Security Governance, Risk and Compliance Analyst

The Cyber Governance, Risk and Compliance Analyst is responsible for ensuring that Wella can demonstrate compliance with industry standards and regulatory obligations in the use of technology to meet business objectives, including performing, tracking, and reporting on the effectiveness of controls, compliance activities, and risk assessments.

KEY RESPONSIBILITIES

• Execute Cyber governance, risk, and compliance activities to ensure that Wella can demonstrate that its control environment is aligned with audit, risk, industry, and regulatory requirements.
• Work with key stakeholders to drive consistent and continuous compliance with Cyber controls framework and coordinate internal and 3rd party assessments.
• Provide subject matter expertise on industry-recognized control frameworks, such as COBIT, NIST, ISO, and similar standards.
• Manage the development and implementation of Cyber governance, risk, and compliance policies and procedures.
• Provide expert-level guidance on implementation, monitoring, and evidence collection to demonstrate alignment with industry-recognized control frameworks.
• Plan, schedule, track, monitor, and manage issues related to audit, compliance, and risk assessments.
• Provide guidance on company policies that affect the Cyber and IT control environment.
• Perform periodic reviews and evaluations of Wella Cyber governance, risk, and compliance program to validate that the program adequately aligns with Cyber, audit, risk, industry, and regulatory reporting and evidence requirements.
• Provide subject matter expertise and guidance to the lines of business on interpretation of Cyber requirements to ensure successful completion of internal and external assessments.
• Ensure strategic objectives of the Compliance & Ethics Program are met in the context of Security governance, risk, and compliance, including execution of program assessment activities, coordination of response and tracking of action items for remediation.
• Identify areas of potential improvement.
• Create reporting for Cyber governance, risk and compliance activities to the wider Cyber team and key stakeholders.
• Perform third party due diligence Cyber reviews, assist with responses to audit and customer questionnaires.
• Prepare Wella staff for planned Cyber governance, risk, and compliance assessment activities.

ESSENTIAL SKILLS, EXPERIENCE & QUALIFICATIONS

• Bachelor's degree or an equivalent combination of education and experience.
• Experience implementing, documenting, tracking, and maintaining technology compliance frameworks.
• Experience performing compliance assessments, information security, risk management, and/or technology risk management.
• Industry certifications are highly preferred.

WHAT WE OFFER

• 25 days holiday + additional day off for your birthday (not including bank holidays).
• 3 days' personal leave for your own significant life events.
• 2 paid days off for volunteering/charity work.
• Optional Wella Pension Scheme (8% employer contribution, 3% employee contribution).
• Optional Family Private Medical Insurance Cover.
• Income Protection Life Insurance (8x base salary up to 2 million payable in the event of your death in service of Wella).
• Staff Discount (80% of all hair products, 40% OPI, 1 x 50% ghd).
• EAP (Employee Assistance Program).
• Enhanced maternity, paternity, and adoption leave.
• Gym Benefits.
• Eye Tests.
• WOW Program (Bonus following exit from KKR, eligible after successful probation. For permanent employees only).
• Workplace/Nursery Benefits.
• 4 weeks working remotely abroad.
• Early Friday Finish during Summer.

EEO OPPORTUNITIES

The Wella Company wants to meet the aims and commitments set out in its equality policy. This includes not discriminating under the Equality Act 2010 and building an accurate picture of the make-up of the workforce in encouraging equality and diversity. We offer equal employment opportunity to qualified individuals without regard to race, religion or belief, color, national origin, age, gender, disability, sexual orientation, gender identity, gender expression, marital or civil partnership, pregnancy and maternity, veteran status, or any other characteristic protected by law. Wella Company complies with federal and state disability laws and makes reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact us at: https://www.wellacompany.com/consumer-affairs. We strongly believe that cultivating a diverse workplace gives a company strength. The combination of unique skills, abilities, experiences and backgrounds creates an environment that produces extraordinary results.