We’re looking for a GRC Analyst to join our Security and

We’re looking for a GRC Analyst to join our Security and Risk team here at N Brown Group.

The Governance, Risk and Compliance team is responsible for the development and rollout of our security policies and procedures; for building an awareness programme to promote a strong security culture across the organisation; identifying and tracking risks in our supply chain; and for ensuring we maintain compliance with regulations such as the PCI DSS.

The team works closely with 1st and 2nd line risk to develop suitable controls and metrics to ensure the Digital Technology department is operating within risk appetite, and track remediation tasks when it is not. As a GRC analyst you will work across all these areas of the team’s responsibilities and help to identify ways to improve simplicity and efficiency. Although this isn’t a technical role, you will be expected to have sufficient technical expertise to understand technology risks and controls to mitigate them. You'll be an excellent communicator, with the ability to simplify technical terms for the non-technical person and also manage and build relationships.

What will you do as an GRC Analyst at N Brown?

Support the risk management process by identifying and evaluating threats, and work with risk owners to understand the business impact and help develop treatment plans.
Track open risk remediation tasks and facilitate the approval process for risk acceptance requests, ensuring sufficient mitigating controls are in place.
Complete risk-based security due diligence on third-party providers during the initial contracting phase and at regular intervals
Contribute to the development of control testing strategies, to ensure our security controls are operating effectively and achieving their purpose.
Help maintain compliance with applicable regulations such as the PCI DSS, assist in finding ways to streamline the assessment process.
Support the development and delivery of the security awareness training programme by working closely with colleagues across the business to promote a strong information security culture
Design and delivery of regular comms materials over multiple channels.
Management and reporting of regular phishing simulation exercises.
Drive adoption and adherence to InfoSec policy, standards, and guidelines.
Evaluate requests for exceptions to policies and security compliance queries.
Integrate and transform information security policies, standards and procedures.

What skills and experience will you have?

Skilled in writing a range of documentation, relevant for the business, ranging from processes and procedures to reports, standards and frameworks.
Experience of applying policies and controls and in an agile, cloud first organisation.
Sufficient technical knowledge to understand risks associated with technology platforms and the controls to mitigate them.
Able to constructively challenge processes and procedures to drive continuous improvement
Experience of working within PCI DSS, or other compliance frameworks.
Excellent communication skills with the ability to build great relationships across the business and articulate security concepts to non-technical colleagues.
A proficient problem-solver that can work autonomously.
Knowledge of how to assist in the delivery of a security awareness programme across a large business.

N Brown – who we are and why work for us?

At N Brown, we’re committed to building a diverse workforce and creating an inclusive environment that values equality for all. Our vision is that by ‘championing inclusion, we’ll become the most loved and trusted fashion retailer’. Diversity, Equity, Inclusion and Belonging are, therefore, at the heart of our culture.

We’re a forward-thinking digital retailer with a financial services proposition to be proud of. We’re customer-obsessed, serving them through three core brands: JD Williams, Simply Be, and Jacamo. We’re experienced, with over 160 years of trading under our belt. We’re inclusive, as we believe in fashion without boundaries; and we’re sustainable, striving to make as little impact on the planet as possible.

What’s in it for you?

Hybrid working
24 days holiday (+ 8 bank holidays) with the option to buy an additional 10 days
Annual bonus scheme
Enhanced maternity and adoption leave
Access to Apricity, a self-funding IVF benefit at a reduced rate
Company pension with up to 8% N Brown contribution
Mental Health support both internally and externally, including access to our wellbeing champions and counselling services
A range of financial wellbeing support
Colleague discount across all N Brown brands
Onsite café with subsidised rates and local restaurant discounts!
Life Assurance and Private Medical Insurance
Paid volunteer time – all our colleagues can take a full day paid to volunteer for a charity of their choice

Ways of Working

We offer hybrid working which varies across the business depending on the role you’re in. For this role, the expectation would be 1 day per week. Our Head Office is located in the Northern Quarter in Manchester City Centre. So if you are travelling by train, tram or bus we’re perfectly located, plus we’re surrounded by cool cafes, trendy bars and the best places to eat!

Our working hours are 36.17 per week and our core working hours are between 10am - 4pm. Given we don’t have strict working hours you can find the working pattern that’s right for you.

Our promise to you:

We’re an equal opportunity employer and value diversity. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.

What happens when you apply to a role at N Brown?

As soon as we receive your application, we’ll send you an email to let you know. We always aim to come back to you as soon as possible with an update and we really appreciate you taking the time to apply for a role with us. Good luck!