ASOS Technology is going through an exciting period of transition and major investment. This includes a number of strategic programmes to deliver the amazing technology and business solutions to support our ambitious global growth plans. At the heart of these plans is the rebuilding of our digital platforms and channels to provide the best shopping experience for our customers. Our plan is designed to enable us to really put our mobile experience first, enable personalisation and support a data driven organisation. We are also making significant investments in all our Buying, Merchandising, Finance and People systems with the latest toolsets and applications to accelerate the next phase of our global growth. We are also improving our ways of working within Technology to enable autonomous platform development and improve our engineering and agile practices.

Senior Security Analyst

An exciting opportunity has arisen for a Senior Security Analyst to join the ASOS Governance Risk and Compliance (GRC) Team in Cyber Security.

Reporting to the Information Security Risk and Compliance Lead, this role will assist in the development, enhancement and execution of ASOS’s information security risk and compliance function. This will include activities such as helping to maintain our compliance with the Payment Card Industry Data Security Standard (PCI DSS), aiding in implementation of ISO 27001, maintenance of our security policies and standards and managing third-party supplier risk. It sounds simple, and it would be if we were not such a fast moving, rapidly expanding global organization!

You will need to operate at several different levels: from being a team player in the GRC team, working alongside the wider Cyber Security Team and helping other colleagues in all ASOS business areas with their risk and compliance requirements. You will be expected to work with technical teams so technical security experience is a must for this role.

Key Responsibilities:

Responsibilities include, although not limited to:

• Management and maintenance of ASOS compliance projects and certifications (e.g. PCI DSS and ISO 27001), including co-ordination of internal audit activities

• Maturing security risk management capabilities, including working with GRC tooling to conduct risk management workshops and to assist in the maintenance of security risk registers

• Management and tracking of corrective action plans for security audit findings, standards exceptions and control deficiencies

• Supporting other Cyber Security Teams and ASOS business areas with their risk and compliance requirements

• Authorship and maintenance of ASOS security policies and standards

• Management and support for the security assessment of third-party suppliers using ASOS third-party risk management platform

What success looks like:

• Being an integral member of the GRC Team to support the smooth running of GRC activities

• Building effective relationships across ASOS business areas

• Providing mentorship and guidance to junior GRC Team members

We’d love to meet someone with:

• Competency in computing and networks as well as in cyber-security either by having either relevant work experience, completed a degree and/or obtained industry relevant certifications (e.g. CISSP, CISM, CISA, CRISC)

• Experience with standards such as PCI DSS and ISO 27001 (ISO 27001 certifications such as Lead Implementer/Auditor beneficial)

• Good knowledge of applicable data privacy practices and laws (e.g. DPA, GDPR)

• Broad knowledge around network technologies (especially cloud) and technical security

• Excellent organizational skills to plan and manage multiple projects across the business

• Proven ability to multi-task conflicting priorities

• Strong communication and presentation skills and ability to influence at all levels of an organisation

•