Senior Information Security Analyst
This job does not exist anymore.
Or fill in the form below to receive job alerts.
|Job Type||Permanent Full Time|
|Area||London, United Kingdom Coventry , United Kingdom|
- You’ll discover a business with a Cloud-first approach, embracing the latest technologies. We’re ahead of the game in methodology too, building a DevOps culture and embedding Agile working. Our Digital and Technology teams develop an extraordinary variety of products and services spanning our supermarkets, online shopping, and our finance offerings through Sainsbury’s Bank. They power a diverse back office, too - from logistics and store support, through to HR apps.
Information Security is crucial to our success in all these areas. So the scope to develop a rewarding career is every bit as big as our ambitious plans to develop new apps and services. As an experienced Senior Information Security Analyst, you’ll be a trusted consultant to the business. Your brief will span security assurance, business as usual, and a diverse portfolio of IT projects. Working closely with project and programme teams, including Security Architects, Technical Designers and Product Owners, you’ll see that projects are delivered securely and compliantly, protecting all sensitive data. Put simply, you will make sure the right security controls are always built in.
Supporting in-house development utilising Agile and Waterfall methodologies, a strong knowledge of security testing will be particularly important. You’ll review projects; provide options on the best security solutions; engage with external and internal security testing resources to agree the scope of testing required; coordinate the testing process; explore the results, then assess and mitigate the risks in collaboration with the project team. The difference you make will be huge.
So what are we looking for?
Equally confident working solo and as part of a team, your end-to-end project engagement skills as a dedicated Security Analyst are second-to-none. You'll have a flair for managing stakeholders, with a talent for clear and persuasive communication - especially when your audience doesn't share your technical security expertise.
Naturally, we’ll expect you to have an impressive track record in information security assurance and compliance, with the skills and knowledge to work independently. Comfortable in a Hybrid environment like ours, you will ideally be familiar with On-Premise Data Centre infrastructure and various Cloud Service Providers.
We’ll expect you to have a CISSP or CISM. In addition, CRISC, CCSP, CEH or an equivalent would be an advantage. You’ll demonstrate the skills, knowledge and experience necessary to hit the ground running in every aspect of your brief, once you have rapidly familiarised yourself with our project assurance and risk management processes. Your expertise spans IT architectures and concepts including Cloud, BYOD and Mobile Device Management; OWASP vulnerabilities, tools and methodologies; HTTP, SSDLC and Security Testing, and PCI, DPA and ISO27001.