Information Security Analyst at Ocado, Hatfield, £Contractor Rate

  • Contract Spy
  • Hatfield, GB
  • Jan 03, 2020
Duration not stated

Contract Description

Job Description

We are on a mission to transform the future of grocery retail through sustained technology innovation. Ocado Technology is putting the world 's retailers online using the cloud, robotics, AI, and IoT. We develop the innovative software and hardware systems that power, the world 's largest online-only grocery retailer as well as the global ' Ocado Smart Platform '. With everything from websites to fully autonomous warehouse that we design in-house, our employees need to be specialists in a wide range of technologies to help drive our business. Who are Infosec? We are a diverse team with disparate skills and experience but with a common passion for all aspects of information security. We are responsible for information security across the whole organisation and work closely with Ocado 's Technology division to ensure that security is an integral part of our systems and services. As well as dealing with security alerts and incidents, we select and manage our security systems, carry out security assessments of new technologies, manage security compliance programs and provide security advice and education to all areas of the business. Reporting to the Group Information Security Manager, you will work across multiple project streams helping embed security best practices, and ensuring we continually meet and deliver against our information security program. You will work in an advisory manner on information security matters spanning people, process, and technology collaborating with various stakeholders across Ocado. This role is not a technical hands on role, but would suit an individual who has a strong technical background having worked with a range of technology and security tools and is now looking for an information security GRC role. Please note that this position is on a 3 month contract. What we 'd like you to do:

  • Contribute to the creation and refresh of information security documents, policies, processes and procedures.
  • Work with business stakeholders and project teams to understand, scope and define security requirements.
  • Assist in developing control testing strategies, to ensure our security controls are meeting their objectives.
  • Perform internal and third-party vendor risk assessments.
  • Supporting Data Protection activities as required.
  • Support the Information Security teams and Business functions in maintaining security certifications and which include PCI DSS, ISO 27001 certifications, and SSAE18/SOC2 attestation.
  • Providing effective reporting to the Group Information Security Manager of trends, audit findings and risk ratings. We 'd like to hear from you if you have some of the following skills and experience:
  • 3+ years ' experience in information security GRC related role.
  • Blend of self-sufficiency and knowing when to seek assistance.
  • Proactive and collaborative approach, comfortable working in a fast paced environment prioritising multiple parallel activities.
  • Ability to analyse security controls, while understanding the risk of certain controls not being in place.
  • Ability to effectively communicate security risks and impact to various business stakeholders.
  • Understanding of networks and infrastructure including public cloud and technical security controls such as firewalls, IDS/IPS, DLP, SIEM.
  • Knowledge of current information security standards, frameworks and regulations such as ISO27001, NIST, PCI-DSS, DPA, GDPR.
  • Good understanding of the security community, toolsets and knowledge sources. Desirable
  • Knowledge of DPA, GDPR
  • Working for a SaaS service provider - private/public cloud security best practices knowledge
  • Working towards (or already have) any of CISA, CRISC, or CISM certifications What we offer you Our employee benefits are designed for you, we care about people and we 've ensured we have a wealth of benefits that focus on our your well-being.