers around the World

    How I will succeed

  • Enjoy delivering a professional Information Security service to Colleagues
  • Successful completion of allocated tasks
  • Compliance with Sainsbury's Information Security Standards
  • Development into an Information Security professional
  • Continuous personal development
  • Keeping up to date with latest industry knowledge and trends
  • Excellent feedback from customers
  • Talkback 360 degree feedback from colleagues

    What I need to know

  • Degree or relevant industry experience (Info Sec, IT or technology projects) - Essential
  • Professional Security qualification (Current CISSP or CISM preferred)
  • Knowledge of ISO27001
  • Knowledge of Data Protection Act and PCI DSS
  • Knowledge of General Data Protection Regulation (GDPR)
  • Knowledge of the principles of Information Security in a commercial environment
  • Understanding of network architecture, protocols and principles
  • Understanding of Security risk analysis techniques

    What I need to show

  • Supporting Information Security Compliance processes
  • A demonstrable interest in Information Security
  • Proactively taking responsibility, owns any issues arising and follows through to resolve them (get the required result) and recognises how individual responsibility impacts team delivery and inspires others to do the same
  • Works collaboratively with a range of people to support the wider business agenda
  • Ability to think pragmatically, methodically and logically and communicate well using spoken and written word

    Resources available to me

  • Software licences, hardware, documentation and management tools of relevance to the role
  • 3rd party service providers (as appropriate)
  • Proactive Information Security team

    What decisions I can make

  • Risk analysis quantification
  • Workload management
  • Points of escalation