Job Description

dunnhumby is the global leader in Customer Data Science, empowering businesses everywhere to compete and thrive in the modern data-driven economy. We always put the Customer First.
Our mission: to enable businesses to grow and reimagine themselves by becoming advocates and champions for their Customers. With deep heritage and expertise in retail - one of the world's most competitive markets, with a deluge of multi-dimensional data - dunnhumby today enables businesses all over the world, across industries, to be Customer First.
dunnhumby employs nearly 2,500 experts in offices throughout Europe, Asia, Africa, and the Americas working for transformative, iconic brands such as Tesco, Coca-Cola, Meijer, Procter & Gamble and Metro.
dunnhumby manages a vast amount of customer and confidential data and takes data security extremely seriously and this role will assist in delivering the necessary internal policy framework ensuring dunnhumby meets internal. industry and client expectations for governance and compliance.
Reporting directly to the Governance, Risk and Compliance (GRC) Manager, the Policy and Compliance Analyst is key to developing and promoting a proactive approach to the governance of Information Security policies, standards and guidelines. The role's primary focus is to manage the document management lifecycle to ensure that contents and coverage are aligned to industry best practice and regulatory requirements.
The Policy and Compliance Analyst will act as administrator for the new policy management tool, providing technical oversight and governance coordination. They will be responsible for identifying policies and standards required to establish applicable to security controls, processes and regulatory adherence. They will also be responsible for reviewing policy exceptions and oversight of the exceptions management process.
What we expect from you:

• Bachelor's degree or equivalent in any Information Security or Technology pathway.
• Experience of independently managing a policy governance framework and lifecycle.
• Experience with using or administrating GRC or policy management platforms.
• Experience conducting policy gap assessments, control assurance reviews and compliance monitoring.
• Leading or supporting policy exception risk and impact reviews.
• Strong verbal and written communication and collaboration skills
• Experience with information security standards and frameworks such as SOC2, ISO27000 and NIST.
• Knowledge of general enterprise, cloud, Artificial Intelligence security technologies.
• Experience of general IT infrastructure technologies and principles.
• Ability to build relationships and influence all levels within an organization.
• Ability to work independently and manage priorities in a fast-paced global environment.
• Knowledge of data privacy, data classification and data protection

Responsibilities:

• Manage the policy lifecycle for information security and technology policies and standards. Key enabler in the co-ordination of policy development, review and approval process.
• Administrator for the new policy management tool, including workflow configuration, user management, and supporting adoption across dunnhumby.
• Engage with the senior Information Security and Technology stakeholders to identify policy coverage and guidelines applicable to dunnhumby.
• Conduct regular gap analysis over the current policy framework and monitor industry best practice to identify and suggest areas of improvement, further documentation and governance.
• Support Technology Risk function to assess impact and identify mitigations for instances of policy non-compliance.
• Maintain and review an annual plan for the review, update, approval and publishing of documentation.
• Ensuring that current policies, standards and guidelines are aligned with the NIST CSF 2.0 standard.
• Manage the policy exception process, including review of exception categories, assessment of requests, determining associated risks, and communication of outcomes in line with agreed guidelines.

What you can expect from us
We won't just meet your expectations. We'll defy them. So you'll enjoy the comprehensive rewards package you'd expect from a leading technology company. But also, a degree of personal flexibility you might not expect. Plus, thoughtful perks, like flexible working hours and your birthday off.
You'll also benefit from an investment in cutting-edge technology that reflects our global ambition. But with a nimble, small-business feel that gives you the freedom to play, experiment and learn.
And we don't just talk about diversity and inclusion. We live it every day - with thriving networks including dh Gender Equality Network, dh Proud, dh Family, dh One, dh Enabled and dh Thrive as the living proof. We want everyone to have the opportunity to shine and perform at your best throughout our recruitment process. Please let us know how we can make this process work best for you.
Our approach to Flexible Working
At dunnhumby, we value and respect difference and are committed to building an inclusive culture by creating an environment where you can balance a successful career with your commitments and interests outside of work.
We believe that you will do your best at work if you have a work / life balance. Some roles lend themselves to flexible options more than others, so if this is important to you please raise this with your recruiter, as we are open to discussing agile working opportunities during the hiring process.
For further information about how we collect and use your personal information please see our Privacy Notice which can be found

Skills Required