Analyst(Data/ Business/ Application)

Senior Analyst – Information Security & Privacy Analyst

Role Purpose   

Supporting the Information Security Risk Analyst and the wider Information Security and Privacy team in:

  • Scope and identify security risks, controls, and processes across Musgrave’s services
  • Assess security and IT general controls to identify gaps and provide remediation guidance
  • Conduct periodic monitoring and testing across Musgrave’s security and technology requirements
  • Assist with collecting and maintaining evidence for various compliance audits for external assessors and auditors
  • Author policies, standards, and procedures in collaboration with other teams
  • Evaluate and communicate security & privacy risks, processes, and project status to various stakeholders
  • Assist in the development and support of IT security solutions across a variety of complex technical platforms and security domains
  • Monitoring privacy & risk compliance across all of Musgrave’s 3rd Parties
  • Providing advice on behalf of the Information Security Risk Analyst to the wider business from an information security perspective
  • Producing management information, communications, and ad-hoc reporting as required

Role Scope

The purpose of this role is to work with the Information Security Risk Analyst in identifying and managing IT, Privacy and Cyber security risks in an effective and efficient manner to enable the implementation of centrally driven initiatives that are aligned to business needs in an effective and efficient manner.

We are looking for talented individuals with a keen interest in information security, Data Protection, concepts and technologies.

Key Activities

Risk, Governance, Compliance and privacy

  • Build strong relationships and become a trusted adviser to internal stakeholders in order to identify key areas of priority, concern and risk within the relevant operating companies.
  • Develop and write Security Policies and produce the documentation to outline these.
  • Communicate the businesses needs with the wider Cyber Security team and external partners.
  • Support the Musgrave Cyber Security team in their engagement with the business, particularly assisting in training & awareness and policy implementation.
  • Assessing vendors from an IT privacy point of view
  • Assist with the review and monitoring of the IT Privacy Impact Assessments
  • Support activities related to internal phishing campaigns, security announcements, and security awareness training.

Privacy 

  • Assist with activities related to the administration of data protection policies and processes
  • Support with the Breach Management process, Data Access Requests (DAR’s), Data Protection Impact Assessments (DPIA’s), Mailbox management including personal data related queries and complaints, to ensure compliance with GDPR and other data protection requirements
  • Support activities related to data protection campaigns, including the delivery of training and awareness
  • Provide relevant, consistent, and timely data protection advice and support to the business
  • Assist with the review of Third-Party Management / Data Processing Agreements (DPAs)

The ideal candidate will have/be:

Essential Criteria

  • IT Risk or Information Security Certification or similar preferred – e.g. CEH, OSCP, CCSP, CCSK, CCC-PCS, CISSP, etc.
  • Equivalent work-related experience,
  • 5+ years of experience in security or technology governance, risk, or compliance
  • Experience in a compliance related role with specialist knowledge of data protection regulation.
  • Expertise and experiences in implementing & monitoring Information Security controls, practices and technology for multiple levels within an organization.
  • Experience in managing relationships with cross-functional teams and working with various sites to implement coordinated efforts.

Desirable Criteria

  • Relevant third level qualification in Information Security or related degree in Computer Science with a Cyber Security specialty
  • Knowledge of Cloud platforms (AWS/Azure/GCP) environments and services
  • Have worked with or for large retail organisation
  • Track record of implementing security standards or frameworks including at least two of the following: ISO 27001 series, ICT and Security Guidelines, GDPR, NIST CSF, PCI