Security Analyst London, England
Job description
We're ASOS. We blend our flair for fashion with our love of cutting-edge technology, but more importantly were interested in how we can bring the best out of you.
We exist to give people the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you're free to be your true self without judgment, and channel your creativity into a platform used by millions.
Through our Fashion with Integrity strategy we are driving diversity, equity and inclusion across every aspect of ASOS and ensuring every ASOSer can be their authentic self at work. We want our people to be whoever they want to be, because we believe people who bring their best selves to work, do their best work.
An exciting opportunity has arisen for a Security Analyst to join the ASOS Governance Risk and Compliance (GRC) Team in Cyber Security.
Reporting to the Information Security, Governance, Risk and Compliance Manager, this role will assist in the development, enhancement and execution of ASOS’s information security risk and compliance function. This will include activities such as managing third-party supplier risk, helping to maintain our compliance with ever evolving legislation and frameworks, and maintenance of our security policies and standards. We’re passionate about protecting our colleagues and the ASOS brand, so we would love someone who can thrive and develop in an ever growing and changing security landscape.
You will need to operate at several different levels: from being a team player in the GRC team, working alongside the wider Cyber Security Team and helping other colleagues in all ASOS business areas with their risk and compliance requirements.
Responsibilities:
- Conducting security due-diligence assessments of new ASOS suppliers and maintain ASOS’s third-party security risk management platform
- Authorship and maintenance of ASOS security policies and standards
- Assist in maintaining the CISO’s cyber security risk registers and conduct cyber security risk assessments/risk workshops as required
- Support the implementation and maintenance of compliance with relevant security certifications, e.g. the Payment Card Industry Data Security Standard (PCI DSS) and ISO27001
- Ensure continued compliance with industry security standards, including co-ordination of internal audit activities
- Management and tracking of corrective action plans for security findings, standards exceptions and control deficiencies
- Supporting other Cyber Security Teams and ASOS business areas with their risk and compliance requirements
Qualifications
- The successful candidate will demonstrate competency in cyber security by having either the relevant work experience, completed a degree or obtained industry relevant certifications (e.g. CISSP, CISM, CISA, CRISC)
- Professional certifications in industry standards and frameworks, such as ISO 27001 Lead Implementer/Auditor or PCI DSS (ISA, PCIP), beneficial
- Understanding of information security principles and a knowledge of applicable data privacy practices and laws
- Analytical, problem solving and detail-oriented, with a proven ability to multi-task conflicting priorities
- Loves to collaborate, share and learn by doing
- Building effective relationships across ASOS business areas
- Strong communication and presentation skills
Additional Information
What’s in it for you?
- Employee discount (hello ASOS discount!)
- ASOS Develops (personal development opportunities across the business)
- Employee sample sales
- Access to a huge range of LinkedIn learning materials
- 25 days paid annual leave + an extra celebration day
- Discretionary performance related bonus scheme
- Private medical care scheme
- Flexible benefits allowance - which you can choose to take as extra cash, or use towards other benefits
Our Commitments
We want our people to be whoever they want to be. That’s why we’re committed to creating a truly inclusive culture at ASOS, but how are we doing it?
We’re proud members of Inclusive Companies, are Disability Confident Committed and have signed the Business in the Community Race at Work Charter. We’ve also recently been placed 8th in the Inclusive Top 50 Companies Employer List too.
We have several employee networks that operate as safe spaces, to help support and celebrate our people - find out more here.
Do you need any reasonable adjustments? Our recruitment team will be happy to support you in the best way possible if you feel comfortable raising this. It’s also our policy to interview all candidates with a disability who meet the minimum requirements for roles they have applied to.
If you have any questions about the policies we have in place to support our employees (e.g. our parental leave approach), just let our Talent team know.
