Security Governance Analyst

Security Governance Analyst - 6 Month Fixed Term - London Our Head Office department is in the heart of Piccadilly and occupies the 5th & 6th floor of our beautiful flagship store. This central London location offers so much to explore including restaurants, bars, cultural sites, shopping and more, and only a short walk from the Green Park Tube Station and plenty of bus stops.

As a Technology Security Governance Analyst, you will support and manage elements of Fortnum & Mason Information Security Governance Framework. As Technology Security Governance Analyst, you will:

• Own and manage the process for third party information security assurance to ensure that ongoing security assessments are undertaken and that contractual agreements reflect information security requirements.
• Support information security awareness throughout the organisation including managing phishing awareness campaigns and delivering and supporting training and awareness to specific user groups.
• Support management and investigation of any information security incidents including ensuring that incident logs are maintained, and any actions / lessons learned are addressed.
• Support Fortnum & Masons PCI compliance program including ensuring evidence of compliance is collated and maintained and undertaking audit checks within stores.
• Manage the process for Information Security Risk Management to ensure that all information security risks are owned and documented and remediated to an agreed and accepted level.
• Support the process for project engagements to ensure that Information Security requirements are defined for each project, Architectural design documents are reviewed to ensure appropriate controls are in place and testing and acceptance processes are in place to ensure that agreed controls have been implemented.
• Serve as a hands‑on Security Analyst, proactively identifying opportunities for improvement and delivering security enhancements to our systems.
• Understanding of server hardware, hypervisors, virtual machines, operating systems, Microsoft services, including Intune, Entra, Office
  365, Azure, SQL Server, SCCM, and File & Directory services.
• Collaborate with partners to ensure the security of the Cisco Meraki network, taking an initiative‑taking stance in mitigating risks and initiative‑taking patch management.
• Assist with internal and external vulnerability assessments, working with security partners to maintain PCI DSS compliance, overcome security challenges, and drive continuous improvements aligned to the NIST framework/ISO
  271002 standards.
• Report and review our secure device imaging using Microsoft Intune & Autopilot, ensuring a standardised, scalable, and resilient set‑up for retail, hospitality POS, and all corporate end‑user devices.
• Effectively operate security tooling reporting against our SIEM platform, endpoint protection solutions, and identity access controls, reviewing automated threat detection and forensic incident response to protect critical infrastructure and services.
• Create and manage security policy documentation, assist with security procedures, and train our internal teams and wider retail staff.
• Undertake disaster recovery planning, ensuring business continuity and resilience against potential disruptions.
• Work proactively alongside support, application, and transformation teams, fostering collaboration and communicating security procedures and policies.
• Deliver concise, well‑structured documentation, providing clarity for teams and enabling rapid adoption of security best practices.
• Function as a trusted advisor, recognised as the go‑to subject matter expert for security, and bridging the gap between end‑users and the infrastructure and security team.
• Guide and support third‑party engagements, ensuring vendors align with enterprise security standards, compliance requirements, and best practices.
• Educate and empower both internal teams and the broader business, fostering a security‑first culture and promoting best practices in security and business continuity.

• Experience with security and compliance standards frameworks such as ISO 27001, ISO 22301, GDPR, PCI‑DSS, NIST, and ACPO…