Governance, Risk and Compliance (GRC) Analyst

We’re looking for a Governance, Risk and Compliance (GRC) Analyst to join our Cyber Security and Risk team here at N Brown Group. The Governance, Risk and Compliance team is responsible for the development and rollout of our security policies and procedures; for building an awareness programme to promote a strong security culture across the organisation; identifying and tracking risks in our supply chain; and for ensuring we maintain compliance with regulations such as the PCI DSS. The team works closely with 1st and 2nd line risk to develop suitable controls and metrics to ensure the Digital Operations department is operating within risk appetite, and track remediation tasks when it is not.

As a Governance, Risk and Compliance Analyst you will work across all these areas of the team’s responsibilities and help to identify ways to improve simplicity and efficiency. Although this isn’t a technical role, you will be expected to have sufficient technical expertise to understand technology risks and controls to mitigate them. You’ll be an excellent communicator, with the ability to simplify technical terms for the non-technical person and also manage and build relationships.

What will you do as a GRC Analyst at N Brown?

• Support the risk management process by identifying and evaluating threats, and work with risk owners to understand the business impact and help develop treatment plans;
• Track open risk remediation tasks and facilitate the approval process for risk acceptance requests, ensuring sufficient mitigating controls are in place;
• Complete risk-based security due diligence on third-party providers during the initial contracting phase and at regular intervals;
• Contribute to the development of control testing strategies, to ensure our security controls are operating effectively and achieving their purpose;
• Help maintain compliance with applicable regulations such as the PCI DSS, assist in finding ways to streamline the assessment process;
• Support the development and delivery of the security awareness training programme by working closely with colleagues across the business to promote a strong information security culture;
• Design and delivery of regular communication materials over multiple channels;
• Management and reporting of regular phishing simulation exercises;
• Management and oversight of Penetration tests;
• Drive adoption and adherence to Information Security policy, standards, and guidelines;
• Evaluate requests for exceptions to policies and security compliance queries;
• Integrate and transform information security policies, standards and procedures.

What skills and experience will you have?

• Skilled in writing a range of documentation, relevant for the business, ranging from processes and procedures to reports, standards and frameworks;
• Experience of applying policies and controls in an agile, cloud first organisation;
• Sufficient technical knowledge to understand risks associated with technology platforms and the controls to mitigate them;
• Able to constructively challenge processes and procedures to drive continuous improvement;
• Experience of working within PCI DSS, or other compliance frameworks;
• Excellent communication skills with the ability to build great relationships across the business and articulate security concepts to non-technical colleagues;
• A proficient problem-solver that can work autonomously;
• Knowledge of how to assist in the delivery of a security awareness programme across a large business.

What’s in it for you?

• Hybrid working
• 24 days holiday (+ 8 bank holidays)
• Annual bonus scheme
• Enhanced maternity and adoption leave
• Company pension with up to 8% N Brown contribution
• Mental Health support both internally and externally, including access to our wellbeing champions and counselling services
• A range of financial wellbeing support
• Colleague discount across all N Brown brands
• Onsite café with subsidised rates and local restaurant discounts!
• Life Assurance and Private Medical Insurance
• Paid volunteer time – all our colleagues can take a full day paid to volunteer for a charity of their choice

N Brown – who we are and why work for us?

At N Brown, we’re committed to building a diverse workforce and creating an inclusive environment that values equality for all. Our vision is that by ‘championing inclusion, we’ll become the most loved and trusted fashion retailer’. Diversity, Equity, Inclusion and Belonging are, therefore, at the heart of our culture. We’re a forward-thinking digital retailer with a financial services proposition to be proud of. We’re customer-obsessed, serving them through three core brands: JD Williams, Simply Be, and Jacamo. We’re experienced, with over 160 years of trading under our belt. We’re inclusive, as we believe in fashion without boundaries; and we’re sustainable, striving to make as little impact on the planet as possible.

In May 2024 we were delighted to be named one of The Sunday Times Best Places to Work 2024. We work hard to create a happy and inclusive culture for everyone and we’re so proud to have made this list - as voted for by our very own colleagues!

Ways of Working

We offer hybrid working which varies across the business depending on the role you’re in. Our Head Office is located in the Northern Quarter in Manchester City Centre. So if you are travelling by train, tram or bus we’re perfectly located, plus we’re surrounded by cool cafes, trendy bars and the best places to eat! Our working hours are 36.17 per week and our core working hours are between 10am - 4pm. Given we don’t have strict working hours you can find the working pattern that’s right for you.

Our promise to you:

We’re an equal opportunity employer and value diversity. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.

What happens when you apply to a role at N Brown?

As soon as we receive your application, we’ll send you an email to let you know. We always aim to come back to you as soon as possible with an update and we really appreciate you taking the time to apply for a role with us. Good luck!