Information Security Analyst (GRC)
Information Security Analyst - Hatfield - Hybrid - up to £60k + Excellent Bens
About the company:
Global Technology powerhouse pioneering the future of transport & logistics through disruptive innovation and automation. They create world-class systems at the intersection of robotics and IoT, cloud platforms, big data, machine learning, software development, and beyond.
What you will be doing:
As the Information Security Analyst, you will support the InfoSec GRC team in all aspects of information security across the whole organisation, including overall information security governance, compliance programs, third-party vendor risk management, education, and Vendor Risk Management tool administration.
This role is not a technical hands-on role but would suit an individual who has a technical background having worked with a range of technology and security tools who is now looking for an information security GRC role.
You’ll be working on things like:
- Contributing to the creation and refreshment of information security documents, policies, processes, and procedures.
- Working with business stakeholders and project teams to understand, scope and define security requirements.
- Assisting in developing control testing strategies to ensure our security controls are meeting their objectives.
- Performing internal security and vendor risk assessments.
- Supporting Data Protection activities.
- Supporting the Information Security teams and Business functions in maintaining security attestations, which include PCI DSS and SSAE18/SOC 2.
- Providing effective reporting to the Head of Information Security Governance of trends, audit findings, and risk ratings.
- Performing internal and third-party vendor risk assessments, and writing risk assessment reports.
- Managing and analysing security controls, while understanding the risk of certain controls not being in place.
What we’re looking for:
- Experience in an Information Security GRC related role, including writing Information Security related Policies, Processes and Procedures.
- Knowledge of current information security standards, frameworks, and regulations such as ISO27001, NIST, SSAE18/SOC 2, PCI-DSS, GDPR.
- Third-Party Vendor Risk Management experience.
- Good communication skills with the ability to articulate compliance changes and experience in collaboration with internal/external stakeholders.
Nice to have (but not essential):
- Knowledge of Vendor Risk Management tools such as OneTrust.
- Any of the following: CISA, CRISC, or CISM certifications.
What is in it for me:
- 30 Day ‘work from anywhere’ policy.
- Remote working for the month of August.
- 25 days annual leave, rising to 27 days after 5 years service (plus optional holiday purchase).
- Pension scheme (various options available including employer contribution matching up to 7%).
- Private Medical Insurance.
- 22 weeks paid maternity leave and 6 weeks paid paternity leave (once relevant service requirements complete).
- Train Ticket loan (interest-free).
- Cycle to Work Scheme.
- Opportunity to participate in Share save and Buy as You Earn share schemes.
- Income Protection (can be up to 50% of salary for 3 years) and Life Assurance (3 x annual salary).
For more information and immediate consideration apply today.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
