- Information Technology
- United Kingdom - Malmesbury Office
At Dyson, we demand the highest standard of performance from the technologies we engineer. Our people expect the same from the technology that supports them. We are a community that appreciates and advocates better engineering. A community of pioneers.
Dyson IT is mid-transformation. Our aim is to create robust IT architecture, to manage data effectively and efficiently, and continue to grow our world-class team. A team that is strategic, enabling business acceleration, growth, and success.
Our Cyber Security team
It’s no secret that our intellectual property is massively critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Global Cyber Security department works effectively to keep our secrets secret and secure our crown jewels using advanced technologies to stay one step ahead of the game. We take a pragmatic approach,
transforming cyber security in order to enhance our business resilience, enable our colleagues to move fast, delight our
customers, and better manage potential cyber disruption. Investing in new cyber security capabilities across technology,
process, and people, we build on and leverage our strong cyber security ecosystems to tackle future threats.
Our IT Security Risk & Compliance, Enterprise Security, and Cyber Defence functions are the beating heart of Dyson’s
Cyber Fusion Centre capabilities. Together, they enable the successful delivery of exciting new projects, help existing
toolsets remain effective, enable and encourage compliance, balance red & blue team capabilities, and make sure
that cyber security incidents are managed in a timely and efficient way.
About the role
- The IT Security Risk & Compliance Analyst, reporting to the IT Security Risk & Compliance Manager, will be responsible for:
- IT Security Risk & Compliance:
- Perform compliance assessment and due diligence on Global IT and Business stakeholders (e.g. Control
- Assessment, Third Party Vendor Assessments, PCI gap assessment.. etc.) Provide reporting on the security
- stance of third parties and highlight potential risks to senior stakeholders.
- Assist in maintaining the Global IT Risk Register, holding key individuals accountable for remedial action.
- Provide support in monitoring and tracking Internal Audit functions, Cyber Security Metrics / reporting, remedial actions.
- Assist in the continued compliance with PCI-DSS and the annual assessment and maintenance.
- Complete assurance tasks, ensuring that the key Cyber Security policies and standards are adhered to.
- Work with key business areas to work towards a level of compliance, where required.
- Escalate where non-compliance poses a business risk to key business stakeholders.
- Perform regular and periodic compliance-related tasks.
- Develop in the development and publishing of Cyber Security policies and standards.
- Support Cyber Security training and awareness activities and initiatives.
- With experience in a similarly dynamic, international role and complex organisation, you’ll have a proven working knowledge of leading an IT function in the global/region working as part of a global matrix managed team.
- Autonomy - Works under broad direction. Work is often self-initiated. Is fully responsible for meeting allocated technical and/or project/supervisory objectives. Establishes Milestones and has a significant role in the assignment of tasks and/or responsibilities.
- Influence - Influences organisation, customers, suppliers, partners, and peers on the contribution of own specialism. Builds appropriate and effective business relationships. Makes decisions which impact the success of assigned work, i.e., results, deadlines, and budget.
- Complexity - Performs an extensive range and variety of complex technical and/or professional work activities.
- Undertakes work which requires the application of fundamental principles in a wide and often unpredictable range of contexts. Understands the relationship between own specialism and the wider customer/organisational
- Business Skills - Advises on available standards, methods, tools, and applications relevant to own specialism and can make appropriate choices from alternatives. Analyses, designs, plans, executes, and evaluates work to time, cost, and quality targets. Assesses and evaluates risk. Communicates effectively, both formally and informally.
- Facilitates collaboration between stakeholders who have diverse objectives. Takes all requirements into account when making proposals. Takes initiative to keep skills up to date. Maintains an awareness of developments in the industry. Analyses requirements and advises on scope and options for continuous operational improvement.
- Demonstrates creativity, innovation, and ethical thinking in applying solutions for the benefit of the customer/stakeholder.
- Demonstrable evidence of effective problem solving skills in complex support BC & DR, including experience relating to Cyber Security, Compliance, or Assurance.
- Experience in leading third-party assessments and running third-party assurance activities, preferably against a recognised framework.
- Experience of conducting compliance reviews, including creation of GAP analysis reports and remediation plans.
- Understanding of risk methodologies and experience applying these in assessments.
- IT security management and audit qualifications
- Excellent relationship skills - the ability to build positive relationships with both technical and business personnel.
- Excellent communication skills in written and oral presentation material.
- 27 days holiday plus eight statutory bank holidays
- Pension scheme
- Performance related bonus
- Private medical insurance
- Life assurance
- Sport centre
- Free on-site parking
- Subsidised café and restaurants
- Discounts on Dyson machines
At Dyson, it's about more than our machines. We recognise that our success comes from our inventive people. We believe in including everybody and supporting you on your journey with us
We are following the government guidelines regarding COVID19. At this time all interviews will be conducted via video or telephone. We’re taking these precautionary measures to protect both our employee and candidate wellbeing. Our Talent Acquisition team will work with you and provide further information as appropriate.