GRC Analyst

Job Description

The Role

At WHSmith our people are at the heart of everything we do. They are the ones that go the extra mile for our customers. The ones that enable our growth. That’s why our IT team works closely with stakeholders to develop and implement technology solutions.

As a GRC Analyst here you will be responsible for the operational and process assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organisation's information security policies.

What you will be doing

Maintaining information security policies, processes, and standards in coordination with internal security and business stakeholders
Managing and maintain the information & data security roadmap, incident, and information requests
Working directly with business partners to facilitate risk assessment and management, assessing, and communicating in line with relative policies and processes
Facilitating the delivery of the information and data security education and awareness training framework across the business to ensure consistent application of policies and standards
Maintaining technical solutions and procedural controls required to manage information security risk in line with the organisation’s information security policies
Facilitating regular access control, asset inventory reviews and remediation plans, in line with the access control policy and asset management policy
Partnering with all technology groups (internal and external) as the data security representative on development projects to deliver secure and compliant security operational services
Documenting evidence in support of annual PCI DSS and privacy impact assessments (DPIA)

What we are looking for

Experience in a combination of risk management, information security and IT roles (including Audit)
Knowledge gained through working with common information security management frameworks (e.g. ISO27001, Cyber Essentials, NIST, PCI DSS, SOC2)
A strong knowledge of Office 365, Teams, and SharePoint
Knowledge of data protection regulations and requirements
Experience of PCI-DSS controls and implementation

How we reward our teams

Hybrid working Model from home and in the office
4pm Friday Finish
Flexible Working
25 Days holiday, plus your Birthday off, plus Bank Holidays with an opportunity to buy extra days holiday
Family Friendly Leave
Competitive Pension Contribution
Sharesave Scheme
Annual Bonus based on company and personal performance
Competitive Salary and Car Allowance
Private Medical Insurance
Staff Discount Card for stores and online

About us

WHSmith have occupied our place in our customers’ hearts for over two decades. You’ll find our stores and our family of brands in airports, hospitals, railway stations, on high streets and in shopping centres – as well as right across the world! We are an ambitious team that thrives on pace, collaboration and innovation resulting in a real entrepreneurial culture.

Celebrating 230 years, we’re proud to have grown and evolved into a globally recognised brand present in over 30 countries around the world, and we’re proud to be that air of familiarity people love and trust on their journey, both in life and through life. As a diverse group of over 12,000 colleagues, we are all on the same journey to a better business through our commitments to our planet, people and the communities we serve.

WHSmith are proud to be an inclusive employer, we want our colleagues to feel welcome, and free to be themselves with us.