Senior Information Security Compliance Analyst in Manchester

We are looking for a Senior Information Security Compliance Analyst to lead and maintain Sodexo's Information Security Management System (ISMS) and ensure ongoing ISO27001 certification. This role will oversee the delivery of Information Security compliance activities across the UK & Ireland, supporting our PCI DSS programme and maintaining Cyber Essentials Plus compliance. The successful candidate will also manage third party security assurance across our supplier landscape and work closely with Legal teams to ensure appropriate Information Security requirements are embedded within contracts.

Main Responsibilities:

• Build an annual consolidated Information Security Compliance Programme that provides the business, IT visibility of internal and external Audit & Assurance activity to allow appropriate demand & resource planning.
• Deliver effective Security Compliance reporting to inform Risk & Issue reporting to the CISO, IT & Business Senior Leadership.
• Ensure Audit & Assurance actions are managed, tracked, and reported through to mitigation.
• Ensure the ISMS is managed and maintained in alignment with the Statement of Applicability and ISO27001/2 framework.
• Define requirements for the ISMS, document and implement security policies to develop and maintain the ISMS.
• Manage and maintain the ISMS document set.
• Run regular audits of the activities on locations covered by the ISMS scope.
• Develop a plan to scale up ISO27001 practices to a wider scope to improve overall security maturity.
• Explore opportunities for consolidation of ISMS where practical and appropriate.
• Build and maintain a PCI-DSS compliance programme that provides direction and assurance of operational controls to meet Sodexo's compliance requirements.
• Support PCI-DSS compliance efforts in performing and/or coordinating information security audits across payment channels/business segments.
• Coordinate and support the PCI-DSS Audit Activity to ensure delivery of the ROC and the AOC.
• Build and maintain a CE+ compliance framework that provides prioritised and targeted assurance activities.
• Support CE+ compliance efforts in performing and/or coordinating targeted CE+ compliance monitoring across applicable segments and related Sodexo infrastructure.
• Work with internal and external stakeholders to deliver CE+ certifications and recertifications.

The Ideal Candidate:

• Expert knowledge and practical experience of ISO27001 certification requirements and ISMS documentation.
• Expert knowledge and practical experience of PCI DSS certification requirements.
• Expert knowledge and practical experience of Cyber Essentials + certification requirements.
• Experience of leading and performing internal or external IT audits.
• Experience of dealing with third party supplier audits.
• Experience of negotiating with stakeholders in designing relevant action plans.
• Experience of comprehensive IT internal audit program design and development.
• General knowledge of IT environments and technologies.
• General Knowledge of Security Architecture or Enterprise Architecture.
• Desirable Certifications: CISA, CRISC, QSA, ISO27001 LI, ISO27001 LA.
• Ability to communicate effectively to a wide range of people from various horizons, both written and verbally.
• Analytical and problem-solving capabilities.
• Proactive and able to overcome obstacles.
• Rigorous and organised.
• Ability to gain Government Security Clearance.

Competitive salary depending on experience. Working with Sodexo is more than a job; it’s a chance to be part of something greater. You’ll belong in a company and team that values you for you; you’ll act with purpose and have an impact through your everyday actions; and you’ll be able to thrive in your own way.

In addition, we offer 20+ Sodexo benefits such as Sodexo retirement plan, discounts to over 1,900 brands to shop online, Gym discount to maintain a healthy lifestyle, a confidential 24/7 employee assistance programme providing independent support to overcome whenever life has its obstacles including emotional support, legal and financial advice.

Ready to be part of something greater? Apply today!