Information Security Consultant
Senior Information Security Consultant – GRC (Manchester Airport or MediaCity)
THG is one of the fastest growing online retailers on the planet. We have over a decade of building and growing brands in the Beauty and Wellness sectors, across over 140 markets. We specialise in creating brilliant digital brand experiences and we aim to be the World's leading Online Health & Beauty Destination. We are currently the UK's leading multi-website online retailer with rapidly growing global operations and we currently have over 16 million customers worldwide.
We are building a world-class business with global ambitions, a proprietary technology platform, and disruptive business model. Our culture is fast-paced and ambitious - we like to move twice as fast as you might think is possible. That's how the company operates, and it is part of the DNA that has led to our incredible growth. We have over 4,000 diverse, smart thinkers - our people are unquestionably our strength. Wherever in the world they are, whatever their role, we encourage our people to share the smart thinking, and give them the support to see their ideas made real. We have built an environment that empowers our people to achieve their full potential, creating innovative digital experiences that deliver results.
We are looking for a Senior Information Security Consultant to join the Governance Risk and Compliance team. The ideal candidate should have at least 2 years of formal information security experience and will be able to make an immediate impact in operating and improving Information Security Governance, Risk and Compliance processes.
The successful candidate will be required to:
- Provide advice and guidance on information security risks to internal stakeholders
- Perform risk assessments and internal audits
- Perform third-party information security risk assessments
- Support the implementation and operation of an Information Security Management System in line with the requirements of ISO27001
- Participate in external information security audits
- Provide support, mentoring and technical guidance to junior team members
Technical Skills and Experience
We are looking for experience of at least two of the following areas:
- ISO27001 – Lead Auditor or Implementer qualified, with experience of audit or implementation in addition to the training course.
- Information security risk assessments
- Auditing information security controls
- GDPR – substantial experience of implementing GDPR, not just awareness
- Third-party information security assessments
- Delivering information security awareness training
One or more of the following certifications would be preferred, but are not essential:
- ISO27001 Lead Auditor or Lead Implementer
- Managing information security projects
- Delivering work independently
- Mentoring junior team members
- Managing expectations and reporting to senior stakeholders
- Writing clear and accurate reports
- Communicating complex subjects clearly