About Us

Having started in 2006 with just three team members, we've evolved into a multi-brand, ecommerce giant with offices worldwide and a passionate team of over 4,000. In the past year alone, we've achieved remarkable milestones including automating our Sheffield distribution centre, launching our US warehouse, and initiating our tech re-platforming.

In Tech, we’re proud to support every function. We’re a digital-first company that is totally cloud native. We embrace change and future-proof the business, delivering critical customer facing and internal stakeholder facing systems. Everything from colleague tech to frontend websites and apps, buying and merchandising tooling, and all that’s in-between, we take care of it. Our ideas support and drive the Group’s agenda.

The Role

As a Senior GRC Analyst within Information Security, your key responsibility is to oversee the governance, risk management, and compliance framework, ensuring Boohoo adheres to security policies and regulations. Additionally, you will maintain and improve the information security management system (ISMS). Your performance will be measured by your effectiveness in creating process and policies to mitigate risks, enhancing compliance, and promoting a culture of security awareness. Your role is crucial in protecting Boohoo's data integrity and compliance, directly contributing to the company's resilience and success.

Your Team

At Boohoo, our team is committed to safeguarding the integrity, confidentiality, and availability of our systems and data. We take pride in implementing robust security measures to protect against cyber threats, ensuring secure customer transactions and maintaining trust in our brand. With a diverse and pragmatic approach to problem-solving, we align with the Boohoo family values to achieve success.

Over the last 12 months, our team has made significant progress in our information security programme, creating, and implementing Boohoo’s information security strategy and information security risk register. As we move forward, our team has a clear roadmap for the future, and we are excited to continue making a difference. We welcome anyone who shares our passion for information security and values to join us on this inspiring journey.

Responsibilities

  • Conduct risk assessments to identify vulnerabilities and recommend mitigation strategies.
  • Ensure compliance with legal, regulatory, and contractual obligations related to information security.
  • Coordinate with various departments to integrate GRC practices into the organisational culture.
  • Monitor and report on compliance with security policies and the effectiveness of the risk management programme.
  • Lead internal audits and manage external audits related to information security compliance.
  • Provide guidance and training to staff on compliance, risk management, and information security best practices.
  • Manage the development and maintenance of policy documentation, including information security policies, procedures, and standards.
  • Stay informed of the latest Information security threats, regulatory changes, and best practices in risk management.
  • Facilitate communication and reporting on GRC matters to senior management and relevant stakeholders.
  • Lead the information security awareness programme

Requirements

  • Demonstrate at least 3 years of experience in Governance, Risk, and Compliance (GRC) in an information security context.
  • CISA, CISM, CRISC, ISO27001 (CIS IA).
  • Strong leadership and team management capabilities, including the ability to drive collaboration and motivate cross-functional teams as well as the ability to lead and mentor more junior members of the team.
  • Working knowledge of security management frameworks like ISO27001, PCI DSS, NIST.
  • Demonstrable experience in driving and cultivating an information security awareness programme using relevant tools to create phishing simulations and training plans for new and existing staff.

Benefits

We offer them some amazing benefits:

  • 25 days holiday
  • Free on-site gym with daily classes (due to current restrictions, live PT sessions)
  • Discretionary Bonus Scheme
  • Company shares schemes - including a ' Save As You Earn' scheme
  • Up to 40% staff discount (including PLT, Boohoo, Boohoo MAN, Nasty Gal, Coast, Warehouse, Misspap)
  • Social events (including pay day drinks, Employee Appreciation Day etc.)
  • Salary sacrifice pension scheme with employer contribution
  • Flexible working hours
  • Cycle to work scheme
  • Childcare support through the Government
  • Health cash plan
  • Personal development opportunities to learn and grow at work

#LI-GS1 #LI-ONSITE