We’re looking for a Governance, Risk and Compliance (GRC) Analyst to join our Cyber Security and Risk team here at N Brown Group
The Governance, Risk and Compliance team is responsible for the development and rollout of our security policies and procedures; for building an awareness programme to promote a strong security culture across the organisation; identifying and tracking risks in our supply chain; and for ensuring we maintain compliance with regulations such as the PCI DSS
The team works closely with 1st and 2nd line risk to develop suitable controls and metrics to ensure the Digital Operations department is operating within risk appetite, and track remediation tasks when it is not. As a Governance, Risk and Compliance (GRC) Analyst you will work across all these areas of the team’s responsibilities and help to identify ways to improve simplicity and efficiency. Although this isn’t a technical role, you will be expected to have sufficient technical expertise to understand technology risks and controls to mitigate them
What will you do as a Governance, Risk and Compliance (GRC) Analyst at N Brown?
Support the risk management process by identifying and evaluating threats, and work with risk owners to understand the business impact and help develop treatment plans
Track open risk remediation tasks and facilitate the approval process for risk acceptance requests, ensuring sufficient mitigating controls are in place
Complete risk-based security due diligence on third-party providers during the initial contracting phase and at regular intervals
Contribute to the development of control testing strategies, to ensure our security controls are operating effectively and achieving their purpose
Help maintain compliance with applicable regulations such as the PCI DSS, assist in finding ways to streamline the assessment process
Support the development and delivery of the security awareness training programme by working closely with colleagues across the business to promote a strong information security culture
Design and delivery of regular communication materials over multiple channels
Management and reporting of regular phishing simulation exercises
Management and oversight of Penetration tests
Drive adoption and adherence to Information Security policy, standards, and guidelines
Evaluate requests for exceptions to policies and security compliance queries
Integrate and transform information security policies, standards and procedures
What skills and experience will you have?
Skilled in writing a range of documentation, relevant for the business, ranging from processes and procedures to reports, standards and frameworks
Experience of applying policies and controls in an agile, cloud first organisation
Sufficient technical knowledge to understand risks associated with technology platforms and the controls to mitigate them
Able to constructively challenge processes and procedures to drive continuous improvement
Experience of working within PCI DSS, or other compliance frameworks
Excellent communication skills with the ability to build great relationships across the business and articulate security concepts to non-technical colleagues
Knowledge of how to assist in the delivery of a security awareness programme across a large business
Benefits:
Hybrid working
24 days holiday (+ 8 bank holidays) + paid volunteer time
Annual bonus scheme
Enhanced maternity and adoption leave
Company pension with up to 8% N Brown contribution
Mental Health support both internally and externally, including access to our wellbeing champions and counselling services
A range of financial wellbeing support
Colleague discount across all N Brown brands
Onsite café with subsidised rates and local restaurant discounts!
Life Assurance and Private Medical Insurance
N Brown – who we are and why work for us?
At N Brown, we’re committed to building a diverse workforce and creating an inclusive environment that values equality for all. Our vision is that by ‘championing inclusion, we’ll become the most loved and trusted fashion retailer’. Diversity, Equity, Inclusion and Belonging are, therefore, at the heart of our culture
We’re a forward-thinking digital retailer with a financial services proposition to be proud of. We’re customer-obsessed, serving them through three core brands: JD Williams, Simply Be, and Jacamo. We’re experienced, with over 160 years of trading under our belt. We’re inclusive, as we believe in fashion without boundaries; and we’re sustainable, striving to make as little impact on the planet as possible
In May 2024 we were delighted to be named one of The Sunday Times Best Places to Work 2024. We work hard to create a happy and inclusive culture for everyone and we’re so proud to have made this list - as voted for by our very own colleagues!
Ways of Working
We offer hybrid working which varies across the business depending on the role you’re in. Our Head Office is located in the Northern Quarter in Manchester City Centre. So, if you are travelling by train, tram or bus we’re perfectly located, plus we’re surrounded by cool cafes, trendy bars and the best places to eat!
Our working hours are 36.17 per week and our core working hours are between 10am - 4pm. Given we don’t have strict working hours you can find the working pattern that’s right for you
Our promise:
We’re an equal opportunity employer and value diversity. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status
What happens when you apply to this role as Governance, Risk and Compliance (GRC) Analyst at N Brown?
As soon as we receive your application, we’ll send you an email to let you know. We always aim to come back to you as soon as possible with an update and we really appreciate you taking the time to apply for a role with us. Good luck
