- Supports the ongoing alignment of information security strategy to business objectives
- Manages risk registers and audit findings, ensuring risks and findings are actively managed by their owners and that exception requests are subject to appropriate authority
- Delivers robust governance processes in the delivery of Halfords Technology capabilities
- Manages an effective information security risk management capability that assesses and manages risk to an acceptable level
- Delivers security processes that include self service capabilities and automation
- Implements an ongoing information security compliance programme
- Supports project and initiatives to ensure that security requirements are incorporated and addressed via a secure by design approach
- Reviews and approves changes as part of Halfords technology change management process.
- Provides a focal point within Halfords for information security expertise
- Supporting the implementation of the information security programme
- Managing and updating Halfords GRC tool to ensure effective operation of Halfords Security and Privacy processes
- Managing the Halfords Security and Privacy project/initiative engagement processes
- Driving information security policy development and annual review processes
- Ensuring that colleagues, contractors, and vendors are aware of and understand Halfords information security requirements and guidance. This may include delivery of training.
- Consolidating relevant audit actions and tracking remediation through to closure
- Acting as an information security subject matter specialist to the business
- Producing monthly metrics and management reports
- Maintaining the information security and technology risk register in the GRC tool
- Carrying out information security risk assessments for projects, key systems, and third parties
- Ensuring that risks/issues are identified and evaluated in line with Halfords risk methodology
- Ensuring risks are owned at the appropriate level, actively managed, and that exception requests are subject to appropriate authority
- Assisting with the development of the GRC tool and processes driving continual improvements in effectiveness and efficiency
- Supporting the information security incident response process as required
- Producing monthly metrics and management reports
- Carrying out compliance assessments including but not limited to:
- Halfords information security controls
- Identified external regulations
- Contractual obligations
- Acting as a point of contact for internal and external information security audits
- Tracking noncompliance and audit findings through to remediation and closure
- Contributing to third party due diligence questionnaires received by Halfords
- Maintaining a rolling 12-month compliance schedule
- Producing monthly metrics and management reports
- Coordinating Halfords annual PCI-DSS assessment
- Must have proven experience and knowledge of:
- Information security risk and compliance management
- Cyber/information security concepts
- Conducting information security risk assessments
- Conducting and coordinating compliance assessments
- Writing information security policies and controls
- Should have experience and knowledge of
- Information security frameworks such as ISO 27001 and Cyber Essentials
- Payment Card Industry Data Security Standard (PCI DSS)
- Governance Risk and Compliance tools
- Information Security Technical controls
- Enterprise IT environments
- Data Protection frameworks and requirements
- Key Skills
- Essential
- Excellent written and oral communication skills
- Able to present risk in 'non-technical' business-friendly accessible language
- Ability to effectively prioritise and execute tasks in a high-pressure environment
- Fast learner with a "can do" attitude
- Ability to work independently and as part of a team
- Desirable
- Working towards one or more of the following qualifications
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Working towards one or more of the following qualifications
- Essential
-
Cyber Security Analyst
3 weeks ago
Picture More Birmingham, United KingdomA vital role within the security team providing expert up-to-date technical and business knowledge on Cyber and Information security. · Skills required: · - Firewall implementation and configuration and vendor technologies eg Cisco, CheckPoint. · - Identity and Access Management ...
-
Security Analyst
2 weeks ago
QinetiQ Great Malvern, United Kingdom Permanent / Ful-timeThe role · As a Security Analyst you'll have a role that is out of the ordinary. As a Security Analyst, you will be the first line of defence against a myriad of threats. You will be performing investigations in response to security alerts, identifying and responding to incidents ...
-
Security Analyst
1 week ago
Phee Farrer Jones Birmingham, United Kingdom Full timeGraduate Security Analyst (Birmingham) · Education: 2:1 in STEM Subjects & A-Level Mathematics · Salary: Starting £30,000, rising to £32,000 after 4-6 months · Outline: · We have an incredible opportunity with one of the UK's leading Software-as-a-Service providers. Founded over ...
-
Information Security Analyst
1 week ago
Tarmac Solihull, United Kingdom PermanentAt Tarmac, · 'who you are' matters. We want to get to know you. If you share our values and are proud of a job well done, collaborative in working well with others and ambitious to make things better, then have a read of what we have on offer. We are currently looking for an am ...
-
Risk Information Security Analyst
3 weeks ago
Careers In Group West Midlands (Region), United Kingdom**Summary**: · To ensure that the business runs in accordance with policies, standards, and risk appetite while supporting the development and operational management of risk. You will make sure that all risks, controls, events, and concerns are noted, evaluated, tracked,and given ...
-
Information Security Analyst
2 weeks ago
Locke and McCloud Birmingham, United KingdomRole: Information Security Analyst · Location: Birmingham · Salary: £45,000+ · Locke & McCloud are seeking an experienced Information Security Analyst to join a growing Information Security team at a legal services firm. · The successful individual will play an integral part in ...
-
Cyber Security Analyst
6 days ago
SF Recruitment Birmingham, United KingdomCyber Security AnalystLocation: Birmingham - Hybrid Salary: £40k - £50k DOE + great benefits We are exclusively partnered with an exciting organisation who are on the hunt for a Cyber Security Analyst to join their growing team. As a cyber security analyst, your aim is to support ...
-
Cyber Security Analyst
2 weeks ago
Sidetrade Birmingham, United KingdomCalling all tech enthusiasts Are you a problem-solving, curious, and strategic Cyber Security Analyst? Join us at Sidetrade, the leading global SaaS provider recognized by ) · About Sidetrade and its amazing R&D team · Sidetrade is a fast-growing international software company t ...
-
Information Security Analyst
2 weeks ago
Sainsbury's Coventry, United KingdomJob Description · We'd all like amazing work to do, and real work-life balance. That's waiting for you at Sainsbury's. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you'll realise that ours is a modern sof ...
-
Information Security Analyst
2 weeks ago
White Cap Birmingham, United Kingdom Full timeA position at White Cap isn't your ordinary job. You'll work in an exciting and diverse environment, meet interesting people, and have a variety of career opportunities. · The White Cap family is committed to Building Trust on Every Job. We do this by being deeply knowledgeable, ...
-
Information Security Analyst
1 week ago
Tarmac Solihull, United KingdomAbout the role · At Tarmac, 'who you are' matters. We want to get to know you. If you share our values and are proud of a job well done, collaborative in working well with others and ambitious to make things better, then have a read of what we have on offer. · We are currently l ...
-
Cyber Security Operations Analyst
5 days ago
Gymshark Solihull, United KingdomOVERVIEW: · In our dynamic and fast-paced environment, the Cyber Security Operations Analyst stands as the first line of defense against digital threats. This pivotal role requires a vigilant and proactive professional, ready to swiftly respond to any incidents that occur within ...
-
Security Operation Analyst
1 week ago
Jumar Birmingham, United KingdomSenior SOC Analyst (Shift Work) · Full-time on site (Birmingham) · 6 Month rolling contract · We at Jumar are looking for multiple SOC analysts at 2 different levels to join our Central Government client to work on Tier 2/Tier 3 Security Systems. · Knowledge of security systems ...
-
Cyber Security Analyst
1 week ago
SF Recruitment Birmingham, United Kingdom permanentCyber Security AnalystLocation: Birmingham - Hybrid Salary: £40k - £50k DOE + great benefits We are exclusively partnered with an exciting organisation who are on the hunt for a Cyber Security Analyst to join their growing team. As a cyber security analyst, your aim is to support ...
-
Information Security Analyst
2 weeks ago
Locke and McCloud birmingham, United KingdomJob DescriptionRole: Information Security Analyst · Location: Birmingham · Salary: £45,000+ · Locke & McCloud are seeking an experienced Information Security Analyst to join a growing Information Security team at a legal services firm. · The successful individual will play an i ...
-
Information Security Analyst
2 weeks ago
Locke and McCloud Birmingham, United KingdomRole: Information Security AnalystnLocation: BirminghamnSalary: £45,000+ · Locke & McCloud are seeking an experienced Information Security Analyst to join a growing Information Security team at a legal services firm. · The successful individual will play an integral part in imple ...
-
Information Security Analyst
2 weeks ago
Locke and McCloud Birmingham, United KingdomRole: Information Security Analyst · Location: Birmingham · Salary: £45,000+ · Locke & McCloud are seeking an experienced Information Security Analyst to join a growing Information Security team at a legal services firm. · The successful individual will play an integral pa ...
-
Information Security Analyst
2 days ago
SSP Limited Solihull, United Kingdom Full timeDescription · Key Responsibilities: ** · Configure and manage security tools and technologies to monitor and defend against cyber threats. · Generate reports on security vulnerabilities and compliance status for management. · Collaborate with IT teams to integrate security cont ...
-
Security Operations Center Analyst
1 week ago
Jumar Birmingham, United KingdomSOC Analyst - Multiple Requirements: · SOC Team Leader (09:00 - 17:00, no shift work) · Senior SOC Analyst (Shift Work) · Full-time on site (Birmingham) · Outside IR35 · 6 Month rolling contract · Active SC Clearance - ESSENTIAL · We at Jumar are looking for multiple SOC analys ...
-
Information Security Governance Analyst
2 weeks ago
Mazars Birmingham, United Kingdom Full timeMazars is an engine for rapid and consistent career progression, offering individually designed career paths that help you pursue your interests, match your changing needs, and explore your true potential. We work with diverse, prestigious clients across a range of sectors and ge ...
Governance Risk Compliance and Information Security Analyst - Redditch, United Kingdom - Halfords
![Halfords background](https://contents.bebee.com/companies/gb/halfords/background-L6RR5.png)
Description
Job Purpose
The primary role of the Governance Risk Compliance and Information Security Analyst is to support the Security Architect in protecting the Confidentiality, Integrity and Availability of the Group's information assets via the delivery of the Halfords Governance, Risk and Compliance framework, as well as by the operation of Halfords security processes and procedures.
You will deliver your work through Halfords Governance, Risk and Compliance framework and its security processes and procedures that:
Key Responsibilities
The job holder will be responsible for delivering the following capabilities;
Governance
Risk
Compliance
Key Skills/Experience