Security Assurance Analyst

Location: Reading or Dublin – hybrid (2 days a week)

Travel: Occasional travel between sites

Salary & Package: Competitive

A global retail organisation is seeking a Security Assurance Analyst to join its Cyber Security function. This is a permanent role within a growing security team, supporting a major technology transformation and helping to strengthen enterprise‐wide security posture.

This position will play a key role in delivering security assurance across projects, programmes and third‐party suppliers, ensuring that security controls, documentation and governance processes are consistently applied.

What You’ll Do

  • Support the assurance team in conducting project security reviews across major technology initiatives
  • Maintain key assurance repositories including supplier registers and project assurance lists
  • Coordinate penetration testing logistics and ensure required documentation is completed to the right standard
  • Validate that security controls are implemented and compliant prior to go‐live
  • Support third‐party assurance reviews for new and existing suppliers
  • Populate and maintain the Third‐Party Risk Management tool, ensuring data accuracy and completeness
  • Collate and track third‐party documentation (SOC, PCI, ISO 27001 etc.) and flag outdated reports
  • Work with the Risk Management team to ensure third‐party risks are accurately reflected in the GRC platform
  • Contribute to continuous improvement of security assurance processes and governance

What You’ll Bring

  • Knowledge of GRC platforms and TPRM modules
  • Understanding of Waterfall and Agile delivery methodologies and security‐by‐design principles
  • Familiarity with penetration testing approaches and remediation guidance
  • Strong analytical skills and high attention to detail
  • Knowledge of security frameworks such as ISO 27001 and NIST
  • Understanding of GDPR, PCI and how regulations influence project requirements
  • Ability to assess third‐party risk based on service scope, posture and supporting evidence
  • Awareness of key certifications (ISO 27k, Cyber Essentials) and their relevance
  • Strong organisational skills with the ability to analyse and present data clearly
  • Minimum 3 years’ experience in an information security role with a focus on assurance
  • Relevant degree or equivalent professional qualification

Desirable Experience

  • Experience supporting security accreditation programmes (ISO 27001, PCI, Cyber Essentials)
  • Exposure to data analytics tools such as Power BI
  • Experience working with GRC tools such as OneTrust
  • Ability to communicate clearly with stakeholders across technology and business teams
  • Proactive mindset with the ability to work independently and manage multiple priorities
Apply Now
Apply Now

Job Details

Company
Caraffi
Location
Reading, England, United Kingdom
Hybrid / Remote Options
Posted