Information Security Analyst - Governance, Risk & Compliance

"We are on a mission: to transform the future of online grocery through cutting-edge technology innovation."

What does the team do:

Our InfoSec team is instrumental in securing Ocado Group’s global mission; working tirelessly every day to keep our data safe, and to protect our customers, partners and systems.  This exciting opening sits within the GRC (Governance, Risk & Compliance) Team, which owns Ocado Group's security policies, and works closely with the Internal Audit function to make sure that the wider Ocado Group knows and understands the risks we all take with the information that we are trusted with day-to-day.

We are looking for an Information Security Analyst to join the GRC team to support all aspects of information security across the whole organisation, including overall information security governance, compliance programs, third-party vendor risk management, education, and Vendor Risk Management tool administration. 

What would I be doing?

Reporting to the Group Information Security Manager, the role holder will work on all security matters spanning people, process, and technology, collaborating with various stakeholders across Ocado.  You will support the wider information security team in writing, reviewing and updating information security related policies and processes, coordinating and supporting the InfoSec risk management process.

This role is not a technical hands on role, but would suit an individual who has a technical background having worked with a range of technology and security tools.

As an Information Security Analyst for GRC, you would:

• Create and regularly revise information security documents, policies, processes and procedures as required.
• Work closely  with business stakeholders and project teams to understand, scope and define security requirements.
• Assist in developing control testing strategies, to ensure our security controls are meeting their objectives.
• Perform internal security and vendor risk assessments.
• Support Data Protection activities as required.
• Assist the Information Security teams and Business functions in maintaining security certification which include PCI DSS, and SSAE18/SOC2 attestation.
• Provide effective reporting to the Group Information Security Manager of trends, audit findings and risk ratings.

What we are looking for:

• Experience of working in an Information Security role dealing specifically with governance, risk and compliance areas.
• Prior experience writing Information Security related Policies, Processes and Procedures.
• Experience managing internal and third-party vendor risk assessments, and writing risk assessment reports.
• A track record of effectively analysing security controls, while understanding the risk of certain controls not being in place.
• The ability to effectively communicate security risks and impact to various business (often non-technical) stakeholders.
• The ability to work proactively and collaboratively in a fast-paced working environment, balancing multiple concurrent activities and initiatives.
• Knowledge of Vendor Risk Management tools such as OneTrust.
• Knowledge of current information security standards, frameworks and regulations such as ISO27001, NIST, SSAE16/18/SOC 2, PCI-DSS, GDPR.

This would make you stand out from the crowd:

• Working towards (or already have) any of CISA, CRISC, or CISM certifications.

About Ocado Technology

Ocado Technology is changing the way the world shops using advanced Artificial Intelligence, Machine Learning, Robotics, Big Data, Cloud and IoT. We develop the innovative software and hardware systems that power Ocado.com, as well as the unique ‘Ocado Smart Platform’ which is being implemented by ambitious retailers across the world from Europe to America, Asia and beyond. 

Find out more about how we are pioneering the future through serial technology innovation here. 

Our Values

We champion a value-led culture to get our teams working at their very best and to help create a collaborative working environment with inspiring projects that our people love. Core values of Trust, Autonomy, Craftsmanship, Collaboration and Learn Fast help drive our innovative culture.  But don’t just take our word for it, have a look at what our people are saying about us on Glassdoor. 

What we offer you

Our employee benefits are designed for you, we care about people and we’ve ensured we have a wealth of benefits that focus on your well-being. We regularly review our benefits to ensure we are supporting our employees appropriately. Currently, we offer technically stretching work, a competitive salary and;

• Hybrid working patterns meaning part of the working week can be spent working remotely (typically 3 days per week). However, your working pattern will depend upon your role/team).
• 30 days ‘working from anywhere’ policy 
• Wellbeing support through Apps such as Unmind and an Employee Assistance Programme
• 25 days annual leave, rising to 27 days after 5 years service (plus optional holiday purchase)
• Pension scheme (various options available including employer contribution matching up to 7%)
• Private Medical Insurance
• 22 weeks paid maternity leave and 6 weeks paid paternity leave (once relevant service requirements complete) 
• Train Ticket loan (interest-free)
• Cycle to Work Scheme
• Free shuttle bus to and from Hatfield Train Station to the Hatfield offices
• Opportunity to participate in Sharesave and Buy as You Earn share schemes
• 15% discount on Ocado.com and free delivery for all employees
• Income Protection (can be up to 50% of salary for 3 years) and Life Assurance (3 x annual salary)

We also have regular divisional socials, sports clubs not to mention the Ocado Technology Academy for a packed schedule of courses, conferences and events. If you think you have what it takes to make a difference, please submit your application below.

Join our talent community!

Our Talent Community is a great way to stay up-to-date with our latest career opportunities, as well as news and relevant careers insights. Register today, and be the first to be notified when a role we think you’d be perfect for becomes available.

Be bold, be unique, be brilliant, be you. We are looking for individuality and we value diversity. We are an equal opportunities employer and we are committed to treating all applicants and employees fairly and equally. We are committed to making reasonable adjustments to provide a positive, barrier-free recruitment process and supportive work environment. If you have any support or access requirements, we encourage you to advise us at the time of application.

We are thrilled to welcome applicants from across the world. Whilst we are able to offer visa sponsorship, please note that we are only able to cover costs relating to the Certificate of Sponsorship and the Immgration Skills Charge only. For all employment offers made for UK roles, it is expected that you will be based in the UK in commutable distance, ready for your first day of work, so please keep this in mind. If you have any questions, please don't hesitate to ask.

Due to the energising nature of Ocado's business, vacancy close dates, when stated, are indicative and may be subject to change so please apply as soon as possible to avoid disappointment. If you have applied and been rejected for this role in the last 6 months, or applied and been rejected for a role with a similar skill set, we will not re-evaluate you for this position. After 6 months, we will treat your application as a new one. All benefits information is subject to change and the terms of the individual arrangements. Please assume you have been unsuccessful if you haven’t heard from us within 4 weeks.