21 Jul, 2018
Description As part of our Information Security Product Team you will: • Be responsible for working with Programme/Project teams, including Delivery Managers, Security Architects and Product Owners to ensure that IT projects are delivered securely, protecting client and employee data and ensuring compliance with Information Security policies and standards. • Help to identify new products, define business/technical requirements and work with the architects to develop solutions and designs. • Utilise Waterfall and Agile delivery methodologies, and be part of the project team through the lifecycle of a product, being part of the implementation, to ensure overall delivery of a secure and effective product and becoming part of a long lived product team to help with product backlog delivery and providing 3rd level support to business teams. What I need to do • As an experienced security focused Technical Product/Business Analyst, work with limited supervision, with the responsibility for Security Product team input to a portfolio of projects and product development. • Provide end to end engagement on a wide range of IT projects/products delivering security capabilities to help ensure that Sainsbury's data is protected. • Define Functional and Non Functional Requirements for projects and ensure that they are fulfilled prior to going into service. • Review architectural and design documents including Solution Outline Documents, Detailed Designs, Network Diagrams, and Data Flow Diagrams etc. • Work as part of an Agile delivery/engineering team, providing input and carrying out Splunk implementation/development tasks. • Review, create and document Information Security and Business processes. • Be a Subject Matter Expert for Splunk, within the product team and help with the development and delivery of roadmap of Splunk. • Deliver technical investigations and analysis of Sainsbury's systems. • Ensure the relevant technology standards are applied to specific projects. Identify areas of Information Security policies, procedures, standards and guidelines that need to be refined or developed. How I will succeed • Accurately translate business requirements into technical and security requirements that will deliver the business outcomes required. • Make key contributions so that Information Security capabilities are successfully implemented and deliver value to the business, helping to keep Sainsbury's data secure. • Projects/programmes are delivered with a security focus integral to the solution. • Projects are compliant with the relevant standards and regulations. • Creation of effective and lean processes. • Splunk is developed and enhanced to provide the Security Operations Centre with an effective 'detect and respond' capability. • Achieving great customer and colleague feedback. • Continuous personal development. • Fulfilling personal objectives. What I need to know • Splunk product, technical, architectural and configuration knowledge. • Information Security principles and good practices. • Business Analyst background, including stakeholder management, essential. • Computer Science degree and/or MSC in Information Security desirable but not essential. • Working knowledge of different delivery methodologies including Waterfall, Agile and Hybrid. • Knowledge and skills to document business requirements. • Excellent process creation and documentation • Has a broad knowledge and understanding of IT concepts and architectures including Cloud, BYOD, Mobile Device Management etc. • Methods and techniques for risk management. • Current knowledge of PCI, DPA and ISO27001. • CISSP or other Information Security qualification desirable. What I need to show • Information Security domain knowledge that demonstrates experience in the application of good security practices, ensuring that all aspects of Confidentiality, Integrity and Availability are embedded into product delivery. • Ability to work with minimal supervision and ensure projects deliver securely and at pace. • Experience of working as part of successful product teams and with different project delivery approaches, specifically Agile methodologies. • Experience of reviewing system design documentation; including Detailed Infrastructure Designs, Service Acceptance Criteria, and Functional and Non-Functional Requirements etc. • Ability to think methodically and logically and have well-honed communication skills. • Works collaboratively with a range of people to support the Information Security and wider Business Strategies. • Proactively takes responsibility, owns any issues arising and follows through to resolve them, recognising how individual responsibility impacts team delivery and inspires others to do the same. Resources available to me • Team of colleagues assigned to information security management structured into five functional areas i.e. Standards & Compliance, Project Assurance, Security Testing, Security Operations and Product Ownership. • Vendors & Third Party partners/subject matter experts (as appropriate). • Security Product Owners, Security Architects, Technical Designers, various Working Groups including Customer, Colleague, Finance etc. • Delivery and Product teams • Industry and national bodies (as appropriate). What decisions I can make • Approve solutions and technical designs from a product perspective. • Set the Functional and Non-Functional Requirements for a project. • Implementation strategy with regards to product Subject matter expertise. • Significant freedom to contribute to team processes.
Sainsbury's Full time