Security Compliance Analyst
£Competitive + Bonus + Benefits + Gym
Malmesbury, United Kingdom
DescriptionWe are recruiting an experienced IT Security Compliance Analyst with strong Windows/Wintel environments experience. You will deliver assurance that key IT Security Policies and Standards are adhered to via auditing and compliance practices against a defined framework and industry recognised regulations.
The role involves managing existing Policies and Standards as well as publishing new documents. A key element is maintaining PCI compliance; conducting GAP analysis, gathering evidence and engaging with QSA services on an annual basis. You will also provide support and security compliance expertise to the IT Security Compliance Lead to ensure best practice security standards and technologies are implemented across the business.
Market OverviewTucked away in a quiet corner of Wiltshire, but only 15 minutes from the M4 and well connected by rail, our Malmesbury HQ is home to more than 4,000 people in a growing campus that houses our IT, Finance, Group Commercial, RDD and GB & Ireland Market teams. With 3 cafes, a gym and sports facility and a selection of iconic engineering legends including our Harrier and Lightning jets, it’s an inspirational place to work and the Digital team is based in the most recently built, agile workspace.
Function OverviewIt’s no secret that our intellectual property is massively critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Cyber Security department works tirelessly to keep our secrets secret and our crown jewels locked up, using world class technologies to stay one step ahead of the game. We think like hackers and try and anticipate their every move, researching the latest threats and exploring every angle. The Security Architecture team design the technology solutions that keep us at the top of our game, refining our processes, stressing our systems, and making sure we’re well honed. It’s a tireless job, but the bad guys don’t rest.
Accountabilities• Ensure the continued compliance with PCI DSS, within three streams; Website, Retail and Contact Centre.
• Facilitate the PCI DSS annual assessment via an external QSA service.
• Create and maintain an annual compliance plan for PCI DSS including periodic testing and assurance.
• Complete assurance tasks ensuring that the key IT Security Policies and Standards are adhered to.
• Escalate where non-compliance poses a business risk to key business stakeholders.
• Maintain audit evidence repository, ensuring artefacts remain current.
• Perform regular and periodic compliance related tasks such as retail site surveys.
• Maintain oversight of operations functions to ensure activity reflects documented processes and procedures.
• Perform due diligence and IT security assurance over 3rd parties.
• Annual IT Security Policy and Standards update and review.
• Develop and publish any additional IT Security Policies and Standards which are required.
Skills• Experience of working within frameworks and reporting against these.
• Good understanding of key security controls and industry best practice.
• Ability to communicate on both a technical and non-technical level to a variety of audiences.
• A proven ability and experience of policy/standard implementation.
• Experience of conducting compliance reviews, including creation of GAP analysis reports and remediation plans.
• Experience of working with risk management methodologies.
• Have strong experience with securing Windows environments.
• Strong conceptual thinking and communication skills.
• Ability to self-manage and prioritise independently.
Professional security management certification, such as a Systems Security Certified Practitioner (SSCP), Certified Information Systems Security Professional (CISSP), Certified Information systems Auditor (CISA) desirable.