Senior Information Security Analyst - Project Assurance
There's a whole lot more to technology at Sainsbury's than meets the eye. In this vital role at the forefront of Information Security, you'll find we're as much a Digital and Technology company as we are a Supermarket Chain. And as we continue our digital transformation, you'll be at the heart of it.
You'll discover a business with a Cloud-first approach, embracing the latest technologies. We're ahead of the game in methodology too, building a DevOps culture and embedding Agile working. Our Digital and Technology teams develop an extraordinary variety of products and services spanning our supermarkets, online shopping, and our finance offerings through Sainsbury's Bank. They power a diverse back office, too - from logistics and store support, through to HR apps.
Information Security is crucial to our success in all these areas. So the scope to develop a rewarding career is every bit as big as our ambitious plans to develop new apps and services. As an experienced Senior Information Security Analyst, you'll be a trusted consultant to the business. Your brief will span security assurance, business as usual, and a diverse portfolio of IT projects. Working closely with project and programme teams, including Security Architects, Technical Designers and Product Owners, you'll see that projects are delivered securely and compliantly, protecting all sensitive data. Put simply, you will make sure the right security controls are always built in.
Supporting in-house development utilising Agile and Waterfall methodologies, a strong knowledge of security testing will be particularly important. You'll review projects; provide options on the best security solutions; engage with external and internal security testing resources to agree the scope of testing required; coordinate the testing process; explore the results, then assess and mitigate the risks in collaboration with the project team. The difference you make will be huge.
So what are we looking for?
Equally confident working solo and as part of a team, your end-to-end project engagement skills as a dedicated Security Analyst are second-to-none. You'll have a flair for managing stakeholders, with a talent for clear and persuasive communication - especially when your audience doesn't share your technical security expertise.
Naturally, we'll expect you to have an impressive track record in information security assurance and compliance, with the skills and knowledge to work independently. Comfortable in a Hybrid environment like ours, you will ideally be familiar with On-Premise Data Centre infrastructure and various Cloud Service Providers.
We'll expect you to have a CISSP or CISM. In addition, CRISC, CCSP, CEH or an equivalent would be an advantage. You'll demonstrate the skills, knowledge and experience necessary to hit the ground running in every aspect of your brief, once you have rapidly familiarised yourself with our project assurance and risk management processes. Your expertise spans IT architectures and concepts including Cloud, BYOD and Mobile Device Management; OWASP vulnerabilities, tools and methodologies; HTTP, SSDLC and Security Testing, and PCI, DPA and ISO27001.
If you've got everything we're looking for, we'll give you the most rewarding role of your career so far. And while we're sure you'll be pleasantly surprised by the scope of all we do, rest assured the opportunities for development are as great as you'd expect from a major brand like Sainsbury's.