Position Title
Security Governance, Risk and Compliance Analyst
Reports to
Head of Security Governance
About Wella Company
Together, we enable individuals to look, feel, and be their true selves. Wella Company is one of the world’s leading beauty companies, comprising a family of iconic brands such as Wella Professionals, Clairol, OPI, Nioxin and ghd. With 6,000 employees globally, presence in over 100 countries, Wella Company and its brands empower consumers, inspire beauty professionals, engage communities, and deliver sustainable growth to stakeholders.
The Role
The Cyber Governance, Risk and Compliance Analyst is responsible for ensuring that Wella can demonstrate compliance with industry standards and regulatory obligations in the use of technology to meet business objectives, including performing, tracking, and reporting on the effectiveness of controls, compliance activities, and risk assessments.
Key Responsibilities
- Execute Cyber governance, risk, and compliance activities to ensure that Wella can demonstrate that its control environment is aligned with audit, risk, industry, and regulatory requirements.
- Work with key stakeholders to drive consistent and continuous compliance with Cyber controls framework and coordinate internal and third‑party assessments.
- Provide subject‑matter expertise on industry‑recognised control frameworks, such as COBIT, NIST, ISO, and similar standards.
- Manage the development and implementation of Cyber governance, risk, and compliance policies and procedures.
- Provide expert‑level guidance on implementation, monitoring, and evidence collection to demonstrate alignment with industry‑recognised control frameworks.
- Plan, schedule, track, monitor, and manage issues related to audit, compliance, and risk assessments.
- Provide guidance on company policies that affect the Cyber and IT control environment.
- Perform periodic reviews and evaluations of Wella Cyber governance, risk, and compliance program to validate that the program adequately aligns with Cyber, audit, risk, industry, and regulatory reporting and evidence requirements.
- Provide subject‑matter expertise and guidance to the lines of business on interpretation of Cyber requirements to ensure successful completion of internal and external assessments.
- Ensure strategic objectives of the Compliance & Ethics Program are met in the context of Security governance, risk, and compliance, including execution of program assessment activities, coordination of response and tracking of action items for remediation.
- Identify areas of potential improvement.
- Create reporting for Cyber governance, risk and compliance activities to the wider Cyber team and key stakeholders.
- Perform third‑party due diligence Cyber reviews, assist with responses to audit and customer questionnaires.
- Prepare Wella staff for planned Cyber governance, risk, and compliance assessment activities.
Essential Skills, Experience & Qualifications
Education
- Bachelor’s degree or an equivalent combination of education and experience.
Experience
- Experience implementing, documenting, tracking, and maintaining technology compliance frameworks.
- Experience performing compliance assessments, information security, risk management, and/or technology risk management.
- Industry certifications are highly preferred.
What We Offer
- 25 days holiday plus an additional day off for your birthday (not including bank holidays).
- 3 days’ personal leave for your own significant life events.
- 2 paid days off for volunteering or charity work.
- Optional Wella Pension Scheme (8% employer contribution, 3% employee contribution).
- Optional Family Private Medical Insurance Cover.
- Income Protection.
- Life Insurance (8x base salary up to 2 million payable in the event of your death in service of Wella).
- Staff Discount (80% of all hair products, 40% OPI, 1 x 50% ghd).
- EAP (Employee Assistance Program).
- Enhanced maternity, paternity, and adoption leave.
- Eye Tests.
- WOW Program (Bonus following exit from KKR, eligible after successful probation, for permanent employees only).
- Workplace/Nursery Benefits.
- 4 weeks working remotely abroad.
- Early Friday Finish during Summer.
EEO Opportunities
The Wella Company wants to meet the aims and commitments set out in its equality policy. This includes not discriminating under the Equality Act 2010 and building an accurate picture of the makeup of the workforce in encouraging equality and diversity. We offer equal employment opportunity to qualified individuals without regard to race, religion or belief, colour, national origin, age, gender, disability, sexual orientation, gender identity, gender expression, marital or civil partnership, pregnancy and maternity, veteran status, or any other characteristic protected by law. Wella Company complies with federal and state disability laws and makes reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact us at https://www.wellacompany.com/consumer-affairs.
