ASOS PLC
,
London, Greater London
Security Analyst
Overview
Job Description
Title: Security Analyst Hours: 09.00-17.30 Location: Greater London House, Hampstead Road, London, NW1 7FB Reporting: Direct to Risk and Compliance Lead Responsibilities and Requirements: * Produce, review and contribute to information/cybersecuritypoliciesandstandards * Assist with the implementation and maintenance of industry standards such as ISO 27001 and PCI DSS * Conduct ongoing monitoring and reporting onenterprise-wide compliance with information security standards and policies * Maintain and update information security risk registers * Manage, track and monitor corrective action plans for security audit findings * Support third-party supplier security assurance processes * Maintain awareness of changes to regulatory requirements and security standards * Provide information security support for internal projects/teams * Assist and support Cyber Security Team workstreams and activities as required * Mentor and assist team members Essential Skills and Experience: * Experienced in working within an Information Security Team * A strong understanding of cyber security threats and vulnerabilities * Working knowledge of risk assessment methodologies e.g. ISO 27005 * Working knowledge of industry security controls standards/frameworks such as ISO 27001, NIST Cyber Security Framework and PCI DSS * Knowledge of regulatory requirements such as DPA 2018 and GDPR * Experience of internal security compliance auditing and remediation tracking * Previous experience of third-party supplier security assurance * Has good communication skills with the ability to liaise with stakeholder colleagues across the business * A good level of technical knowledge and comfortable when engaging both technical and non-technical colleagues * Is organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively * Committed to continuous learning and professional development, and passionate about developing others Desirable: * BSc/MSc degree in Cyber Security, Information Security or a related degree/qualification * Information Security certifications e.g. CISSP, CISM, CRISC and CISA * ISO 27001 certification (Lead Implementor/Auditor) * Experience with cloud environments such as Microsoft Azure * Previous experience of PCI DSS implementation