Jobs

Information Security Analyst - Product Assurance


Job details
  • Sainsbury's
  • Coventry
  • 6 days ago

Job Title / Role

Information Security Analyst - Product Assurance

Reporting to

Information Security Manager - Sainsbury's

Division/Dept

Data Governance and Information Security (Corporate Services)

Location

Holborn, Coventry, Manchester (Flexible)

In a nutshell

As an Information Security Analyst in the Data Governance and Information Security Team, you will be working within the Product Assurance team who are responsible for ensuring our Engineering and Development communities are building and maintaining secure products through their entire lifecycle.

You will be continually reviewing our security posture and setting the direction on how best to make improvements in line with the evolving threat landscape and core business objectives.

What you need to do

As an Information Security Analyst, you will have good all round Infosec experience coupled with finely honed Stakeholder Management skills to ensure that robust security is maintained across our environment.

  • Work in a flexible, agile manner within Engineering Families, whilst maintaining appropriate levels of challenge and governance
  • Ensure security is built in by design, products are delivered securely with client and employee data appropriately protected
  • Define Security Non-Functional Requirements for each project and ensure that they are fulfilled prior to going into service, ensuring the relevant technology standards are applied to specific projects
  • Liaise with the Information Security Testing Team to ensure that Ethical Hacking, Code Reviews, Application Scanning, and Infrastructure Scanning is conducted.
  • Provide end to end assurance of IT products across the Group, throughout its lifecycle, providing approvals where appropriate
  • Articulate risk in technical and non-technical terminology so that it can be interpreted by IT and Business individuals alike.
  • Help identify, assess, and manage strategic, operational and emerging risks affecting the Cloud and Data, and articulate, quantify and monitor risks according to risk appetite.
  • Build and maintain strong senior stakeholder relationships within technology and the business to understand security risk and drive robust risk-based decision making.
  • Effectively articulate technical issues to business units and engineering teams.
  • Liaise with third-party strategic partners and providers who support Sainsbury's.


What you need to know and show

  • At least 4 years proven experience demonstrating technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture
  • Appreciation of containerisation technologies such as Docker, Kubernetes etc.
  • Fundamental knowledge of logging, monitoring, load balancing/proxies and API gateways
  • Fundamental knowledge of GitHub, Jenkins & Jira
  • Basic knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI-DSS and Cyber Kill Chain
  • Fundamental understanding of PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies
  • The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing
  • Strong understanding of the changing threat landscape and how this may affect our systems
  • The ability to challenge concerns and report through appropriate channels
  • Self-drive, motivation and the ability to work independently to deliver expected outcomes
  • In-depth understanding of data and security risks in a large enterprise
  • Risk & Vulnerability Management experience and understanding of Risk & Vulnerability Management Frameworks
  • Strong analytical and report writing skills.
  • Experience with serverless cloud technologies such as AWS storage and Lambda functions.


Desirable Qualifications

You will have one (or more) of the following:

  • CompTIA Security+, Network+, Linux+, Cloud+, Data+, DataSys+
  • CSA CCSK / CCAK
  • AWS Certified Security
  • Microsoft Azure Security Engineer Associate
  • (ISC)² CISSP / CCSP / SSCP
  • ISACA CISA / CISM / CRISC / CGEIT
  • MSc. Information/Cyber Security


As well as lots of on-the-job training and endless opportunities, you'll get:

  • Colleague discount across our multi-brands - Sainsbury's, Argos, TU Clothing and Habitat
  • Holiday allowance
  • Bonus scheme
  • Pension plan
  • Special offers on gym memberships, restaurants, holidays, retail vouchers and more


Work-life balance is important to us, so we offer our colleagues as much flexibility as possible in line with the needs of their role. We trust them to decide how, where and when they work, combining remote and collaborative working with a flexible approach to hours, giving them plenty of time and space for life outside of work whilst delivering against our business goals.

We are committed to being a truly inclusive retailer, so you'll be welcomed whoever you are and wherever you work. Around here, there's always the chance to try something new - whether that's as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we'll also offer you an amazing range of benefits. Here are some of them:

Starting off with colleague discount, you'll be able to get 10% off at Sainsbury's, Argos, TU and Habitat after 4 weeks. This increases to 15% off at Sainsbury's every Friday and Saturday and 15% off at Argos every pay day. We've also got you covered for your future with our pensions scheme and life cover. You'll also be able to share in our success as you may be eligible for a performance-related bonus of up to 10% of salary, depending on how we perform.

Your wellbeing is important to us too. You'll receive an annual holiday allowance, and you can buy additional holiday. We also offer other benefits that will help your money go further such as season ticket loans, cycle to work scheme, health cash plans, pay advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an employee assistance programme.

Moments that matter are as important to us as they are to you which is why we give up to 26 weeks' pay for maternity or adoption leave and up to 4 weeks' pay for paternity leave.

Please seewww.sainsburys.jobsfor a range of our benefits (note, length of service and eligibility criteria may apply).

Sign up for our newsletter

The latest news, articles, and resources, sent to your inbox weekly.

Similar Jobs

Information Security Analyst

Information Security Analyst – Chorley – Hybrid Focus: Information Security, ISO27001, Networking, Security PolicyLocation: Chorley, Lancashire commute from Preston, Horwich, Bolton, Blackburn etc with a hybrid working model Join a fast-growing software company as an Information Security Analyst and take the lead on critical cybersecurity initiatives. You'll be at the...

Chorley

Information Security Analyst (GRC)

Information Security Analyst - Hatfield - Hybrid - up to £60k + Excellent BensAbout the company:Global Technology powerhouse pioneering the future of transport & logistics through disruptive innovation and automation. They create world-class systems at the intersection of robotics and IoT, cloud platforms, big data, machine learning, software development, and...

Hatfield

Information Security Analyst - GRC

We are looking for an Information Security Analyst to join our Security team and focus on the Governance, Risk and Compliance.This role offers an InfoSec Analyst the opportunity to represent information security, interpret technical design and how information security best practises should be applied.This is a permanent position based at...

Northampton

Information Security Analyst

About The RoleTeam – Information Security - Risk and GovernanceWorking Pattern - Hybrid – 2 days per week in the Vitality Bournemouth Office. Full time, 35 hours per week. We are happy to discuss flexible working!Top 3 skills needed for this role:A keen learner.Experience working in a Cyber Security role.Good...

Bournemouth

Information Security Analyst (Supply Chain Assurance & Information Governance)

Urenco is a global leader in the production of low carbon energy. We work at the cutting edge of the transition to a sustainable, net zero world.  We’re looking for a Information Security Analyst (Supply Chain Assurance & Information Governance). Based at our new Paddington office 2 days a week...

Paddington

Information Security Analyst

Howdens Joinery are looking for an Information Security Analyst to join our Security team who are based at our office in Brackmills Business Park, Northamptonshire.This role offers an InfoSec Analyst the opportunity to represent information security, interpret technical design and how information security best practises should be applied.This is a...

Northampton