Having started in 2006 with just three team members, we've evolved into a multi-brand, ecommerce giant with offices worldwide and a passionate team of over 4,000. In the past year alone, we've achieved remarkable milestones including automating our Sheffield distribution centre and initiating our tech re-platforming.
In Tech, we’re proud to support every function. We’re a digital-first company that is totally cloud native. We embrace change and future-proof the business, delivering critical customer-facing and internal stakeholder-facing systems. Everything from colleague tech to frontend websites and apps, buying and merchandising tooling, and all that’s in between, we take care of it. Our ideas support and drive the Group's agenda.
Your role
Being a Governance, Risk & Compliance Analyst within Information Security is an exciting opportunity, your key responsibilities are to improve and maintain our information security framework, as well as ensure security awareness across the group. In practice this means delivering our phishing programme, updating our security awareness training, and guiding staff in the right direction.
Additionally, you will maintain and improve the information security management system (ISMS) as we align to ISO 27001. You will be responsible for upkeeping policies and creating new ones where necessary. You will enhance compliance and promote a culture of security awareness.
Your team
There has never been a more exciting time to join our Governance, Risk & Compliance (GRC) team!
Our information security department take pride in implementing robust security measures to protect against cyber threats, ensuring secure customer transactions, and maintaining trust in our brand. The GRC team compliments this ethos by upkeeping security awareness policies, delivering training, assessing risk, providing internal audits, and aligning our information security landscape to frameworks such as ISO 27001.
Over the last 12 months, our team has made significant progress in our information security programme, creating, and implementing Boohoo’s information security strategy and information security risk register. As we move forward, our team has a clear roadmap for the future, and we are excited to continue making a difference. We welcome anyone who shares our passion for information security and values to join us on this inspiring journey.
Responsibilities
- Deliver and improve our Security Awareness programme, keeping information security training relevant and up to date.
- Deliver our phishing programme, monitoring simulations, provide education and support.
- Manage the development and maintenance of policy documentation, including information security policies, procedures, and standards.
- Contribute to risk assessments and recommend mitigation strategies.
- Ensure compliance with legal, regulatory, and contractual obligations related to information security.
- Carry out actions on the back of audits and contribute to the internal audit of our offices.
- Provide guidance and training to staff on compliance, risk management, and information security best practices.
- Stay informed of the latest Information security threats, regulatory changes, and best practices in risk management.
- Facilitate communication and reporting on GRC matters to senior management and relevant stakeholders.
Requirements
- A passion for information security, tech or information governance.
- Experience in and want to manage Phishing Simulations and write Information Security Learning content.
- A keen eye for updating and writing policies.
- A relevant degree in IT or Information Security qualification such as Comp Tia Security + or ISO 27001 Foundation.
Benefits
- 25 days holiday plus bank holidays
- Discretionary bonus scheme
- Company share scheme
- Life Assurance
- Company Pension Scheme
- Flexible working hours
- Free onsite Gym
- Employee assistance programme including 24-hour confidential helpline
- Our Reward Platform allows you to tailor your benefits to suit your needs - such as Private Healthcare, Dental and Healthcare Cash Plans, a Cycle2work Scheme and plenty of fun anytime benefits such as coffee club or virgin experience days.
- 40% discount across 8 brands, 20% discount on Debenhams
- Discount & Cashback portal
- Season Ticket Loans
- Learning and development support and opportunities both internally and externally
- Our social calendar? Next level!