Have you considered using our job search? Click here to search our current jobs.

Have you considered using our job search? Click here to search our current jobs.

Information Security Risk & Assurance Analyst


Security and Risk
Malmesbury - United Kingdom


Dyson is looking for the right person to join the Information Risk Management centre of excellence team. This is a unique and exciting opportunity to work for this iconic organisation as an Information Risk & Assurance Analyst. 
The successful candidate will contribute to driving a risk management culture across the organisation and facilitate risk assessment, evaluation and treatment to ensure threats and vulnerabilities are identified, understood and managed within our defined risk appetite in order to support the delivery of Dyson’s strategy and ensure appropriate protection of our valuable assets. 


As an Information Risk & Assurance Analyst your primary responsibilities will include:
  • Supporting the business in assessing, evaluating, treating and reviewing information risk as part of project, change and business-as-usual activity
  • Supporting the ongoing implementation of the Information Risk Framework, building relationships and extensively liaising with risk owners, control owners and other stakeholders to enable the continued development of enterprise risk management
  • Promoting and encouraging a risk culture that underpins Dyson’s values and drives risk awareness and accountability throughout the organisation
  • Engaging with risk owners to ensure risks are managed within appetite, engaging subject matter experts as and when required to ensure treatment is fit-for-purpose and proportionate, and to facilitate informed decision making
  • Undertaking supplier information security assessments during the tender and on-boarding processes and throughout the lifecycle of contracts to ensure information assurance throughout the supply chain
  • Facilitating treatment of supplier information security risk and ensuring risk is managed within Dyson’s appetite
  • Providing advice and guidance with regards to supplier selection based on assessment results
  • Ensuring the effectiveness of the supplier assurance process, from on-boarding to contract-end
  • Managing escalation of information risk issues
  • Reporting on risk profile, incidents and key risks indicators
  • Supporting the production of other relevant management information 
  • Reporting on the performance of the control environment and associated control objectives through the application of KPIs
  • Identifying areas of non-conformity and corrective action
  • Identifying continual improvement opportunities


  • You have a minimum of 4 years in a corporate setting with responsibility for information security risk management and / or assurance and governance 
  • You have proven knowledge and experience with frameworks such as ISO31000, NIST and ISO27001
  • You possess the ability to coordinate requirements and teams to identify, evaluate, assess and treat information security risk both internally and throughout the supply chain
  • You will be required to communication with a wide array of stakeholders throughout the organisation so strong stakeholder management skills at all levels is a necessity. 
  • You are experienced in finding and agreeing pragmatic solutions in conjunction with stakeholders
  • You have strong written and verbal skills and be comfortable presenting initiatives to Senior Management
  • You have strong analytical skills. Whether it concerns a new process, project or supplier, you will need to be able to quickly get to the bottom of the most important vulnerabilities, threats and potential controls.
  • You understand digital, technology and data risks and are passionate about latest innovations such as artificial intelligence, blockchain, robotics and the Cloud
  • You’re able to work proactively under your own initiative
  • You’re pro-active in obtaining appropriate training, both in soft skills and hard skills.
  • Holding a certification such as CISA, CISM, CISSP or CRISC would be an advantage.


  • 27 days holiday plus eight statutory bank holidays
  • Pension scheme
  • Performance related bonus
  • Life assurance
  • Sport centre
  • Free on-site parking
  • Subsidised café and restaurants
  • Discounts on Dyson machines