Senior GRC Analyst
boohoo group, United Kingdom

Having started in 2006 with just three team members, we've evolved into a multi-brand, ecommerce giant with offices worldwide and a passionate team of over 4,000. In the past year alone, we've achieved remarkable milestones including automating our Sheffield distribution centre, launching our US warehouse, and initiating our tech re-platforming.

In Tech, we’re proud to support every function. We’re a digital-first company that is totally cloud native. We embrace change and future-proof the business, delivering critical customer facing and internal stakeholder facing systems. Everything from colleague tech to frontend websites and apps, buying and merchandising tooling, and all that’s in-between, we take care of it. Our ideas support and drive the Group’s agenda.

As a Senior GRC Analyst within Information Security, your key responsibility is to oversee the governance, risk management, and compliance framework, ensuring Boohoo adheres to security policies and regulations. Additionally, you will maintain and improve the information security management system (ISMS). Your performance will be measured by your effectiveness in creating process and policies to mitigate risks, enhancing compliance, and promoting a culture of security awareness. Your role is crucial in protecting Boohoo's data integrity and compliance, directly contributing to the company's resilience and success.

At Boohoo, our team is committed to safeguarding the integrity, confidentiality, and availability of our systems and data. We take pride in implementing robust security measures to protect against cyber threats, ensuring secure customer transactions and maintaining trust in our brand. With a diverse and pragmatic approach to problem-solving, we align with the Boohoo family values to achieve success.

Over the last 12 months, our team has made significant progress in our information security programme, creating, and implementing Boohoo’s information security strategy and information security risk register. As we move forward, our team has a clear roadmap for the future, and we are excited to continue making a difference. We welcome anyone who shares our passion for information security and values to join us on this inspiring journey.

• Conduct risk assessments to identify vulnerabilities and recommend mitigation strategies.
• Ensure compliance with legal, regulatory, and contractual obligations related to information security.
• Coordinate with various departments to integrate GRC practices into the organisational culture.
• Monitor and report on compliance with security policies and the effectiveness of the risk management programme.
• Lead internal audits and manage external audits related to information security compliance.
• Provide guidance and training to staff on compliance, risk management, and information security best practices.
• Manage the development and maintenance of policy documentation, including information security policies, procedures, and standards.
• Stay informed of the latest Information security threats, regulatory changes, and best practices in risk management.
• Facilitate communication and reporting on GRC matters to senior management and relevant stakeholders.

Requirements

• CISA, CISM, CRISC, ISO27001 (CIS IA).
• Proven experience in information security governance, risk management, and compliance.
• Strong leadership and team management capabilities, including the ability to drive collaboration and motivate cross-functional teams.
• Working knowledge of security management frameworks like ISO27001, PCI DSS, NIST.
• Demonstrable experience in driving and cultivating an information security awareness programme.
• Strong knowledge of security frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, and GDPR.
• Experience with security assessments, audits, and compliance reviews.
• Understanding of risk management methodologies and tools.
• Familiarity with incident response processes and procedures.
• Ability to collaborate effectively with cross-functional teams and stakeholders.
• Excellent analytical and problem-solving skills.
• Strong written and verbal communication skills.
• Ability to work in a fast-paced, dynamic environment and manage multiple projects simultaneously.
• Knowledge of cloud security and emerging technologies is a plus.
• Experience in the retail or ecommerce industry is desirable.

Benefits

We offer them some amazing benefits:

• 25 days holiday
• Free on-site gym with daily classes (due to current restrictions, live PT sessions)
• Discretionary Bonus Scheme
• Company shares schemes - including a ' Save As You Earn' scheme
• Up to 40% staff discount (including PLT

Job Rewards and Benefits