We're looking for a Security Risk Analyst to join our Information Security team and help ensure M&S maintains a strong and resilient security posture. Working within the Governance, Risk & Compliance (GRC) function, you'll play a key role in supporting the implementation and ongoing development of our cybersecurity risk assessment framework, helping the business identify, assess and manage cyber risk effectively.
You'll work closely with Security Risk Principals, Specialists and stakeholders across Technology and the wider business to analyse cyber risk data, support risk assessments and provide meaningful insight into M&S's security landscape. This is an exciting opportunity for someone with a strong foundation in cybersecurity risk management who is keen to influence decision-making and contribute to the protection of a complex retail environment.
Due to high interest, this role may close earlier than advertised. We recommend applying as soon as possible.
What you'll do
Your key accountabilities will include:
- Supporting the delivery and ongoing adoption of M&S's cybersecurity risk assessment framework and associated risk management processes.
- Analysing security risk data, identifying key areas of concern and communicating findings to stakeholders across the business.
- Collaborating with Security Risk Principals, Specialists and wider GRC teams to assess, document and manage cybersecurity risks.
- Contributing to risk reporting, governance forums and security risk appetite reviews that provide insight into M&S's cyber risk posture.
- Supporting the development of risk awareness, training and continuous improvement activities that strengthen cybersecurity risk management across M&S.
Who you are
Your skills and experience will include:
- Experience in cybersecurity risk management, with a good understanding of security governance, risk and compliance principles.
- Knowledge of industry-recognised frameworks such as NIST CSF, and the ability to apply risk-based thinking to security challenges.
- Strong analytical and problem-solving skills, with the ability to interpret complex information and communicate it clearly.
- Excellent stakeholder management, organisation and prioritisation skills, with experience working across multiple teams and business functions.
- A collaborative mindset and a passion for helping organisations identify, understand and manage cybersecurity risk.
What's in it for you?
Working at M&S means being part of something bigger - helping to deliver quality, value and service to millions of customers every day. We're inclusive, fast-moving and always evolving, with a strong sense of purpose and a focus on doing the right thing.
Here are just a few of the benefits that make working here even more rewarding:
- 20% colleague discount on all M&S products and many third-party brands for you and someone in your household, available once you've completed your probation
- Competitive holiday allowance with the option to buy more
- Discretionary bonus schemes linked to your performance and ours
- Strong pension and life assurance to help plan for the future
- Tailored induction and training to support your development from day one
- Exclusive perks and savings through our M&S Choices portal
- Market-leading family policies, including parental, adoption and neonatal leave
- 24/7 wellbeing support, including virtual GP access and mental health services
- One paid volunteer day a year to support a cause that matters to you
Everyone's welcome
We are ambitious about the future of retail. We're disrupting, innovating and leading the industry into a more conscientious, inspiring digital era. We're transforming how we work together and offering our most exciting opportunities yet. Marks & Spencer strives to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make change happen.
We are committed to building diverse and representative teams, where everyone can bring their whole selves to work and be at their best. We support each other and work together to win together.
If you feel you'd benefit from any support or reasonable adjustments during any stage of the recruitment process, please don't hesitate to let us know when completing your application. This information will be picked up by our team, so we can try and put steps in place to help you be at your best through this process.