Dublin, IE
Text size
aA+ aA-
Click here to print

Security Portfolio Analyst

Country : Ireland Ireland

Region : Dublin

Town : Dublin

Category : Logistics

Contract type : Permanent

Availability : Full time

Job description

Security Portfolio Analyst

Business Context:

- Really exciting time for Primark:

- Ambitious growth and transformation agenda

o Expansion into new markets and store growth in existing markets

o Deliver more memorable in-store experiences every day

o Further deliver on our Primark Cares sustainability strategy

o Create operational excellence to support and empower our customer-facing teams

- Cyber Security & Technology will be at the heart of this growth and transformation agenda

- We want to use the latest technologies to do things smarter, better and faster

- ...to continue to offer Amazing Fashion at Amazing Prices

Job Purpose:

- The Security Portfolio Analyst will work within the Cybersecurity function with a focus towards strengthening security controls within systems/applications deployed by the organization

- The Security Portfolio Analyst will liaise with business and project stakeholders to elicit, analyse, communicate and validate Security requirements due to changes to business processes and information systems. This position requires an ability to understand and translate information security standards into usable business requirements and thereby embed a culture of Security by Design into the organization

Key Responsibilities:

- Work across all Technology projects to ensure security and privacy requirements are fully documented and understood. Ensure all new projects build in the appropriate security controls and measures to comply with the Technology GDPR / Security Stage Gates and standards

- Ensure that all projects follow the PMO gate governance process and complete GDPR / Security impact assessments before going live

- Work with project teams on an ongoing basis supporting them to build in security requirements from the start

- Be a proficient system analyst to analyse security gaps in projects / applications and work with the project team to bring them to closure

- Collaborate with business streams, Cyber Team members and Operations personnel to advance our Cyber programme

- Perform Security assessments / gap analyses, assessing controls across the lifecycle of a programme / project across both on-prem, cloud and hybrid estates

- Work with project teams and vendors to schedule penetration tests and security code reviews and then manage, coordinate and assess results

- Record, present and track all agreed security gate metrics, highlighting risks, exceptions and actions as required

- Develop creative ways of embedding Security requirements into key operational processes, in a way that allows business stakeholders to clearly understand their compliance duties

- Support & deliver assigned initiatives in line with the Cyber roadmap

- Work with information gathered from multiple sources, be able to evaluate true security / data privacy impact, ensuring that proposed solution/s are reconciled with all security standards and controls.

- Ensure that the Security and Data Privacy Non-Functional requirements are kept up to date in accordance with Primark's Policies and Standards

- Contribute to threat modelling exercises and developing security requirements based on identified threats to Primark

Knowledge & Experience Required:

- 3+ years focused on Information Security and a proven track record working with a security / privacy focus ensuring projects and programmes apply relevant security controls ensuring compliance with Information Security policy

- Cyber Security experience within a Retail or regulated environment

- Cloud Security experience desirable

- Working knowledge of Security principles, techniques and technologies.

- Working knowledge of Penetration testing, Security principles, techniques and technologies

- Security experience within a retail or regulated environment

- An appropriate degree, equivalent qualification, or experience

- A recognised security/privacy certification is desirable e.g., CISM, CISA, CCSK, CCSP, CISSP, CIPPE, CIPM, or CRISC

Successful candidates will:

- Communicate brilliantly and effortlessly, building relationships and able to engage stakeholders, teams and suppliers with high impact, influence and empathy.

- Be a passionate professional able to inspire others to challenge and disrupt the current reality to co-create a compelling technology/cyber security orientated future business by embracing new ways of working and successfully executing new opportunities

- Possess excellent communication and influencing skills with the ability to operate within a pressurised and fast paced environment, delivering results and achieving objectives in line with the agreed parameters.
Click here to print