What You Can Expect
Reporting into the Head of Risk and Compliance, the aim of the role is to provide support for all Information Security projects, assurance, processes and objectives of the Risk and Compliance (R&C) team.
- Your primary focus will be to be an active participant of R&C team, and to continuously learn, create and improve our processes and methodology. It is our responsibility to partner with the rest of the Group to ensure everyone is speaking the same language in Group Security, Tech departments and the wider group, and you will take a big role in promoting risk and compliance information as needed.
- You will be a part of the team who respond to various regulatory/audit requirements, so being aware of PCI and GDPR requirements and working with various other stakeholders (Tech, Privacy, Legal, HR, etc) is a big asset. There will be lots of opportunity for you to further expand your knowledge relating to regulatory requirements.
- The R&C team works closely with all teams in Group Security, Tech and the business. Understanding what they do and how they do it is very important to enable us to tell an accurate risk story. Although you don’t need to be a technical expert, having the ability to understand both sides of the business really helps in getting the right answer.
- Part of our responsibility includes Vendor Risk Management. We enable the business to understand the risk of various relationships and make informed decisions regarding who they work with. You will be in charge of reviewing these responses and creating risk reports as a result.
- Using Jira and Confluence, and exploring the ways information and data can be used to tell fact-based risk stories, is an area we explore and expand on daily. You will be the ‘go-to’ person for running risk reports using these systems, and we will ensure you get the training you need to do this.
- Creating and updating Policy, in line with the changing threat landscape and compliance requirements helps you understand various industry standards that make up these documents, and translating them into relevant requirements. You will own the schedule for these updates, and to ensure review meetings are run as per the defined process.
- Group Security work together as one team, so when someone else on the team needs us as a matter of priority, we provide the support they need. Not only does this help move the team forward together, it also provides exposure to various parts of the team which are not your primary area of responsibility (such as Cloud Security, Application Security, Incident response, Training and awareness, etc).
- This is an opportunity for you to become an expert in risk and compliance, as well as security disciplines, through your cross function support work.
About the security team at Photobox Group
PhotoBox Group Security (GS) is a trusted, high energy, empowered and proactive team. If you are looking for a place to make a difference, apply your security knowledge, learn a lot, be part of a highly productive team, and are able to work collaboratively with all parts of the business, this is the place for you.
We have a great culture, with a very horizontal structure. We expect you to be knowledgeable, trustworthy, empowered, friendly, focused and responsible.
Our mission is to secure the magic moments created by our customers, across all our brands. Our operating principles define what we focus on and how we make decisions.
We hold ourselves accountable against these principles.
- We are enablers for the organisation, not a bottleneck
- We drive transparency and accountability in risk management
- We minimise vulnerabilities
- We hack ourselves first
- We educate and empower our internal stakeholders and developers
- We contribute to adding financial value.
Requirements (About You)
- 2-3 years’ experience in Security, Technology or other related area.
- Understanding of implementing and maintaining an Information Security Management system (ISO27001 or similar)
- Ability to work with technical solutions such as Jira and Confluence
- Passion to learn and grow.
- Excellent verbal and written communication skills
- A team player, able to establish strong working relationships with stakeholders, colleagues and business partners.
- Able to conduct the role with integrity
- Ability to work independently and use initiative
- Ability to plan, organise and prioritise tasks and projects
- Enthusiastic and positive
A taste of what to expect as part of the team
We’ve recently moved to an incredible new space in Farringdon, with loads of natural light, spaces to support our ways of working and great neighbourhood bars and restaurants Regular socials, engagement activities, drinks, treats and plenty more – an you can be as involved in as little or as much as you’d like We’re open & honest, actively listening to employee feedback to help us in our goal to become an awesome place to work Together we have shedloads of ambition and actively support each other to hit our goals and drive the business forward All sorts of Learning & Development support, including a dedicated budget per team
- 25 days Annual Leave (plus Bank Holidays)
- AXA Private Medical insurance
- Denplan Private dental insurance (Depending on Grade)
- Contributory pension scheme
- Life Assurance that pays out x4 salary
- Eye Care vouchers
- Interest free travel loan
- Cycle2Work scheme
- Generous credit to spend on our products (varies per brand)
About Photobox Group
Did you know we’re Europe’s leading retailer of personal and personalised products? Our family of brands – Photobox, Moonpig, Hofmann and PosterXXL – make millions of moments real for our customers around the world.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
- The Role: Risk & Compliance Analyst
- Location: London
- Department: Technology, Security
- Employment type: Full-time