Information Security Analyst (GRC)

Hatfield, Hertfordshire, UK

Ocado Technology logo
Ocado Technology
Apply now Apply later

Posted 1 month ago

“We are on a mission to transform the future of grocery retail through sustained technology innovation.”

Ocado Technology is putting the world’s retailers online using advanced artificial intelligence, robotics, big data, the cloud and IoT. We develop the innovative software and hardware systems that power, as well as the unique ‘Ocado Smart Platform’ which is being implemented by ambitious retailers across the world from Europe to America, Asia and beyond. With everything from websites to highly automated warehouses that we design in-house, our employees are skilled specialists with expertise across a wide range of technologies, working on cutting-edge innovations that are shaping the future of our society.

We are a fast- growing company: today we have colleagues in 7 development centre across the UK and Europe, with offices open in London, Hatfield, Welwyn Garden City (UK), Krakow, Wroclaw (Poland), Sofia (Bulgaria) and Barcelona (Spain), with a satellite office in Stockholm (Sweden).

We champion a value-led culture to get our teams working at their very best and to help create a collaborative working environment with inspiring projects that our people love. Core values of Trust, Autonomy, Craftsmanship, Collaboration and Learn Fast help drive our innovative culture.  But don’t just take our word for it, have a look at what our people are saying about us on Glassdoor

What would I be doing?

  • Contribute to the creation and refresh of information security documents, policies, processes and procedures.
  • Work with business stakeholders and project teams to understand, scope and define security requirements.
  • Assist in developing control testing strategies, to ensure our security controls are meeting their objectives.
  • Perform internal and vendor risk assessments.
  • Supporting Data Protection activities as required.
  • Support the Information Security teams and Business functions in maintaining security certifications which include PCI DSS, and SSAE18/SOC2 attestation.
  • Provide effective reporting to the Group Information Security Manager of trends, audit findings and risk ratings.


What does the team do

Information Security Analyst will support the InfoSec GRC team in all aspects of information security across the whole organisation, including overall information security governance, compliance programs, third-party vendor risk management, education, and Vendor Risk Management tool administration.

Our GRC team within the Information Security department are looking to grow their team from 2 to 3 analysts, you’ll work alongside colleagues to support the wider teams in writing, reviewing and updating information security related policies and processes, and coordinating and supporting the InfoSec risk management process.

What we are looking for 

  • Proactive and collaborative approach, comfortable working in a fast paced environment prioritising multiple parallel activities.
  • Performing internal and third-party vendor risk assessments, and writing risk assessment reports.
  • Ability to analyse security controls, while understanding the risk of certain controls not being in place.
  • Ability to effectively communicate security risks and impact to various business stakeholders.
  • Knowledge of Vendor Risk Management tools such as OneTrust
  • Knowledge of current information security standards, frameworks and regulations such as ISO27001, NIST, SSAE16/18/SOC 2, PCI-DSS, GDPR.

What we offer you

Our employee benefits are designed for you, we care about people and we’ve ensured we have a wealth of benefits that focus on your well-being. Within our flexible environment we can offer technically stretching work, a competitive salary and share schemes. Benefits include pension scheme, train season ticket loan (interest-free), free shuttle bus from Hatfield train station and of course, healthy Ocado retail staff discounts. 

We also have regular divisional socials, sports clubs not to mention the Ocado Technology Academy for a packed schedule of courses, conferences and events such as discussion sessions, conference briefs and external guest speakers. If you think you have what it takes to make a difference, please submit your application below.

Due to the energising nature of Ocado's business, vacancy close dates, when stated, are indicative and may be subject to change so please apply as soon as possible to avoid disappointment. 

Please note: If you have applied and been rejected for this role in the last 6 months, or applied and been rejected for a role with a similar skill set, we will not re-evaluate you for this position. After 6 months, we will treat your application as a new one. 

Be bold, be unique, be brilliant, be you. We are looking for individuality and we value diversity above gender, sexual orientation, race, nationality, ethnicity, religion, age, disability or union participation. We are an equal opportunities employer and we are committed to treating all applicants and employees fairly and equally.

Job tags: Artificial intelligence Big Data GDPR ISO27001 NIST PCI Risk assessment SOC 2 SOC2
Job region(s): Europe
Share this job: