Skip navigation

Have you considered using our job search? Click here to search our current jobs.

Have you considered using our job search? Click here to search our current jobs.

Information Security Analyst and Auditor

Summary

Salary
Competitive
Team
Security
Location
United Kingdom - Malmesbury Office

About Us

Dyson is a global technology company. Using a desire to make things work better as a catalyst for invention, our team of engineers and scientists are passionate about developing technology that solves the problems others often ignore. But it is not enough to simply solve these problems. We need to solve them FIRST.

Dyson invests heavily in research and development and works with more than 40 universities worldwide to develop early-stage technologies. Dyson people are encouraged to think differently, challenge convention and be unafraid to make mistakes. We are creative, collaborative, practical, enthusiastic and resourceful.

To succeed, we need to protect our innovation and keep our secrets, secret. A strong security culture helps us ensure that our new technologies stay way ahead of our competitors and amaze our customers. Every employee has an important part to play in protecting our intellectual property and our commercially sensitive information.

The Information Security team exists to protect our commercially sensitive information. The team sits within our Group Security department, whose mission is to enable Dyson’s business ambitions globally by creating a strong security culture. Our team protects Dyson’s secrets, people and revenues through collaboration, communication and intelligence.

The Information Security Analyst and Auditor's ensure that the policies and standards we use to protect our information are followed and proactively enforced throughout our supply chain, through an annual audit and attestation program and through forming strong relationships to drive remediation activity. When partners or third parties place our intellectual property or sensitive information at risk of unauthorised exposure, the Supplier Assurance Analysts investigate and take the appropriate action to enforce our policies.

At Dyson, it's about more than our machines. We recognise that our success comes from our inventive people. We believe in including everybody and supporting you on your journey with us.

About the Job

Are you passionate about security and want to play a vital role in ensuring we protect our secrets? The Information Security Analyst and Auditor is a greenfield, global role, ensuring security policy and contractual requirements are adhered to across our IT, finance, HR and manufacturing suppliers.

As a Information Security Analyst and Auditor your primary responsibilities will include:

Supplier Assurance:

  • Undertaking supplier information security assessments during the tender and on-boarding processes and throughout the lifecycle of contracts to ensure information assurance throughout the supply chain.

  • Producing high quality risk reports, with recommendations, to enable senior business owners to make the most appropriate risk decisions with regards to the use of suppliers.

  • Providing advice and guidance with regards to supplier selection based on assessment results.

  • Working with Dyson’s Regional Security Managers and other key stakeholders to build an annual onsite audit plan covering Dyson’s tier 1 suppliers.

  • Travel to supplier sites nationally and occasionally internationally to conduct onsite audits and verify remediation activity.

  • Ensuring the effectiveness of the supplier assurance process, from on-boarding to contract-end.

  • Developing & managing the annual attestation process, to provide assurance of Dyson’s tier 2 and 3 suppliers.

  • Facilitating treatment of supplier information security risk and ensuring risk is managed within Dyson’s appetite.

  • Leading supply chain incident investigations, ensuring root cause is identified and corrective action is taken to prevent reoccurrence.

  • Reviewing and updating contract provisions and Dyson’s third-party policies to ensure our requirements reflect best practice and align with Dyson’s risk appetite.

  • Working with Dyson’s Legal team to review suppliers’ proposed amends to security clauses in contracts we issue, to ensure Dyson is not exposed to unnecessary risk.

  • Producing monthly reports to track supplier remediation progress and risk reduction.

  • Identifying continual improvement opportunities.

Compliance by Design

  • Supporting the business in assessing, evaluating, treating and reviewing information risk as part of project, change and business-as-usual activity.

  • Promoting and encouraging a risk culture that underpins Dyson’s values and drives risk awareness and accountability throughout the organisation.

  • Engaging with risk owners to ensure risks are managed within appetite, engaging subject matter experts as and when required to ensure treatment is fit-for-purpose and proportionate, and to facilitate informed decision making.

About You

  • You have a minimum of 3 years in a corporate setting with responsibility for information security risk management and / or assurance and governance

  • You have proven knowledge and experience with frameworks such as ISO31000, NIST and ISO27001.

  • You possess the ability to coordinate requirements and teams to identify, evaluate, assess and treat information security risk both internally and throughout the supply chain.

  • You will be required to communication with a wide array of stakeholders throughout the organisation so strong stakeholder management skills at all levels is a necessity.

  • You are experienced in finding and agreeing pragmatic solutions in conjunction with stakeholders.

  • You have strong written and verbal skills and be comfortable presenting initiatives to Senior Management.

  • You have strong analytical skills. Whether it concerns a new process, project or supplier, you will need to be able to quickly get to the bottom of the most important vulnerabilities, threats and potential controls.

  • You understand digital, technology and data risks and are passionate about latest innovations such as artificial intelligence, blockchain, robotics and the Cloud

  • You’re able to work proactively under your own initiative

  • You’re pro-active in obtaining appropriate training, both in soft skills and hard skills.

  • Holding a certification such as CISA, CISM, CISSP or CRISC would be an advantage.

The duties listed are not exhaustive. Additional hours of work may be required, as determined by the needs of the business. Managers and staff may be required to undertake additional duties, responsibilities and projects as appropriate.

Benefits

  • 27 days holiday (plus statutory bank holidays )

  • Pension scheme 

  • Performance related bonus 

  • Life assurance 

  • Sports centre 

  • Free on-site parking

  • Free lunches and hot drinks

  • Discounts on Dyson machines

  • Free Hair Salon

  • Concierge service

  • Electric vehicle lease scheme


Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.

Interview guidance

We are following the government guidelines regarding COVID19. At this time all interviews will be conducted via video or telephone. We’re taking these precautionary measures to protect both our employee and candidate wellbeing. Our Talent Acquisition team will work with you and provide further information as appropriate.