IS Risk Analyst

13 Nov 2017
16 Nov 2017
Contract Type
Full Time


Founded in 1856, Burberry today remains quintessentially British, with outerwear at its core. Digital luxury positioning and intensive focus on design innovation, quality and heritage icons ensure continued brand purity and relevance globally across genders and generations. Burberry believes that in order to be a great brand it must also be a great company and constantly leverages the energy of its compassionate and creative thinking culture to continually innovate and drive the brand forward. Headquartered in London, Burberry is a design, marketing and retail led business with a global reputation for innovative product design, digital marketing initiatives and dynamic retail strategies.


Burberry is opening a brand new Shared Service Centre - Burberry Business Services, based in Leeds at their stunning new premises in the heart of the City Centre. This Centre of Excellence will be an extension of their Head Office in London and house core functions; HR, Finance, Procurement, Customer Services and I.T. helpdesk.


The Information Security Risk Manager will be working in the Information Security Team supporting the business and IT to identify and thereafter manage information security risks both internally and via third parties. The role includes executing a variety of regular and ad hoc assessments and providing guidance in the form of procedures, policies, and controls. The role will also involve regularly interfacing with business function and IT stakeholders, internal and external auditors, and being involved in other compliance initiatives including providing input into audits upon request.

  • Collaborate with stakeholders to identify, assess and treat internal and third party information risks; tracking the risks and the associated controls
  • Manage, develop, and maintain the information risk register, information asset register, and support continuous improvement and maturation of information security risk management processes
  • Provide advisory support to business function and IT teams in understanding risk and security considerations of business operations, new projects, and third party suppliers.
  • Ensure that the security requirements for new and change business projects are defined, based on the assessment of risk within the framework provided by Group Policy
  • Assist IT teams in defining and executing action plans to implement controls
  • Monitor compliance with the agreed controls on a regular basis
  • Manage and maintain reporting of control / compliance progress
  • Support implementation of an overall control framework (comprehensive control set) in IT e.g. COBIT
  • Support internal and external audits to ensure their success.
  • Contribute to the definition and maintenance of a practical and comprehensive Risk Assessment methodology, with supporting tools where appropriate
  • Control and manage assurance monitoring and tracking, including the retention of adequate records.
  • Schedule information risk and compliance audits, review the outcomes audit process; direct compliance issues to appropriate resources for investigation and resolution


  • Understanding of controls to protect applications and infrastructure technologies including Data Loss Prevention, Advanced Threat Detection and Prevention, Cloud and Mobile Computing
  • Experience in Information Security, IT Audit, and Supplier Security Assessments
  • Knowledge of security related products and Information Security Management Systems
  • Knowledge of information security and risk strategies
  • Ability to collaborate with and influence stakeholders
  • Ability to identify IT risk implications from IT operations
  • Ability to categorise IT risk and to determine the best course of action to handle that category of IT risk


If you do not wish to apply for a specific role but would like to register your interest please click on the following link:

Burberry is an Equal Opportunities Employer and as such, treats all applications equally and recruits purely on the basis of skills and experience.
This job was originally posted as