Job Description

Due to the rapid growth of THG and the requirement for enhanced visibility and assurance of legal and regulatory compliance, we are expanding our Governance, Risk and Compliance team. Working within the Information Security team, you will be focused on but not limited to auditing information security compliance throughout the business. You will be responsible for undertaking internal audits, documenting findings and tracking corrective actions. The role requires a high degree of proactive and positive engagement with stakeholders and managers to drive continual improvement of the group ISMS and its related components. There will also be a requirement to undertake external audits under standard contractual terms to ensure that our associates maintain high security information security standards. Working closely with the information security team, you will be involved in ensuring that all legal and regulatory components are measured and adhered to. We are adopting working practices in line with UK government advice.

Key Responsibilities:

• Maintain and audit schedule with internal and external stakeholders.
• Undertake scheduled audits and factor in ad-hoc audits.
• Ensure that information security KPIs are maintained.
• Ensure that non-conformities are fully documented and tracked.
• Engage with non-conformance action owners to address and close findings.
• Maintain a live register and reporting of non-conformance findings, audits and KPIs.
• Engagement with risk managers concerning audit findings.
• Improve policies, standards and procedures for compliance frameworks.
• Develop a broad compliance driven culture through engagement and awareness.

Benefits

What's in it for me?

• Competitive salary
• Build solutions using the latest technology
• Work alongside genuine industry experts
• Continuous development through THG Academy, our in-house L&D team
• Staff discounts on THG brands and Hale Country Club
• On-site doctor, physio and barber

Required Knowledge, Skills, and Abilities

ISO27001 Lead auditor or Implementer. Working knowledge of associated PCI DSS against ISO27001 requirements. Knowledge of Data Protection Act 2018 and or the GDPR. Pragmatic and the ability to multi-task and react very quickly to business requirements. Effective interpersonal skills to build and maintain relationships. Proficient computer skills, especially Microsoft Office applications. Ability to train others and build a sustained compliance culture.