CrawlJobs Logo
Fortnum & Mason Logo Fortnum & Mason · IT - Administration

Security Governance Analyst

United Kingdom, London · Job Posted January 07, 2026
Apply Position
Job Link Share

Job Description

As a Technology Security Governance Analyst, you will support and manage elements of Fortnum & Mason Information Security Governance Framework.

Job Responsibility

  • Own and manage the process for third party information security assurance to ensure that ongoing security assessments are undertaken and that contractual agreements reflect information security requirements
  • Support information security awareness throughout the organisation including managing phishing awareness campaigns and delivering and supporting training and awareness to specific user groups
  • Support management and investigation of any information security incidents including ensuring that incident logs are maintained, and any actions / lessons learned are addressed
  • Support Fortnum & Masons PCI compliance program including ensuring evidence of compliance is collated and maintained and undertaking audit checks within stores
  • Manage the process for Information Security Risk Management to ensure that all information security risks are owned and documented and remediated to an agreed and accepted level
  • Support the process for project engagements to ensure that Information Security requirements are defined for each project, Architectural design documents are reviewed to ensure appropriate controls are in place and testing and acceptance processes are in place to ensure that agreed controls have been implemented
  • Serve as a hands-on Security Analyst, proactively identifying opportunities for improvement and delivering security enhancements to our systems
  • Collaborate with partners to ensure the security of the Cisco Meraki network, taking an initiative-taking stance in mitigating risks and initiative-taking patch management
  • Assist with internal and external vulnerability assessments, working with security partners to maintain PCIDSS compliance, overcome security challenges, and drive continuous improvements align to the NIST framework/ISO271002 standards
  • Report and review our secure device imaging using Microsoft Intune & Autopilot, ensuring a standardized, scalable, and resilient setup for retail, hospitality POS, and all corporate end user devices
  • Effective operation of security tooling reporting against our SIEM platform, endpoint protection solutions, and identity access controls, reviewing automated threat detection and forensic incident response to protect critical infrastructure and services
  • Create and manage security policy documentation, assist with security procedures, and training our internal teams and wider retail staff
  • Undertake disaster recovery planning, ensuring business continuity and resilience against potential disruptions
  • Work proactively alongside support, application, and transformation teams, fostering collaborative and communicating security procedures and policies
  • Deliver concise, well-structured documentation, providing clarity for teams and enabling rapid adoption of security best practices
  • Function as a trusted advisor, recognised as the go-to subject matter expert for security, and bridging the gap between end user and the infrastructure and security team
  • Guide and support third-party engagements, ensuring vendors align with enterprise security standards, compliance requirements, and best practices
  • Educate and empower both internal teams and the broader business, fostering a security-first culture and promoting best practices in security and business continuity

Requirements

  • Experience of security and compliance standards frameworks such as ISO 27001, ISO 22301, GDPR, PCI-DSS, NIST, and ACPO guidelines
  • Understanding of UK legal frameworks including the Data Protection Act and Computer Misuse Act
  • Understanding of Microsoft infrastructure including Windows Server Administrator, Active Directory AAD Administrator, Group Policy, and Microsoft 365 services and Azure Cloud resource management
  • Microsoft SQL Server
  • PowerShell scripting
  • Identity & Access Management (IAM), Expertise in Microsoft Entra ID (formerly Azure AD), role-based access control (RBAC), and multi-factor authentication (MFA)
  • Cloud Security, Experience securing Azure environments, including Microsoft Defender for Cloud, Sentinel, and compliance frameworks like PCIDSS
  • Threat Protection & Incident Response: Ability to identify vulnerabilities, implement threat protection, and respond to security incidents
  • Patch Management & Endpoint Security: Understanding of patching, importance of regular updates, patching, and endpoint protection across Windows and Azure environments
  • Familiarity with backup and disaster recovery tools and practices
  • Phishing awareness tools and ability to create training for end users on security best practices

What we offer

  • A generous store and restaurant discount of up to 40%
  • 25 days holidays (excluded bank holidays) and an extra day off for your birthday
  • A fantastic subsidised staff restaurant which uses Fortnum’s ingredients
  • A range of opportunities to develop and grow personally and professionally
  • Excellent pension scheme
Fortnum & Mason - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Security Governance Analyst

8 matching positions

Security Governance Analyst

The Security Governance Analyst is responsible for maintaining and monitoring th...
Location
Location
France , Toulouse Area
Salary
Salary:
Not provided
airbus.com Logo
Airbus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Successful completion of an Academic degree in Information Technology, Information Security Management System or equivalent
  • Solid experience in Security
  • 1 to 3 years experience in Governance, Risk and Compliance
  • Must be a reliable, responsible self-starter with a demonstrated ability to work independently and prioritize effectively
  • Holder of security certifications (SSCP, ISO 27005 Risk Manager, ISO 27001 Auditor etc.) would be an asset
  • Knowledge of security regulations would be an asset
  • Knowledge of physical security would be an asset
  • Communication skills appropriate for interfacing at all levels of the organization including senior management and technical staff including documentation (top level policies, technical standards, etc.)
  • Must work effectively with others in a team environment with strong skills in stakeholder management
  • Project management skills and highly organized, capable of delivering projects on-time and on-budget
Job Responsibility
Job Responsibility
  • Maintain Security OKR and KPI’s
  • Assist with performance of Internal and 3rd party security audits and ensure security findings follow up until closure
  • Ensure Process owners perform RCAs of audit findings and close any actions arising from audits in a timely manner
  • Define the yearly company security audits and penetration testing strategy
  • Assist in the deployment of NAVBLUE’s security policy with the goal of Maintaining ISO 27001/2 certification using the policies, standards and procedures that have already been developed
  • Contribute to the preparation and dissemination of a Security Awareness Program to NAVBLUE staff
  • Maintain documentation at a level that meets the audit requirements ISO 27001/2
  • Help to develop and improve the IT Business Continuity procedures and processes and other applicable security regulations
  • Ensure the implementation and assessment of the security in NAVBLUE’s supply chain, and support the risk identification if needed
  • Be the security focal point and support the other functions with regards to customers request on security
  • Fulltime
Read More
Arrow Right

Lead Analyst, Information Security Governance & Compliance

Beacon Hill Technologies is partnering with a client to identify a Lead Analyst,...
Location
Location
United States , Boca Raton
Salary
Salary:
Not provided
bhsg.com Logo
Beacon Hill
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Practical, working knowledge of audit and assurance concepts and terminology
  • Experience supporting both internal and external audits
  • Ability to evaluate the quality and sufficiency of audit evidence
  • Strong attention to documentation, traceability, and control effectiveness
  • Prior experience in information security governance, compliance, or risk management
  • Demonstrated ability to lead work while remaining directly involved in execution
  • Clear communication skills, particularly when explaining audit or compliance topics
  • Bachelor’s degree in Information Security, Risk Management, or a related discipline
  • 7+ years of experience in governance, risk, and compliance or information security roles
  • Familiarity with security and control frameworks such as NIST or ISO
Job Responsibility
Job Responsibility
  • Support and guide audit, compliance, and risk activities within the information security organization
  • Ensure audit readiness
  • Coordinate audit responses
  • Validate the quality and completeness of evidence
Read More
Arrow Right

Information Security Technology Analyst - Governance

The Information Security Technology Analyst is an intermediate level position re...
Location
Location
Philippines , City of Taguig, Metro Manila
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years of relevant experience
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor's degree/University degree or equivalent experience
Job Responsibility
Job Responsibility
  • Assist Security Incident Response Teams with incident investigations and aid in technical risk assessments
  • Coordinate with system development and infrastructure units to identify Information Security (IS) risks and the appropriate controls for development, day-to-day operation, and emerging technologies
  • Perform regular assessments based on changes in the threat landscape
  • Monitor vulnerability assessments and ethical hacks, ensuring that issues are addressed for the applications that they support
  • Provide information security support with related activities during systems development (e.g. authentication, encryption)
  • Identify and develop new and improved technical procedures and process control manuals
  • Identify significant IS threats and vulnerabilities
  • Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets
  • Fulltime
Read More
Arrow Right

Security Governance Risk & Compliance (GRC) Analyst

Here at Virtru you’ll help build a cutting edge security compliance program alig...
Location
Location
United States , Washington, DC
Salary
Salary:
130000.00 - 180000.00 USD / Year
virtru.com Logo
Virtru
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC Analyst/Engineer experience
  • Deep understanding of at least few of the following: CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy compliance frameworks
  • Technical acumen. Strong understanding of modern cloud technologies (AWS, GCP, Azure, etc.) and familiarity with GRC tools (Hyperproof, Vanta, Drata, etc) and SIEM tools (Datadog, Splunk)
  • You’re a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization
  • Have experience training and coaching teams to become better security and privacy practitioners
  • Like working on an autonomous agile team
  • Ability to resolve conflicts and drive issues to completion
  • Work independently with little or no supervision while maintaining a high level of efficiency
  • Hands on experience deploying and managing vulnerability scanning/cloud security posture management tools (Wiz, Prismacloud, etc.) to meet security compliance requirements
  • Real-world IR experience participating on security On-Call teams
Job Responsibility
Job Responsibility
  • Manage and implement complex controls frameworks for large systems, consisting of Cloud infrastructure and Software as a Service (SaaS) services (GCP, AWS, GitHub, Okta, etc)
  • Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS services
  • Conduct risk assessments across business units and processes. Identify risk findings and recommend remediation and risk mitigation strategies
  • Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders
  • Incorporate CMMC certification into Virtru’s slate of compliance assessments and ongoing monitoring activities (FedRAMP, SOC 2, PCI)
  • Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners
  • Participate in incident response (IR) activities, providing risk analysis and remediation support as needed
  • Enhance the team with your individualism, spirit, and love of learning
What we offer
What we offer
  • A Flexible PTO policy
  • A $1,500 annual Learning & Development Stipend
  • Frequent company-sponsored team celebrations
  • Access to an Employee Assistance Program
  • Access to Headspace, a mental health app
  • A flat 3% contribution to your retirement account
  • A high degree of flexibility
  • Competitive compensation
  • Generous parental, medical, and bereavement policies
  • 401K contribution and stock options
  • Fulltime
Read More
Arrow Right

Cloud Security Senior Cyber Security Analyst

For this activity, we are looking for a Senior Cloud & On-Premises Infrastructur...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4+ years of experience designing and delivering complex cloud and on-premises infrastructures
  • Strong knowledge of security tools such as SSPM, DSPM, or CNAPP
  • Ability to write clear and structured technical documentation
  • Strong knowledge of SaaS environments (Google Workspace, ServiceNow, Workday, Salesforce)
  • Proven experience onboarding solutions in hybrid environments (cloud and on-premises)
  • Knowledge of security frameworks such as NIST, CIS, MITRE ATT&CK, and MITRE D3FEND
  • Knowledge of the CrowdStrike Falcon® Shield solution (formerly Adaptive Shield)
  • Strong expertise in cloud architecture (networking, compute, identity, storage, governance)
  • Cloud Certifications - Google, AWS / Azure
  • Engineering Graduate - preferably B.E. /B.Tech in IT or Computer Engineering
Job Responsibility
Job Responsibility
  • Configure the SSPM solution (SaaS)
  • Create a simple SSPM training material
  • Onboarding 4 SaaS applications = Google Workspace, ServiceNow, Workday, Salesforce on the SSPM
  • Define the SaaS hardening baseline
  • Configure the SSPM alerts
  • Produce a detailed SSPM training manual aligned with the customer environment
  • Collaborate with the customer SaaS team to integrate SaaS applications into the SSPM tool, ensuring security rules are correctly implemented
  • Collaborate with the customer SaaS team to configure alerts within the SSPM solution
  • Fulltime
Read More
Arrow Right

Senior Governance, Risk and Compliance Analyst - Governance

Come join the company that is reinventing cloud security and empowering business...
Location
Location
Netherlands
Salary
Salary:
Not provided
wiz.io Logo
Wiz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in one or more of the Governance, Risk, and Compliance domains
  • Passion for security and keeping Wiz safe
  • Ability to collaborate with technical and non-technical teams alike to further oversight responsibilities of Security
  • Deep knowledge of one or more industry frameworks such as ISO 27001, ISO 27017, SOC 2, PCI DSS, NIST CSF, etc. and baseline knowledge of others
  • Ability to assist with security compliance assessments to ensure compliance with internal and external requirements (ISO, NIST, CIS, etc.)
  • Experience working in a fast-paced tech environment both independently, and collaboratively within a team environment
  • Ability to build strong relationships across teams and functions in a global workplace
  • Applicants must have the legal right to work in the country where the position is based, without the need for visa sponsorship
Job Responsibility
Job Responsibility
  • Design and update policies, procedures, and controls to drive confidentiality, integrity, and availability across the Wiz environment
  • Continuously improve processes, tools, and procedures for audit and compliance management
  • Collaborate and work cross-functionally across the company to address governance and compliance needs and to support the Wiz Control Framework, partnering with Engineering, Product, Sales, Legal, HR, and other teams
  • Proactively improvement control design and performance to address a changing risk landscape
  • Deliver timely audits through working with internal and external auditors
  • Help customer-facing teams respond to information security requirements and questionnaires
  • Assist with third party risk management reviews, assessing vendor’s security, compliance, and privacy posture
  • Participate in team project management, including documentation, project planning, task management, and prioritization
  • Participate in recurring annual core audits (e.g., SOC 2, ISO, PCI)
  • Maintain awareness of security and regulatory trends, perform research and analysis on new certifications, and help Wiz pursue new international compliance initiatives
Read More
Arrow Right

Network Security Analyst RSA Archer Specialist

We are seeking an experienced RSA Archer Specialist / Network Security Analyst I...
Location
Location
United States , Austin
Salary
Salary:
87.00 USD / Hour
mmcgrp.com Logo
MMC Group LP
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must possess one of the following certifications: Archer Certified Professional (ACP) Level 3 Archer Certified Administrator - Expert Certification
  • Strong hands-on RSA Archer administration and configuration experience
  • Experience with: Archer architecture, Workflow design, Data models, Access controls, Application configuration
  • Experience integrating enterprise systems using: REST APIs, Web services
  • Proficiency with: JavaScript, jQuery
  • Strong understanding of: Governance, Risk, and Compliance (GRC), Security controls, Risk management frameworks, Compliance programs
  • Ability to work independently on complex technical initiatives
  • Strong written and verbal communication skills
Job Responsibility
Job Responsibility
  • Design, configure, implement, and maintain RSA Archer solutions
  • Support: Assessment & Authorization (A&A), Controls Assurance, Issues Management, Custom Archer applications, Enterprise integrations
  • Gather and analyze business and technical requirements
  • Translate requirements into: Solution designs, User stories, Configuration specifications, Implementation plans
  • Configure Archer workflows, forms, questionnaires, approvals, calculations, and permissions
  • Develop and support REST API and web service integrations
  • Implement JavaScript and jQuery customizations within Archer applications
  • Support integrations with platforms such as: ServiceNow, ITSM systems, CMDB platforms, Risk management tools
  • Troubleshoot application issues and optimize performance
  • Maintain technical documentation and deployment records
What we offer
What we offer
  • Medical, dental, and vision coverage
  • Life and disability insurance
  • Additional voluntary benefits
  • Fulltime
Read More
Arrow Right

Security Analyst

Location
Location
United States , Latham
Salary
Salary:
Not provided
genesysonline.com Logo
GENESYS Consulting Services
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 84 months of dedicated identity and access management experience with multi-environment experience (Oracle Identity + Microsoft AD + Entra).
  • 84 months of information technology administration experience or equivalent combination of work and educational experiences. (An equivalent combination may include several years of IT administration experience supplemented by formal education such as an associate or bachelor’s degree in information technology, cybersecurity, computer science, or a related field.)
  • 60 months experience of LDAP directories, Single-Sign On (SSO), identity federation, privileged access management, automated life-cycle management.
  • 48 months experience of MS Entra ID hardening, role-based access control, active directory attributes and privileged identity management.
  • 48 months experience with MS Entra ID configuration and maintaining conditional access policies, enforcing MFA, and securing authentication methods to reduce identity-related risks.
  • 48 months experience implementing controls, identity lifecycle management and third-party integrations (e.g. ServiceNow) for automation using MS Entra ID Governance in a Microsoft G5 GCC environment.
  • 48 months experience administering and maintaining Role-Based Access Controls (RBAC) in MS Entra ID, including the creation of custom roles, access reviews, and ensuring alignment with least-privilege principles.
  • 48 months experience with Privileged Identity Management (PIM) by configuing just-in-time access to critical roles, implementing approval workflows, and conducting periodic access reviews.
  • 48 months experience with leveraging Active Directory (AD) and Entra ID user attributes to automate access provisioning and group memberships using dynamic group rules.
  • Bachelors Degree in Computer Science or related field
  • Fulltime
Read More
Arrow Right