Information Security Analyst - GRC
My client, a major housing developer in London, is looking to bring in an Information Security Analyst GRC to join their growing team. This role will require you to be in the office one day per week.
About the IT Security GRC Analyst role:
The infosec analyst - GRC's primary responsibility is to ensure support and ownership of the Governance, Risk, and Compliance pillar key requirements. This includes ensuring technology risks are kept up to date and oversight for risks being managed. They would also ensure my client is operating within legal requirements and complying with security standards set by the organisation, the sector, and/or other regulatory bodies such as the ICO. Other responsibilities include 3rd party information security assessments and oversight of investigations such as SARs and HR requests.
Key Responsibilities:
- Own and steer GRC Pillar objectives as part of the overall information security program, focusing on vulnerability management, risk mitigation, and controls.
- Chair Information Security Risk Steering Panels and meet monthly.
- Take ownership of risk management and steer risk conversations with key stakeholders to ensure they are proactively managed.
- Ensure and manage tracking of GRC components in Azure DevOps for reporting and KPI purposes.
- Own GRC pillar objectives and responsibilities as needed and work closely with the Information Security Lead - SOC. Objectives include but are not limited to policy management, process management, audit and governance, external services, and suppliers security assessments and risk management.
- Lead on oversight of GRC controls and ensure they are being adhered to across the group. Where they are not, communicate and collaborate with key stakeholders to ensure compliance with my client's and regulatory policy standards.
Technical Knowledge/Skills Required:
- Knowledge of various security methodologies and processes, and technical security solutions (Enterprise AntiVirus, EDR, IDS, Network Threat Analysis).
- Understanding of information security constraints, benefits, and best practices.
- Good knowledge of ISMS frameworks such as Cyber Security Essentials, ISO 27001, NIST CSF, and PCI-DSS.
- Experience in identification and recovery from cyberattacks, malware, virus, and system breaches.
- Demonstrated knowledge and understanding of cyber risks and threats related to cyber attackers.
- Industry-level operational IT security certifications.
- Proven experience in working with 3rd party security providers.
- Excellent interpersonal, verbal, and written communication skills.
- Experience of Agile ways of working and using Agile tools such as Jira, TFS (Azure DevOps) or similar.
- Good understanding of enterprise or technology risk management and audits.
If the above is of interest, please apply to this role or call me on 0207 509 8040 to find out more.
About the job:
- Contract Type: FULL_TIME
- Specialism: Information Technology
- Focus: Information Security
- Industry: Property and Housing
- Salary: £45,000 - £55,000 per annum
- Workplace Type: Hybrid
- Experience Level: Mid Management
- Location: London
- Job Reference: L1E2K0-B11AF992
- Date posted: 30 October 2024
- Consultant: Darius Goodarzi
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
