Job Description

:

Division/Dept.

Corporate Services/Data Governance & Information Security

Location

Hybrid working with base location of Coventry or Manchester

Reporting to

Senior IS Analyst

In a nutshell

As part of the Information Security Governance Risk and Compliance team; you will support the creation and review of Information Security Policy, Standards and guidance documentation. You will research Information Security best practice by investigating and analysing technologies (in use, planned and emerging) within Sainsbury\'s Group. You will also support the education of colleagues through awareness training and the provision of advice, to ensure the secure use of technology.

What you need to do

• Maintain the policy schedule and program of work, to ensure publication on time to the agreed quality
• Manage all online content related to policies, ensure they are kept up to date
• Support all policy related comms -via internal comms, across DGIS, Tech and the wider business, including drafting and publishing
• Manage all Policy and Policy awareness related tooling, to support comms and attestation
• Support measuring success around Policy and report on KPIs and provide reporting on attestation
• Attend appropriate meetings and represent the team to support Policy Awareness
• Capture and document decisions from key governance meetings/forums
• Ensure Policies are communicated to strategic partners, vendors and the Supplier Relationship Management team
• Ensure the relevant technology standards are communicated to specific relevant teams across Tech and the wider organisation
• Articulate our Policies in technical and non-technical terminology so that it can be interpreted by Tech and Business individuals alike
• For HR and user policies (which apply to the majority) create bitesize versions, which can be easily shared and remembered
• Escalate any issues to the Information Security GRC Manager where appropriate

What you need to know and show

• Passion for Information Security and an eye for detail
• Good working knowledge of NIST CSF and ISO27001/2
• Familiar with PCI DSS, GDPR, and other relevant regulation
• Have a background in policy creation and/or update
• Be the \'go to\' person for all questions relating to ISMS
• Work collaboratively with a range of people to support the wider business agenda
• Key stakeholder, SMEs and customers are engaged and kept up to date
• Someone with the ability to think methodically and logically, and communicate well using the spoken and written word
• A working knowledge of different delivery methodologies including, waterfall, agile and hybrid
• Certifications such as ISO 27001 Lead Auditor, CompTIA Sec+, CISM or CISSP are desirable but not essential

Support we will provide

• Your line manager will provide support and guidance
• Access to the GRC, Data Governance and Infosec teams who have a wide array of skills and knowledge
• Extensive support and training materials available
• Other resources as required

About Us: Sainsbury\'s company vision
Our vision is to be the most trusted retailer, where people love to work and shop. That means harnessing the talent, creativity and diversity of our colleagues to ensure that customers receive great service every time they shop with us.
If you would like to hear more about our vision and values, be sure to visit our corporate page.
We invest in training, development and multiple initiatives to ensure our teams feel enabled to offer the best shopping experience to our customers and that Sainsbury\'s is truly a \'Great Place to Work\'.

Sainsbury\'s