Security engineer - ISO - Compliance - GDPR - Retail - IT Secruity Polices
Role: Security Engineer
Type: Perm
Based: Hybrid - 2 days in either Birmingham or Watford office
This role is to join one of the UKs largest Luxury retail brands!
Brief in short
To deliver activities that ensure the clients retail compliance and legislative controls (including SOx, PCI-DSS, GDPR, RJC, Software Asset Management, ISO 27001).
Business scope
- Over 200 stores across UK and the Republic of Ireland and 2 Stores Support Centre locations
- 5 key IT suppliers
- Organization is subject to SOx, PCI-DSS, GDPR
- Internal and external compliance and financial audits
- Internet IT audit
- Regular co-ordination and alignment meetings with corresponding functions in the US (e.g. on implementation of new software)
The role in more detail
This job is within the Service and Operations team which is responsible for compliance with/to all contractual and legislative controls, including SOx, PCI-DSS, GDPR, RJC, Software Asset Management.
The team ensures that corporate IT security policies, procedures and solutions are understood, communicated, delivered and maintained. The job is a hands-on, engineering position involving both technical implementation and administrative work. The technical work is principally deploying and managing software supporting compliance across many different platforms and technology stacks. For example: Active Directory policy and group updates, Quest role management and configuration.
The size of the organisation means that the security team is involved in incident and service request response, as well as planned tasks e.g. granting or troubleshooting access to a server for another engineer who has been authorised access.
Regular compliance activities include:
- Weekly IT senior management updates on current and planned security and compliance activities
- Quarterly compliance audits
- Weekly supplier contact advising and supervising their security posture and compliance
- Annual full SOx, Financial and PCI-DSS audits
- Monthly Architecture Review Board meetings (where new proposals are tested for compliance considerations)
- Periodic security penetration testing
- Semi-annual Executive Security Meetings
- Periodic software audits
- Review of DPIAs as part of GDPR compliance
Accountability
- Implement and test security alerts and controls.
- Highlight issues where compliance or security is threatened.
- Implement changes to IT administrative processes, documentation and controls which exist to deliver data security, compliance and security.
- Implement new IT security software and hardware and changes to existing (for example Active Directory, endpoint security, role management) meeting Signet’s security and compliance standards.
- Assist with the preparation for regular compliance activities.
- Proactively advise & manage IT 3rd party suppliers of their needs & responsibilities re security, compliance & DR/BC
- Support the clients interaction with 3rd parties required to provide attestation of security, compliance & adherence.
- Participate in and contribute to Design Review Group, test management, problem management and other IT forums to ensure Security & Risk Mgt requirements are incorporated.
- Ad-hoc assistance to the service operations team and participation in other IT initiatives for the furtherance of the IT team’s goals.
- Ensures personal compliance with Code of Conduct, Bribery Act, Competition Law, data protection legislation and other company policies.
Apply today for immediate consideration
