IT Compliance Senior Analyst

BAT is evolving at pace into a global multi-category business. We are on a mission to decrease the health impact of our industry.
To achieve our ambition, we are looking for colleagues who are ready to Be The Change. Come, join us on this journey!

We are seeking an experienced and highly motivated individual to join our Global Cyber Security Digital Compliance & Assurance Team.

This pivotal role will be responsible for designing data-based controls assurance and leading operational activities, to improve maturity of our cyber security compliance requirements identification, definition and management, third party cyber risk identification and mitigation.

The ideal candidate will have expertise in technology risk assessment, data analytics, and some experience in Cloud Engineering. A strong team player with a proactive approach to cyber security is essential.
If you are passionate about cyber security and have a proactive approach to security, we would love to hear from you

Your key responsibilities will include:

.

• Assist in the development and implementation of the digital / IT security assurance & regulatory compliance framework.
• Providing requirements and posture summaries of cyber security maturity and compliance with regulations.
• Translate security controls requirements / control objectives into potential ways of their assessment, where possible based on data with the use of available tools of IT / security monitoring or dedicated data analysis
• Assist in IT controls automation, controls assurance / monitoring automation initiatives. Analyze data from various sources, design and build exception reports, KPIs/KRIs, and continuous monitoring, to detect and respond to threats in real-time.
• Conduct digital / IT security compliance assessments of new initiatives, as well as existing solutions and infrastructure, to identify potential risks that could impact the organization. Prioritize findings, evaluate potential impact on the organization. Discuss results with relevant partners
• Perform vendor risk and compliance reviews, based on SOC2Type2 / ISO27k or equivalent, as well as external monitoring (BlueVoyant) reports.
• Assist in development of mitigation strategies and remediation plans to address identified risks.
• Identify and implement opportunities to improve risk and compliance reporting processes.

What are we looking for?

Key Requirements:

• Cybersecurity & IT Risk Expertise: Hands-on experience in cybersecurity, IT administration, or security assessments, with a strong understanding of IT controls, compliance, and risk assessments.
• Communication & Stakeholder Management: Excellent ability to report findings, influence partners, and translate complex cybersecurity concepts into clear recommendations and actions.
• IT & OT Security Standards: Strong understanding of key security frameworks and standard processes, including NIST, ISO 27001, SOC Trust Criteria, and CIS Controls.
• Understanding of key cyber security regulations and risk management principles, e.g., GDPR, HIPAA, SOX, NIS2, PCI-DSS.
• Data Analytics & Automation: Experience with data analysis and reporting tools, including Excel, Power BI, and Power Automate, to support automation and risk assessment processes.
• Project & Time Management: Target- and deadline-focused, capable of working independently and within matrix teams on multiple assignments in a fast-paced environment.
• Education: Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent experience.
• Certifications: Relevant cybersecurity certifications such as CISA, GSEC, or equivalent.

Beneficial

• Good knowledge of IT technology. Relevant certifications, including Microsoft Azure AZ-900, SC-900, SC-200

What we offer you?
•    We offer a market leading annual performance bonus (subject to eligibility)
•    Our range of benefits varies by country and includes diverse health plans, initiatives for work-life balance, transportation support, and a flexible holiday plan with additional incentives
•    Your journey with us isn't limited by boundaries; it's propelled by your aspirations. Join us at BAT and become a part of an environment that thrives on internal advancement, where your career progression isn't just a statement – it's a reality we're eager to build together. Seize the opportunity and own your development; your next chapter starts here.
•    You'll have access to online learning platforms and personalized growth programs to nurture your leadership skills
•    We prioritise continuous improvement within a transformative environment, preparing for ongoing changes

WHY JOIN BAT?
We’re one of the few companies named as a Global Top Employer by the Top Employers Institute – certified in offering excellent employee conditions.

Collaboration, inclusion and partnership underpin everything we do here at BAT. We are looking forward to enabling every individual to thrive, regardless of gender, sexual orientation, marital or civil partnership status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability, age, skills, experience, education, socio-economic and professional background, veteran status, perspectives and thinking styles. We know that embracing talent from all backgrounds is what makes us stronger and best prepared to meet our business goals.

We see the career breaks as opportunities not obstacles. Through The Global Returners program, we support professionals looking to restart their careers after an extended absence from the workforce (e.g. time out caring for family, parental leave, national service, sabbatical and/or starting an own venture).

Come bring your difference and see what is possible for you at BAT. Learn more about our culture and our award winning employee experience here.

If you require any reasonable adjustments or accommodations to help you perform at your best during the recruitment process, you are encouraged to notify us. We are fully committed to support you by making appropriate arrangements for you to demonstrate your full potential.