Cyber Security Compliance Analyst
- We are recruiting an experienced Cyber Security Compliance Analyst with prior PCI compliance experience. You will deliver assurance that key Cyber Security Policies and Standards are adhered to via auditing and compliance practices against a defined framework and industry recognised regulations.
- The role involves collation and reporting on third party security assessments, both as part of an annual review process and during procurement. A key element is maintaining PCI compliance; conducting GAP analysis, gathering evidence and engaging with QSA services on an annual basis.
Dyson HQ is home to over 3,500 people who work across a medley of engineering and commercial functions. The award-winning campus has three cafes, a sports centre and a number of engineering icons including our Harrier and Lightning jets – one of which hangs from the ceiling of our café. Based in Malmesbury, the campus is within easy reach of both the Cotswolds and cities like Bath and Bristol along the M4 corridor.
It’s no secret that our intellectual property is massively critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Cyber Security department works tirelessly to keep our secrets secret and our crown jewels locked up, using world class technologies to stay one step ahead of the game. We think like hackers and try and anticipate their every move, researching the latest threats and exploring every angle. The Security Architecture team design the technology solutions that keep us at the top of our game, refining our processes, stressing our systems, and making sure we’re well honed. It’s a tireless job, but the bad guys don’t rest.
- Ensure the continued compliance with PCI DSS, within three streams, website, retail and contact centre.
- Facilitate the PCI DSS annual assessment via an external QSA service.
- Create and maintain an annual compliance plan for PCI DSS including periodic testing and assurance.
- Complete assurance tasks ensuring that the key IT Security Policies and Standards are adhered to.
- Escalate where non-compliance poses a business risk to key business stakeholders.
- Maintain audit evidence repository, ensuring artefacts remain current.
- Perform regular and periodic compliance related tasks such as retail site surveys.
- Maintain oversight of operations functions to ensure activity reflects documented processes and procedures.
- Perform due diligence and IT security assurance over 3rd parties.
- Annual IT Security Policy and Standards update and review.
- Develop and publish any additional IT Security Policies and Standards which are required.
- Experience of working within frameworks and reporting against these.
- Good understanding of key security controls and industry best practice.
- Ability to communicate on both a technical and non-technical level to a variety of audiences.
- A proven ability and experience of policy/standard implementation.
- Experience of conducting compliance reviews, including creation of GAP analysis reports and remediation plans.
- Experience of working with risk management methodologies.
- Have strong experience with securing Windows environments.
Ability to self-manage and prioritise independently. Professional security management certification, such as a Systems Security Certified Practitioner (SSCP), Certified Information Systems Security Professional (CISSP), Certified Information systems Auditor (CISA) desirable.
- 27 days holiday plus eight statutory bank holidays
- Pension scheme
- Performance related bonus
- Life assurance
- Sports centre Free on-site parking
- Lift share scheme
- Subsidised café and restaurants
- Discount on Dyson machines