Information Security Analyst (Hosting Environment)
Senior Information Security Analyst – Hosting (ISP)
THG is one of the fastest growing online retailers on the planet. We have over a decade of building and growing brands in the Beauty and Wellness sectors, across over 140 markets. We specialise in creating brilliant digital brand experiences and we aim to be the World's leading Online Health & Beauty Destination. We are currently the UK's leading multi-website online retailer with rapidly growing global operations and we currently have over 16 million customers worldwide.
We are building a world-class business with global ambitions, a proprietary technology platform, and disruptive business model. Our culture is fast-paced and ambitious - we like to move twice as fast as you might think is possible. That's how the company operates, and it is part of the DNA that has led to our incredible growth. We have over 4,000 diverse, smart thinkers - our people are unquestionably our strength. Wherever in the world they are, whatever their role, we encourage our people to share the smart thinking, and give them the support to see their ideas made real. We have built an environment that empowers our people to achieve their full potential, creating innovative digital experiences that deliver results.
We are looking for a Senior Information Security Analyst to join the Governance Risk and Compliance team, with a focus on hosting. The ideal candidate should have at least 3 years of formal information security experience and will have experience of Information Security in the hosting sector.
The successful candidate will be required to:
- Be a Subject Matter Expert for all Information Security Compliance matters in Hosting.
- Co-ordinate THG responses to Regulation of Investigatory Powers Act (RIPA) requests.
- Lead THG’s compliance activities for Network and Information Services (NIS) directive.
- Lead on any other specific hosting information security compliance requirements.
- Support THG in achieving and maintaining ISO27001 certification.
- Lead THG’s GDPR & DPA 2018 compliance activities for hosting.
Technical Skills and Experience
Must have knowledge and experience of:
- Regulation of Investigatory Powers Act (RIPA) and experience in responding to requests from Law Enforcement.
- Network and Information Services (NIS) directive.
- ISO27001 and experience of auditing, implementing or operating an ISMS.
- GDPR & DPA 2018 requirements and their application in a hosting business.
- Information security management
- Supporting and providing evidence for internal and external information security audits
- Managing information security projects
- Delivering work independently
- Mentoring junior team members
- Managing expectations and reporting to senior stakeholders
- Writing clear and accurate reports
- Communicating complex subjects clearly
One or more of the following certifications would be preferred, but are not essential:
- ISO27001 Lead Auditor or Lead Implementer