Senior Information Security Analyst - Product Assurance

Holborn Store Support Centre

Location

Holborn Store Support Centre

Hours

Full-time

Contract Type

Permanent

Salary

Competitive plus benefits

Areas of business

Information Security

Job ID

1800015T

Google Map of 33 Holborn London EC1N 2HT

Sainsbury's Supermarkets Ltd, 33 Holborn, London, EC1N 2HT

The big question: why on earth should a Tech professional like you work for a 150-year-old retail chain? Because we’re on a journey. Changing the way we operate.  Learning to think nimble. Giving our teams the time and freedom they need to push boundaries. To create amazing systems and technologies. To give our colleagues and our customers even more incredible experiences.


There are thousands of experts to talk to and learn from. We’ve got data from billions of transactions for our teams to play with. Things get built here. They get made here. They hit customers and colleagues quickly. Welcome to the home of Sainsbury's Tech.


More about the role:
  • As an experienced Senior Information Security Analyst, work with limited supervision, with the responsibility for Security input to a portfolio of Products
  • Provide end to end engagement on a wide range of IT projects ensuring that security is built in, they deliver securely and client and employee data is protected
  • Attend Programme/Project meetings and represent Information Security, giving advice as required
  • Review architectural and design documents including Solution Outline Documents, Detailed Designs, Network Diagrams, Data Flow Diagrams etc
  • Define Security Non Functional Requirements for each project and ensure that they are fulfilled prior to going into service
  • Ensure the relevant technology standards are applied to specific projects
  • Produce resource estimates for Information Security engagement on projects and record your time on the current resource management tool
  • Manage external resources to ensure that penetration testing is carried out to a suitable standard on time and within budget
  • Scope and manage Penetration Testing including the production of a plan to remediate vulnerabilities identified during any tests in a timely manner
  • Liaise with the Information Security Testing Team to ensure that Code Reviews, Application Scanning and Infrastructure Scanning is conducted in support of In-House Development utilising Agile delivery methodologies
  • Provide end to end assurance of IT products across the Group, during business as usual throughout a product’s lifespan, protecting client and employee data and ensuring compliance with Information Security policies and standards
  • Review and approve Change Requests relating to assigned Products
  • Responsible for ensuring that any vulnerabilities identified are processed in accordance with the latest Information Security Risk Management process including; risk analysis, identifying and applying appropriate controls, recording, reviewing and approval
  • Articulate risk in technical and non-technical terminology so that it can be interpreted by IT and Business individuals alike
  • Carry out PCI impact assessments on projects where appropriate
  • Assess the current technology infrastructure to identify information security and compliance risk areas and recommend controls to address those risks
  • Identify areas of Information Security policies, procedures, standards and guidelines that need to be refined or developed
  • Escalate any issues to the ISM Product Assurance where appropriate
  • Attend Change Advisory Board meetings and provide security input on proposed changes
  • Mentor junior/less experienced Analysts
What we’re looking for:
  • CISSP or CISM essential; CRISC, CCSP, CEH or equivalent desirable.
  • Computer Science degree and/or MSC in Information Security desirable but not essential.
  • Working knowledge of different delivery methodologies including Waterfall, Agile and Hybrid.
  • Strong risk management knowledge and experience.
  • Knowledge and skills to manage Penetration Testing processes and remediation.
  • Has a broad knowledge and understanding of IT concepts and architectures including Cloud, BYOD, Mobile Device Management etc.
  • Proactively takes responsibility, owns any issues arising and follows through to resolve them, recognising how individual responsibility impacts team delivery and inspires others to do the same.
  • Knowledge of OWASP vulnerabilities, tools and methodologies.
  • Knowledge of HTTP, SSDLC and Security Testing.
  • Strong current knowledge of PCI, DPA and ISO27001.
  • Ability to work with minimal supervision and ensure Products are delivered with security built in and remain secure throughout their lifespan.
  • Ability to provide IT/IS Security assurance on complex projects.
  • Demonstrates extensive knowledge of good security practice ensuring that all aspects of Confidentiality, Integrity and Availability are adhered to.
  • Expert in methods and techniques for risk management.
  • Experience of reviewing system design documentation; including Detailed Infrastructure Designs, Service Acceptance Criteria, Non-Functional Requirements etc.
  • Ability to think methodically and logically and have well honed communication skills.
  • Works collaboratively with a range of people to support the Information Security and wider Business Strategies.
In return you’ll get:
  • Colleague discount across the multi-brands – Sainsbury’s, Argos and Habitat
  • Holiday allowance
  • Bonus scheme
  • Pension plan
  • Special offers on gym memberships, restaurants, holidays, retail vouchers and more

Flexible working and job share conversations are encouraged. Across our multi-brands, we’re proud to be an equal opportunities employer that champions a diverse and inclusive culture. If you’re reading this, even if you’re not 100% sure you’re there with your experience, we’d still love to hear from you. If you’d like to find out more head to Sainsbury's Tech


#LI-DB