Information Security, Governance, Risk and Compliance Lead
London, United Kingdom
ASOS
Discover the latest fashion trends with ASOS. Shop the new collection of clothing, footwear, accessories, beauty products and more. Order today from ASOS.Company Description
We're ASOS. We blend our flair for fashion with our love of cutting- edge technology, but more importantly were interested in how we can bring the best out of you.
We exist to give people the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you're free to be your true self without judgment, and channel your creativity into a platform used by millions.
Job Description
The Person:
An analytical problem solver with a strong technical foundation who enjoys working as part of a team in a rapidly evolving environment.
As the Information Security, Governance, Risk and Compliance Lead, you will be responsible for the management of the (security) Governance, Risk and Compliance Team (GRC), reporting directly to ASOS’s Chief Information Security Officer (CISO). Working alongside the other Cyber Security Leads, you will be responsible for driving and maturing ASOS’s security governance, risk and compliance function. We’re quite passionate about protecting our colleagues and the ASOS brand, so we would love someone who can thrive and develop on an ever growing and changing security landscape.
Responsibilities:
- Manage the day-to-day activities of the GRC Team and work as a key contact for GRC-related issues
- Define, document, and maintain, ASOS’s security policies and collaborate in the definition of technical security standards
- Maintain the CISO’s cyber security risk registers and conduct cyber security risk assessments/risk workshops as required
- Implement and maintain compliance with relevant security certifications, e.g., the Payment Card Industry Data Security Standard (PCI DSS) and ISO27001
- Ensure continued compliance with industry security standards, by implementing a schedule of compliance assessment activities
- Management and tracking of corrective action plans for security findings, standards exceptions and control deficiencies
- Conducting security due-diligence assessments of new ASOS suppliers and maintain ASOS’s third-party security risk management platform
- Input into the finalisation of third-party contractual documentation e.g., ensuring adequate security clauses have been included
- Aid the CISO in other cyber security initiatives and production of any required security risk and compliance reporting
Qualifications
- The successful candidate will demonstrate competency in cyber security by having either the relevant work experience, completed a degree or obtained industry relevant certifications (e.g., CISSP, CISM, CISA, CRISC)
- Experience in industry standards and frameworks, such as ISO 27001, PCI DSS and NIST CSF. Experience as a PCI DSS QSA and ISO 27001 Lead Implementer/Auditor beneficial
- Broad technical security knowledge and understanding of applicable data privacy practices and legislation (e.g., DPA, GDPR) is required
- Analytical, problem solving and detail-oriented, with a proven ability to multi-task conflicting priorities
- Loves to collaborate, share and learn by doing
- Building effective relationships across ASOS business areas
- Strong communication and presentation skills
Additional Information
We want our people to be whoever they want to be. That’s why we’re committed to creating a truly inclusive culture at ASOS, but how’re we doing it?
Through our Fashion with Integrity strategy we are driving diversity, equity and inclusion across every aspect of ASOS and ensuring every ASOSer can be their authentic self at work. We want our people to be whoever they want to be, because we believe people who bring their best selves to work, do their best work.
We’re proud members of Inclusive Companies, are Disability Confident Committed and have signed the Business in the Community Race at Work Charter. We’ve also recently been placed 8th in the Inclusive Top 50 Companies Employer List too.
There are safe space employee networks and we host a monthly DEI events series to help support and celebrate all of our people. We are constantly listening to our people, evolving, changing and taking a flexible approach to how we make ASOS truly inclusive.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISA CISM CISO CISSP Compliance CRISC GDPR Governance ISO 27001 NIST PCI DSS Privacy Risk assessment Risk management Strategy
Perks/benefits: Flex hours Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs