Job Description

Company Description
We're ASOS. We blend our flair for fashion with our love of cutting- edge technology, but more importantly were interested in how we can bring the best out of you.
We exist to give people the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you're free to be your true self without judgment, and channel your creativity into a platform used by millions.
An exciting opportunity has arisen for a Security GRC Specialist to join the ASOS Governance Risk and Compliance (GRC) team in Cyber Security. The successful candidate will report to the Security, Governance, Risk and Compliance Manager and will assist in the development, enhancement, and execution of ASOS's information security risk and compliance function. This role will involve working at multiple levels, from being a team player within the GRC team to collaborating with the wider Cyber Security team and assisting other ASOS business areas with their risk and compliance needs. The ideal candidate is passionate about protecting ASOS and its colleagues and can thrive in a growing and changing security landscape.

We believe being together in person helps us move faster, connect more deeply, and achieve more as a team. That's why our approach to working together includes spending at least X days a week in the office. It's a rhythm that speeds up decision-making, helps ASOSers learn from each other more quickly, and builds the kind of culture where people can grow, create, and succeed.

• Risk Management: Assist in maintaining the CISO's cyber security risk registers and conduct risk assessments or workshops as needed.
• Policy and Standards Maintenance: Author and maintain ASOS's security policies and standards.
• Third-Party Supplier Risk Management: Conduct security due-diligence assessments for new suppliers and manage third-party supplier risk using ASOS's risk management platform.
• Support the implementation and maintenance of PCI DSS.
• Manage and track corrective action plans for security findings, standards exceptions, and control deficiencies.
• Provide subject matter expert knowledge and support on security risk management.
• Support other Cyber Security teams and ASOS business areas with their risk and compliance requirements.

Qualifications

• Candidates should demonstrate competency in cyber security through relevant work experience, a degree, or industry-relevant certifications such as CISSP, CISM, CISA, or CRISC.
• Professional certifications in industry standards and frameworks like ISO 27001 Lead Implementer/Auditor or PCI DSS (ISA, PCIP) are beneficial. Experience with standards such as NIST CSF is also valued.
• A strong understanding of information security principles.
• Knowledge of applicable data privacy practices and laws, including GDPR and DPA.
• Broad knowledge of network technologies, especially cloud and technical security.
• Analytical, problem-solving, and detail-oriented with the ability to manage conflicting priorities.
• Strong communication and presentation skills.
• Ability to build effective relationships across all ASOS business areas.
• Loves to collaborate, share, and learn by doing.
• Excellent organisational skills to manage multiple projects across the business.

Additional Information
What's in it for you?

• Competitive salary, pension, and private medical care scheme
• Performance related bonus
• Flex benefits allowance - which you can chose to take as extra cash, or use towards other benefits
• 25 days paid annual leave + an extra day for your birthday
• Employee discount (hello ASOS discount!)
• Tech Develops - our internal tech focussed skills development programme to focus on your personal growth as a technologist
• Opportunity to represent ASOS at industry leading events
• Opportunity to help shape and drive our DE&I initiatives in Tech (like our WIT movement and Diversity mentoring in Tech)
• Opportunity to make an impact from day one and work with the latest in cutting edge of technology

Skills Required