CrawlJobs Logo

Security Governance Analyst

fortnumandmason.com Logo

Fortnum & Mason

Location Icon

Location:
United Kingdom , London

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

As a Technology Security Governance Analyst, you will support and manage elements of Fortnum & Mason Information Security Governance Framework.

Job Responsibility:

  • Own and manage the process for third party information security assurance to ensure that ongoing security assessments are undertaken and that contractual agreements reflect information security requirements
  • Support information security awareness throughout the organisation including managing phishing awareness campaigns and delivering and supporting training and awareness to specific user groups
  • Support management and investigation of any information security incidents including ensuring that incident logs are maintained, and any actions / lessons learned are addressed
  • Support Fortnum & Masons PCI compliance program including ensuring evidence of compliance is collated and maintained and undertaking audit checks within stores
  • Manage the process for Information Security Risk Management to ensure that all information security risks are owned and documented and remediated to an agreed and accepted level
  • Support the process for project engagements to ensure that Information Security requirements are defined for each project, Architectural design documents are reviewed to ensure appropriate controls are in place and testing and acceptance processes are in place to ensure that agreed controls have been implemented
  • Serve as a hands-on Security Analyst, proactively identifying opportunities for improvement and delivering security enhancements to our systems
  • Collaborate with partners to ensure the security of the Cisco Meraki network, taking an initiative-taking stance in mitigating risks and initiative-taking patch management
  • Assist with internal and external vulnerability assessments, working with security partners to maintain PCIDSS compliance, overcome security challenges, and drive continuous improvements align to the NIST framework/ISO271002 standards
  • Report and review our secure device imaging using Microsoft Intune & Autopilot, ensuring a standardized, scalable, and resilient setup for retail, hospitality POS, and all corporate end user devices
  • Effective operation of security tooling reporting against our SIEM platform, endpoint protection solutions, and identity access controls, reviewing automated threat detection and forensic incident response to protect critical infrastructure and services
  • Create and manage security policy documentation, assist with security procedures, and training our internal teams and wider retail staff
  • Undertake disaster recovery planning, ensuring business continuity and resilience against potential disruptions
  • Work proactively alongside support, application, and transformation teams, fostering collaborative and communicating security procedures and policies
  • Deliver concise, well-structured documentation, providing clarity for teams and enabling rapid adoption of security best practices
  • Function as a trusted advisor, recognised as the go-to subject matter expert for security, and bridging the gap between end user and the infrastructure and security team
  • Guide and support third-party engagements, ensuring vendors align with enterprise security standards, compliance requirements, and best practices
  • Educate and empower both internal teams and the broader business, fostering a security-first culture and promoting best practices in security and business continuity

Requirements:

  • Experience of security and compliance standards frameworks such as ISO 27001, ISO 22301, GDPR, PCI-DSS, NIST, and ACPO guidelines
  • Understanding of UK legal frameworks including the Data Protection Act and Computer Misuse Act
  • Understanding of Microsoft infrastructure including Windows Server Administrator, Active Directory AAD Administrator, Group Policy, and Microsoft 365 services and Azure Cloud resource management
  • Microsoft SQL Server
  • PowerShell scripting
  • Identity & Access Management (IAM), Expertise in Microsoft Entra ID (formerly Azure AD), role-based access control (RBAC), and multi-factor authentication (MFA)
  • Cloud Security, Experience securing Azure environments, including Microsoft Defender for Cloud, Sentinel, and compliance frameworks like PCIDSS
  • Threat Protection & Incident Response: Ability to identify vulnerabilities, implement threat protection, and respond to security incidents
  • Patch Management & Endpoint Security: Understanding of patching, importance of regular updates, patching, and endpoint protection across Windows and Azure environments
  • Familiarity with backup and disaster recovery tools and practices
  • Phishing awareness tools and ability to create training for end users on security best practices
What we offer:
  • A generous store and restaurant discount of up to 40%
  • 25 days holidays (excluded bank holidays) and an extra day off for your birthday
  • A fantastic subsidised staff restaurant which uses Fortnum’s ingredients
  • A range of opportunities to develop and grow personally and professionally
  • Excellent pension scheme

Additional Information:

Job Posted:
January 07, 2026

Employment Type:
Fulltime
Work Type:
On-site work
Icon
Fortnum & Mason - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Security Governance Analyst

Information Security Technology Analyst - Governance

The Information Security Technology Analyst is an intermediate level position re...
Location
Location
Philippines , City of Taguig, Metro Manila
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years of relevant experience
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor's degree/University degree or equivalent experience
Job Responsibility
Job Responsibility
  • Assist Security Incident Response Teams with incident investigations and aid in technical risk assessments
  • Coordinate with system development and infrastructure units to identify Information Security (IS) risks and the appropriate controls for development, day-to-day operation, and emerging technologies
  • Perform regular assessments based on changes in the threat landscape
  • Monitor vulnerability assessments and ethical hacks, ensuring that issues are addressed for the applications that they support
  • Provide information security support with related activities during systems development (e.g. authentication, encryption)
  • Identify and develop new and improved technical procedures and process control manuals
  • Identify significant IS threats and vulnerabilities
  • Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets
  • Fulltime
Read More
Arrow Right

Security Governance Risk & Compliance (GRC) Analyst

Here at Virtru you’ll help build a cutting edge security compliance program alig...
Location
Location
United States , Washington, DC
Salary
Salary:
130000.00 - 180000.00 USD / Year
virtru.com Logo
Virtru
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC Analyst/Engineer experience
  • Deep understanding of at least few of the following: CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy compliance frameworks
  • Technical acumen. Strong understanding of modern cloud technologies (AWS, GCP, Azure, etc.) and familiarity with GRC tools (Hyperproof, Vanta, Drata, etc) and SIEM tools (Datadog, Splunk)
  • You’re a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization
  • Have experience training and coaching teams to become better security and privacy practitioners
  • Like working on an autonomous agile team
  • Ability to resolve conflicts and drive issues to completion
  • Work independently with little or no supervision while maintaining a high level of efficiency
  • Hands on experience deploying and managing vulnerability scanning/cloud security posture management tools (Wiz, Prismacloud, etc.) to meet security compliance requirements
  • Real-world IR experience participating on security On-Call teams
Job Responsibility
Job Responsibility
  • Manage and implement complex controls frameworks for large systems, consisting of Cloud infrastructure and Software as a Service (SaaS) services (GCP, AWS, GitHub, Okta, etc)
  • Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS services
  • Conduct risk assessments across business units and processes. Identify risk findings and recommend remediation and risk mitigation strategies
  • Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders
  • Incorporate CMMC certification into Virtru’s slate of compliance assessments and ongoing monitoring activities (FedRAMP, SOC 2, PCI)
  • Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners
  • Participate in incident response (IR) activities, providing risk analysis and remediation support as needed
  • Enhance the team with your individualism, spirit, and love of learning
What we offer
What we offer
  • A Flexible PTO policy
  • A $1,500 annual Learning & Development Stipend
  • Frequent company-sponsored team celebrations
  • Access to an Employee Assistance Program
  • Access to Headspace, a mental health app
  • A flat 3% contribution to your retirement account
  • A high degree of flexibility
  • Competitive compensation
  • Generous parental, medical, and bereavement policies
  • 401K contribution and stock options
  • Fulltime
Read More
Arrow Right

Senior Governance, Risk and Compliance Analyst - Governance

Come join the company that is reinventing cloud security and empowering business...
Location
Location
Netherlands
Salary
Salary:
Not provided
wiz.io Logo
Wiz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in one or more of the Governance, Risk, and Compliance domains
  • Passion for security and keeping Wiz safe
  • Ability to collaborate with technical and non-technical teams alike to further oversight responsibilities of Security
  • Deep knowledge of one or more industry frameworks such as ISO 27001, ISO 27017, SOC 2, PCI DSS, NIST CSF, etc. and baseline knowledge of others
  • Ability to assist with security compliance assessments to ensure compliance with internal and external requirements (ISO, NIST, CIS, etc.)
  • Experience working in a fast-paced tech environment both independently, and collaboratively within a team environment
  • Ability to build strong relationships across teams and functions in a global workplace
  • Applicants must have the legal right to work in the country where the position is based, without the need for visa sponsorship
Job Responsibility
Job Responsibility
  • Design and update policies, procedures, and controls to drive confidentiality, integrity, and availability across the Wiz environment
  • Continuously improve processes, tools, and procedures for audit and compliance management
  • Collaborate and work cross-functionally across the company to address governance and compliance needs and to support the Wiz Control Framework, partnering with Engineering, Product, Sales, Legal, HR, and other teams
  • Proactively improvement control design and performance to address a changing risk landscape
  • Deliver timely audits through working with internal and external auditors
  • Help customer-facing teams respond to information security requirements and questionnaires
  • Assist with third party risk management reviews, assessing vendor’s security, compliance, and privacy posture
  • Participate in team project management, including documentation, project planning, task management, and prioritization
  • Participate in recurring annual core audits (e.g., SOC 2, ISO, PCI)
  • Maintain awareness of security and regulatory trends, perform research and analysis on new certifications, and help Wiz pursue new international compliance initiatives
Read More
Arrow Right

Senior Security & Compliance Analyst

Become a Senior Security & Compliance Analyst for Bloomreach! You will be an ess...
Location
Location
Czechia , Bratislava; Brno; Prague
Salary
Salary:
Not provided
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong knowledge of industry compliance requirements and standards
  • Good understanding of SaaS Business
  • Good understanding of Governance, Risk, and Compliance in IT environment
  • Outstanding communication and interpersonal abilities
  • Previous experience as a compliance analyst, compliance officer, compliance manager, or similar position in a related field
  • Advanced analytical abilities
  • Effective research skills
  • Ability to perform under pressure
  • Experience with ISO security standards
  • Experience with SOC auditing
Job Responsibility
Job Responsibility
  • Perform periodic audits on company procedures and processes and report on the organization’s compliance
  • Identify, analyze, and resolve compliance issues
  • Support the sales process by completing RFPs
  • Ensure that all policies and standards are regularly reviewed and up-to-date
  • Keep the company’s process mapping and responsibilities structure chart up to date
  • Develop and update existing compliance policies and related documentation
  • Proactively research to stay up-to-date with regulations and rules
  • Communicate regulations to internal and external parties
  • Assist with management review preparation
  • Communication with clients across various regions (EMEA, US)
What we offer
What we offer
  • A great deal of freedom and trust
  • Flexible working hours
  • Virtual-first work with several Bloomreach Hubs
  • Company events
  • 5 paid days off to volunteer
  • People Development Program
  • Communication coach
  • Leader Development Program
  • $1,500 professional education budget
  • Employee Assistance Program
  • Fulltime
Read More
Arrow Right

Product Security Engineer - Secure SDLC Analyst

HPE Aruba Networking is looking for a person excited to work at the intersection...
Location
Location
United States , San Juan
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS in Information Security, Computer Science, or related technical field
  • A background in software security, either academic or work experience, including reverse engineering, vulnerability classes such as buffer overflows and their prevention, web application security, and/or cloud security
  • Programming knowledge of at least one programming language with the ability to look at source code and figure out what it’s doing
  • Familiarity with the purpose of tools such as IDEs, compilers, source code revision control systems, ASPM, SCA and code scanners
  • Minimum 3 years of experience working directly in software engineering or in an adjacent field with exposure to the software engineering environment
  • Experience conducting risk assessments, threat modeling, and/or compliance assessments
  • Experience supporting the integration of security practices through the software development lifecycle
Job Responsibility
Job Responsibility
  • Assist in the execution of product compliance assessments against various frameworks (e.g. NIST SSDF, NIST SP 800-218, SP 800-53, CIS Benchmarks)
  • Assist in the development and/or maintenance of GRC and SDLC tooling implementations, including scripting and automation
  • Operate as a representative of HPE Aruba in working groups, with government representatives, and with auditors
  • Provide consulting, information, and advice to product teams around implementing and improving the maturity of our SDLC
  • Document known issues and provide information to product teams in a manner which allows for easy interpretation and corrective actions to be performed
  • Monitor worldwide government standards and communicate to management and product teams when changes are made that may impact an existing control or introduce new requirements
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Application Security Analyst

An application security analyst is a trained professional responsible for provid...
Location
Location
United States
Salary
Salary:
100000.00 - 115000.00 USD / Year
anntaylor.com Logo
Ann Taylor
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Education and/or Certifications in Computer Science, Information Systems, other related field, or equivalent work experience
  • 3-5+ years of IT work experience, with at least 2 years of experience working in Application security
  • Working experience with security testing tools (DAST, SAST, SCA)
  • Hands on experience with manual web application penetration testing (VAPT)
  • Proficient in Burp suite and Kali Linux tools
  • Experience on API testing
  • Knowledge of secure coding practices/frameworks such as OWASP, SSDF
  • Strong knowledge of application security principles
  • Knowledge on Threat Modeling and DevSecOps
  • Strong working knowledge of IT Security best practices
Job Responsibility
Job Responsibility
  • Conduct application security assessments to identify and mitigate security risks
  • Perform DAST scans for the internal and external applications
  • Conduct end-to-end Pentest engagement for E-commerce applications
  • Perform False positive analysis for vulnerabilities from scan results
  • Analyze the security risks and create vulnerability report with recommendations
  • Work collaboratively with cross-functional teams to identify and solve complex security problems
  • Work on ad hoc SAST scan requests and vulnerability analysis
  • Participate in incident response activities and provide technical guidance on security-related incidents
  • Develop and maintain technical documentation related to application security
What we offer
What we offer
  • Merchandise discount at select KnitWell Group brands
  • Support for individual development plus opportunities for career mobility
  • A culture of giving back – local volunteer opportunities, annual donation and volunteer match to eligible nonprofit organizations, and philanthropic activities
  • Medical, dental, vision insurance & 401(K)
  • Employee Assistance Program (EAP)
  • Time off – paid time off & holidays
  • Fulltime
Read More
Arrow Right

Data Governance Analyst

We are on the lookout for a dedicated Data Governance Analyst to become a part o...
Location
Location
United States , Malvern
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proficiency in Data Governance
  • Hands-on experience with Informatica
  • Strong understanding of Data Quality principles
  • Familiarity with Data Lineage concepts
  • Experience in Metadata Management
  • Proficiency in Microsoft SQL
Job Responsibility
Job Responsibility
  • Collaborate with domain teams to set up and monitor data quality rules and controls
  • Work closely with both business and technical teams to ensure alignment with established governance policies
  • Take the lead on data governance initiatives for assigned data domains
  • Assist in the selection and implementation of data governance tools to streamline our processes
  • Develop and implement a data governance framework that aligns with our organization's goals and regulatory requirements
  • Establish and maintain stringent policies, standards, and procedures to safeguard data integrity and security
  • Identify and document the necessary data quality requirements, metrics, and thresholds
  • Analyze and address data quality issues, including conducting root cause analysis and planning remediation
  • Draw on your knowledge of BCBS 239 principles to ensure compliance with regulatory standards
  • Develop workflows and dashboards to keep track of governance and data quality metrics
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • 401(k) plan
  • Fulltime
Read More
Arrow Right

Security Analyst

As a Security Analyst, you will be a key player in our IT security team, focusin...
Location
Location
United States , Tallahassee
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Lead the technical execution of security-related projects, focusing on system hardening and network security
  • Engage in effective communication and collaboration with various teams to meet specific security standards
  • Utilize your expertise in firewalls, Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), and encryption to ensure secure configurations
  • Conduct comprehensive vulnerability assessments and devise relevant remediation strategies
  • Manage security tools and provide support for incident response, ensuring the seamless integration of security platforms
  • Ensure strict adherence to Criminal Justice Information Services (CJIS) and State of Florida regulations
  • Work closely with Governance, Risk, and Compliance (GRC) teams to address audit gaps
  • Document and provide training on cybersecurity solutions and processes with a focus on CJIS and State regulations
  • Reengineer security processes for improved efficiency and compliance
  • Stay informed about emerging threats and technologies, providing support for cybersecurity issues
Job Responsibility
Job Responsibility
  • Lead the technical execution of security-related projects, focusing on system hardening and network security
  • Engage in effective communication and collaboration with various teams to meet specific security standards
  • Utilize your expertise in firewalls, Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), and encryption to ensure secure configurations
  • Conduct comprehensive vulnerability assessments and devise relevant remediation strategies
  • Manage security tools and provide support for incident response, ensuring the seamless integration of security platforms
  • Ensure strict adherence to Criminal Justice Information Services (CJIS) and State of Florida regulations
  • Work closely with Governance, Risk, and Compliance (GRC) teams to address audit gaps
  • Document and provide training on cybersecurity solutions and processes with a focus on CJIS and State regulations
  • Reengineer security processes for improved efficiency and compliance
  • Stay informed about emerging threats and technologies, providing support for cybersecurity issues
What we offer
What we offer
  • medical, vision, dental, and life and disability insurance
  • eligible to enroll in our company 401(k) plan
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy