IT Compliance and Control Officer

Job Introduction

We have a new and exciting opportunity to join our ever-growing IT department, as an IT Compliance and Control Officer on a 24 month fixed term basis.

We are looking to bring someone in-house to support compliance initiatives such as GDPR and audits. The role holder will perform various types of audits with multiple stakeholders across the organisation, including subsidiaries, with a wide range of systems in order to measure the IT risk level of the organisation. You will be responsible for ensuring controls are in place by supporting the development of relevant action plans to mitigate or reduce risks.

This is a varied role which offers exposure to the wide range of systems used across our business, and also the chance to work with a diverse range of stakeholders. Every day will be a school day as there is so much learn and scope to build and develop your knowledge in this area.

The ideal candidate would have strong technical knowledge and a background in IT auditing.

You’ll be based in our Salford Data Centre although some flexible / home working can be accommodated.

Role Responsibility

• Develop and maintain an IT internal audit program delivered to IT functions and the business as required to ensure timely and semi-automated collection of evidences as per the Sodexo IT internal control framework
• Conduct internal audits of IT general controls (access rights, change management, etc.) and IT security controls (network access, vulnerability management, etc.) against various systems within Sodexo UK & Ireland or its subsidiaries to assess the efficiency and effectiveness of controls
• Perform third-party IT (security) audits, whether on-premise or remotely, as required
• Run ISO27001 internal audits against the various Sodexo scopes in line with the standard expectations
• Support GDPR and PCI DSS compliance efforts in performing and/or coordinating audits of the security measures in place for systems in-use, and contribute to the various steering committees
• Contribute to the update of the systems and data inventory, and related security measures in accordance with GDPR requirements
• Monitor action plans completion and support action plans definition with IT functions, the business, suppliers and any relevant stakeholder to remediate or mitigate risks identified
• Define, monitor and report KPIs around audit results in line with Security and Compliance team objectives
• Contribute to the continuous improvement process

The Ideal Candidate

What is essential:

• Graduate in Information Security
• Proficiency in core information security principles (access control, network security, vulnerability management, etc.)
• General knowledge of IT environments and technologies, data privacy
• Experience of leading and performing internal or external IT audits
• Experience of negotiating with stakeholders in designing relevant action plans
• Experience of GDPR
• Knowledge of security standards for suppliers (ISAE 3402, PCI DSS, etc.)
• Analytical and problem-solving capabilities

Where we can be flexible:

• Experience of penetration testing
• Experience of PCI DSS, former QSA
• Experience of dealing with supplier audits
• Knowledge in security architecture or enterprise architecture
• Experience of comprehensive IT internal audit program design and development
• Knowledge of ISO27001

Package Description

Competitive salary + benefits

We also offer Sodexo Discounts site promoting discounted mobile phone tariffs, savings across restaurant chains and days out, where you and your family can save money on everything from your weekly food shop to the latest cinema blockbuster and much more

About the Company

In the UK and Ireland, Sodexo employs some 35,000 employees to deliver integrated facilities management services to clients at over 2,000 locations in the corporate, healthcare, education, leisure, Defence and justice sectors. With an annual turnover of over £1bn, we provide everything from catering, cleaning and reception to security, laboratory and grounds maintenance services, enabling our clients to focus on their core business.

Sodexo and our clients are committed to safeguarding and promoting the welfare of children and adults within a regulated activity. Certain roles will require applicants to undergo screening appropriate to the post, including checks with past employers and the Disclosure and Barring Service (DBS) and/ or Disclosure Scotland.

We are building on our support to the Armed Forces community through the development of specific pathways within our recruitment process to further engage ex-forces personnel and reservists.  Those applying for roles with us who meet the essential criteria advertised under the ‘ideal candidate’ on the vacancy advertised are guaranteed to progress within the selection process.