Senior Information Security Policy and Standards Analyst

07 Oct 2017
30 Oct 2017
Contract Type

In a nutshell

Working within the Standards and Compliance team, you will create and review Information Security Policy, Standards and Security Design guidance documentation to support Sainsbury's Colleagues in implementing the appropriate Administrative, Logical, and Physical controls. You will also be investigating and analysing technologies (in use, planned and emerging) within Sainsbury's. In addition you will be supporting the education of Colleagues through awareness training and the provision of consultancy to ensure the secure use of technology.
What I need to do
  • Create Information Security Policy, Standards and Security Design guidance documentation to support Sainsbury's Colleagues in implementing the appropriate Administrative, Logical, and Physical controls.
  • Assess, review and update existing Policy, Standards and Security Design guidance documentation.
  • Analyse new and existing technologies and develop process and guidance for the tools in service and being brought into service by Sainsbury's Group, supporting their secure use through the creation of relevant documentation.
  • Implement Industry best practice and update existing Standards and Security Design documentation used by Sainsbury's Group.
  • Working with technology Owners, Services and Infrastructure and providing consultation services to Sainsbury's Group regarding the most appropriate use of technologies and advise them of Information Security services offered by Sainsbury's.
  • Provide effective education and awareness training to promote the secure use of Information Technology capabilities.
  • Support the implementation of ISO 27001 and General Data Protection Regulations.
  • Understand the relevant Legislation and Regulations regarding the use of Information Technology and the Protection of Data.
  • A flexible outlook may be required when dealing with Investigations or Incidents out of hours.
  • Travel to different sites as and when required.
  • Have involvement with all Information Security functions including Projects, SOC and Security Testing to ensure Policies, Standards and Awareness initiatives support their requirements and processes.
  • Support junior Colleagues in developing their skills and knowledge.
How I will succeed
  • Enjoy delivering a professional Information Security service to Colleagues.
  • Effective creation and review of Policies, Standards and Documents.
  • Successful completion of allocated tasks.
  • Compliance with Sainsbury's Information Security Standards.
  • Recognition as an Information Security professional.
  • Continuous Personal Development.
  • Keeping up to date with latest industry knowledge and trends.
  • Excellent feedback from customers.
  • Talkback 360 degree feedback from colleagues.
What I need to know
  • Degree or relevant industry experience - Essential.
  • Professional Security qualification (Current CISSP or CISM preferred).
  • ISO27001 qualification.
  • Knowledge of Data Protection Act and PCI.
  • Knowledge of the principles of Information Security in a commercial environment.
  • Understanding of network architecture, protocols and principles.
  • Understanding of Security risk analysis techniques.
What I need to show
  • Creating and reviewing Information Security Policy and Standards.
  • Proactively taking responsibility, owns any issues arising and follows through to resolve them (get the required result) and recognises how individual responsibility impacts team delivery and inspires others to do the same.
  • Works collaboratively with a range of people to support the wider business agenda.
  • Ability to work un-supervised and deliver on time to budget.
  • Ability to think pragmatically, methodically and logically and communicate well using spoken and written word.
  • Ability to make informed decisions.
Resources available to me
  • Software licences, hardware, documentation and management tools of relevance to the role.
  • 3rd party service providers (as appropriate).
  • Proactive Information Security team.
What decisions I can make
  • Judgement of applicability in creating and reviewing Sainsbury's standards.
  • Risk analysis quantification.
  • Workload management.
  • Points of escalation.