Security Compliance Analyst

As a part of our Security & Resilience team you will be at the heart of a discipline that features high on all of our customers priority lists.

The purpose of this role is to manage our continuing compliance with our internal and customer driven information security obligations across our UK & European estate, support the increasing number of customer and internal security audits and support the sales teams on security related matters through:

Analysis of quantitative and qualitative information data sets, preparing and, where appropriate, presenting, materials for internal governance monitoring and customer meetings.

Monitoring of information security KPI and management of continuous review and improvement programs, presenting the current status to relevant stakeholders and senior management and ensuring follow up actions are documented and completed in a timely manner with continuous improvement at the forefront.

Management of internal and external audit programs to maintain certification and robust security governance, ensuring that all audits are carried out in a timely manner making the necessary arrangements with external auditors and internal stakeholders to deliver an effective audit program.

Management of the internal security policy and standards review process, ensuring these are aligned and support compliance with ISO 27001, PCI-DSS, SOC2 and any other certifications required by the business or our customers.

Completion of presales security questionnaires and supporting associated enquiries, maintaining an FAQ audit database to facilitate the response to repeat audit and pre-sales questions through targeted research and the accumulation of knowledge and understanding of DCS policies and customer requirements.

As well as working with other security and resilience team members you will not only work closely with internal teams such as the technology team, site managers, sales teams and auditors but also our customers, potential customers and their auditors and site selection teams portraying our professional approach to security governance; instilling and maintaining their confidence in the service we deliver.

Internally Peers, DCS Technology team, DCS Operations, DCS HR team, DCS Procurement team, DCS Sales & Marketing, DCS Global Accounts & Solutions, DCS Legal and DCS SLT team

External Customers, External Auditors, Main Contractors, Suppliers etc.

Skills & Experience:

A solid understanding of physical and information security requirements in the data centre environment

A sound knowledge of ISO 27001, PCI DSS and ISAE/SSAE SOC 2 certification & audit processes.

Internal and external audit experience, preferably in a security or data centre discipline

A high level of IT user competence (Microsoft Word, Excel, PowerPoint) able to prepare and deliver high quality presentation material for internal and external client facing use. PowerBI knowledge an advantage

Excellent communication and interpersonal skills, and comfortable presenting both small and large groups at senior/executive manager level as well as to customers and their auditors

Knowledge of the NIST Cyber Security Framework an advantage

A Lead Auditor qualification for either ISO 9001 or ISO 27001

A formal security qualification is desirable but not essential.Where such qualifications are not possessed you must be willing to achieve them

GCSE/A Level qualifications in appropriate subject areas as a minimum. Degree level qualification an advantage

ADZN1_UKTJ