InfraSec Governance Analyst

  • Location

    United Kingdom

  • Sector:

    Engineering, IT

  • Job type:


  • Salary:

    Competitive salary + Excellent Benefits

  • Published:

    about 1 month ago

  • Expiry date:


  • Client:


Find out more about Gymshark and see all their listed jobs

Gymshark HQ is based in Solihull, however this role can be both flexible & remote. There will be an expectation (post-Covid, government guidelines dependant) for the successful candidate to also be flexible and be open to coming into HQ occasionally.

As Gymshark’s InfraSec Governance Analyst, you will be responsible for conducting InfraSec risk assessments on potential and existing third-party service providers.

What You Will Be Doing

Management and Support:

  • Collate information from questionnaires, documented policies and procedures, security certifications and reports, and public sources to conduct InfraSec risk assessments on third-party systems and service providers.
  • Support internal teams in vendor selection and provide recommendations based on findings from risk assessments.
  • Supporting the maintenance and development of the Gymshark’s Security Framework.
  • Assisting in the implementation and development of appropriate policies, processes and reports.
  • Promoting the business benefits of information security, including general information security awareness, to the organisation through briefings and other representations.


  • Maintain the Gymshark’s Security framework and expand to meet further regulatory standards.
  • Provide insight to help design and architect Gymshark’s security strategy.
  • Identify, Manage and Maintain Internal, third-party and Supply Chain risks, which may affect Gymshark’s operational capability within a Company Risk Register (e.g., Information Security Risks, Business Continuity), and work with key stakeholders to reduce or eliminate them.


  • Work collaboratively with teams when you find uncompliant systems or processes.
  • Work with the required internal teams to build, maintain and improve the Vendor review process to aid Gymshark’s vendor selection process.
  • Ability to navigate continuously expanding organisational structures and collaborate with multiple stakeholders across functional and technical skillsets.
  • Excellent communication skills with the ability to explain Governance & Compliance requirements in business risk terms.


  • Collect information and evidence to measure the effectiveness of process, policies, training and awareness programmes of third-parties to understand any potential impacts of concerns of using their services.

Knowledge and Opportunity:

  • Attend relevant 3rd party events & Webinars to further knowledge/skills/contacts within the industry.
  • Read articles and reports to remain up to date with current issues, events, or changes, and to further knowledge/skills within the industry.
  • Using information provided to assess risks posed by new and existing systems, identify issues or problems and provide recommendations based on those assessments.
  • Periodically benchmark our systems to ensure we are staying with the platforms that are most relevant as we continue to grow and expand – think longer term.

People Management:

  • No Direct Reports at present.
  • To drive learning and growth within Gymshark.
  • To identify problems and issues within the team and take steps to resolve them.

Other Duties:

  • Will be an ambassador for the function.
  • To work outside of hours where necessary/required.
  • Identifies areas where training/certification is required and proactively arrange such training/certification once identified.
  • To lead by example on best practices and tech policy.

What You'll Need

  • Own or work towards, an industry recognised qualification in Cyber/InfraSec.
  • Experience in information security (such as IT Audit, IT Controls/Risk Management), or experience in generating reports and management information in different functions/areas.
  • Knowledge of contemporary and emerging enterprise security standards, approaches, practises and industry trends.
  • Understanding of relevant technologies and associated technical information security controls.
  • An understanding of due diligence processes, as they relate to information security and data privacy.
  • General high level of organisational skills and attention to detail.
  • General computer literacy is essential, as is the ability to understand system architecture and information/data flows.
  • Ability to form objective conclusions based on evidence.
  • Ability to work collaboratively with other team members to deliver immediate tasks.
  • Ability to provide constructive feedback in a concise and understandable way.
  • A creative problem solver with the ability to think laterally and understand the cost and value drivers within a competitive business environment.