Information Security Analyst - GRC
My client, a major housing developer in London, are looking to bring in an Information Security Analsyt GRC to join their growing team. This role will require you to be in the office one day per week.
About the IT Security GRC Analyst role:
The infosec analyst - GRC primary responsibility is to ensure support and ownership of the Governance, Risk and Compliance pillar key requirements. This would include ensuring technology risks are kept up to date and oversight for risks being managed. They would also ensure my client are operating within legal requirements and comply to security standards set by the organisation, the sector and/or other regulatory bodies such as the ICO. Other responsibilities include 3 rd party information security assessments and oversight of investigations such as SAR's and HR requests.
Key Responsibilities:
- Own and steer GRC Pillar objectives as part of the overall information security program with a particular focus on vulnerability management, risk mitigation, and controls.
- Chair Information Security Risk Steering Panels and meet monthly.
- Take ownership of risk management and steer risk conversations with key stakeholders to ensure they are proactively managed.
- Ensure and manage tracking of GRC components in Azure DevOps for reporting and KPI purposes.
- Own GRC pillar objectives and responsibilities as needed and work closely and communicate with Information Security Lead - SOC. Objectives include but are not limited to policy management, process management, audit and governance, external services and suppliers security assessments and risk management.
- Lead on oversight of GRC controls and ensure they are being adhered to across the group. Where they are not, communicating and collaborating with key stakeholders to ensure they are compliant to my ckiebnt and regulatory policy standards.
• Knowledge of various security methodologies and processes, and technical security solutions Enterprise AntiVirus, EDR, IDS, Network Threat Analysis.
• Understanding of information security constraints, benefits and best practice.
• Good knowledge of ISMS frameworks such as Cyber Security Essentials, ISO 27001, NIST CSF and PCI-DSS
• Experienced in identification and recovery from cyberattacks, malware, virus, system breaches.
• Demonstrated knowledge and understanding of cyber risks and threats related to cyber attackers.
• Industry-level operational IT security certifications
• Proven experience in working with 3rd party security providers
• Excellent interpersonal skills, and good verbal and written and communication skills
• Experience of Agile ways of working and using Agile tools such as Jira, TFS (Azure DevOps) or similar
• Good understanding of enterprise or technology risk management and audits
If the above is of interest please apply to this role or call me on 0207 509 8040 to find out more.
Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
