Senior Compliance Analyst

Role Profile

Senior Compliance Analyst 

Division/Dept. 

Data Governance and Information Security  

Location 

Hybrid working with base location of Coventry or London

Reporting to 

Security Compliance and Culture – Compliance Manager 

In a nutshell 

As a Senior Compliance Analyst, you’ll play a key role in driving the compliance assurance programme and will be responsible for delivering the annual NIST-CSF maturity assessment, driving continuous maturity and improvement; and you'll support the delivery of operational effectiveness testing of IT general controls. 

You’ll be responsible for defining the security testing roadmap, and communicating this with key stakeholders and senior management, as well as reporting on key outputs and remediation activities. Additionally, you’ll recommend and drive process enhancements across key control areas, whilst seeking out opportunities to drive compliance activities that support the broader compliance strategy. 

What you need to do 

• Responsible for delivering the internal annual NIST-CSF maturity programme
• Own and co-ordinate the security testing roadmap, and provide key support to the overall Compliance strategy
• Manage the annual NIST-CSF assessment testing schedule
• Support and drive the annual IT General Controls assurance programme, and test and evaluate the IT Applications Controls within financial processes
• Deliver key reporting on compliance activities to key stakeholders, and produce packs for the audit committee and data governance committee
• Drive and own the continuous assessment of security and technology control effectiveness across the business, raising appropriate risks or defining remediation requirements
• Responsible for driving remediation plans across the business to improve maturity and reduce risk, whilst reporting on results to key stakeholders and senior management
• Own and drive improvements to process and documentation, to support controls testing and implementation of policy requirements
• Responsible for ensuring the integrity and efficiency of audit records and compliance activity
• Drive the DNS, Domains and SSL programme and support overall project where necessary
• Responsible for managing purchase orders, invoicing and receipts ensuring these are raised correctly and in a timely manner
• Be the liaison and maintain a good relationship with Finance to drive resolutions to any issues

What you need to know and show 

• Ability to collaborate effectively with other teams and stakeholders, to drive the wider agenda
• You’ll have demonstrable experience of delivering an assurance testing programme across industry frameworks and regulations, NIST-CSF, and IT General Controls desirable
• Be highly organised and able to coordinate expected outputs from different stakeholders 
• Familiar with key techniques and industry frameworks/regulations such as NIST-CSF, ISO27001, PCI-DSS, GDPR, and IT General Controls
• Pro-active with upcoming industry changes and ability to implement where necessary
• Be able to proactively identify and own any issues, and follows through to resolve them   
• Ability to prioritise their own workload and deliver quality results in line with the wider compliance strategy 
• Someone with the ability to think methodically and logically, and communicate well using spoken and written word  

Support we will provide 

• Your line manager will provide support and guidance 
• Access to the ITGC, GRC, Data Governance and Infosec teams who have a wide array of skills and knowledge 
• Extensive support and training materials available relating to NIST, IT General Controls, PCI-DSS and GDPR 
• Other resources as required 

We’d all like amazing work to do, and real work-life balance. That’s waiting for you at Sainsbury’s. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you’ll realise that ours is a modern software engineering environment because it has to be. We’ve made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech.

We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new - whether that’s as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we’ll also offer you an amazing range of benefits. Here are some of them:
 
 Starting off with colleague discount, you'll be able to get 10% off at Sainsbury's, Argos, TU and Habitat after 4 weeks. This increases to 15% off at Sainsbury’s every Friday and Saturday and 15% off at Argos every pay day. We've also got you covered for your future with our pensions scheme and life cover. You'll also be able to share in our success as you may be eligible for a performance-related bonus of up to 20% of salary, depending on how we perform.  
 
 Your wellbeing is important to us too. You'll receive an annual holiday allowance, and you can buy additional holiday. We also offer other benefits that will help your money go further such as season ticket loans, interest free car loan of up to £10k, cycle to work scheme, health cash plans, pay advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an Employee Assistance Programme, you will also be eligible for private healthcare too.

Moments that matter are as important to us as they are to you which is why we give up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave. 
 
 Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).