GRC Analyst

Your Team

We started out as one brand with only three team members in 2006, today we are now made up of 13 amazing brands and counting, we have offices all over the world and we've grown to a 6,000+ strong team we call our boohoo family - and we don’t plan on stopping yet. We have big ambitions, huge potential and a clear strategy to continually evolve and grow the business. It’s a seriously exciting time to join us and influence the next chapter of our success.

In Information Security, we’re proud to support every brand and every function. We’re a digital-first company that is totally cloud-native. We embrace change and future-proof the business, delivering critical customer-facing and internal stakeholder facing systems. Everything from colleague tech to front-end websites and apps, buying and merchandising tooling and all that’s in-between, we take care of it. Our ideas support and drive the Group’s agenda.

Role

This role provides a unique opportunity to develop your skills and influence how we do Information Security, in a team that is working to evolve Boohoo into a “security first” mentality.

You’ll be helping to ensure implementation, monitoring and maintenance of controls across the information security estate, working closely with key stakeholders to enable Boohoo to continue to grow. You will play a crucial role in assessing risk, ensuring compliance with ever evolving legislation and frameworks, while strengthening the overall security posture of the company.

Tasks, duties & responsibilities:

• Collaborate with stakeholders to develop and maintain policies that meet business need whilst keeping the business secure.
• Ensuring the business is receiving appropriate security awareness training, through in person, online and simulation testing
• Provide advice and guidance to the wider business on information security and the risks to the business
• Take ownership of the 3rd Party due diligence process to ensure we understand the risk from our supply chain
• Support the implementation of and operation of an information security management system
• Review, challenge and contribute to technical designs to ensure that security is designed into new solutions
• Keep the business informed of changes to regulation, technical security requirements and best practice
• Review, maintain, improve and gain assurance over security solutions deployed within Boohoo

Need to have:

• Understanding of information security principles and a knowledge of regulatory requirements relevant to a retail company
• Ability to manage business objectives with security requirements, conveying the security requirements in layman’s terms
• Analytical mindset with a problem-solving ability
• Ability to thrive in a fast-paced environment
• Able to take initiative, work independently and identify where prioritization is needed
• Strong communication and interpersonal skills
• Attention to detail and a commitment to maintaining the confidentiality, integrity and availability of information

Highly Desirable

• 3+ years working experience within information security, GRC or audit function
• Professional certifications such as ISO27001 lead auditor and/or lead implementer, CISSP, CRISC, CISA etc

Why join us

• You’ll get the opportunity to take part in our various share schemes
• Core hours enable you to flex your working times around your needs on an ad hoc basis
• Benefits that support your health and wellbeing
• There’s up to 40% discount off our all of our brands
• Our social calendar? Next level
• With HQs in Manchester and London and offices across the globe (some are dog friendly!), we offer a buzzing atmosphere and the boohoo family culture wherever you work!!

#LI-BC1 #LI-HYBRID