Information Security GRC Analyst - Hybrid working £40k-£50k
A global E-commerce company based in the heart of London is seeking an Information Security GRC Analyst who will be focused on driving improvements in security against best practices and standards, specifically ISO27001, GDPR, and the NIST cyber security framework.
As the Information Security GRC Analyst you will be responsible for:
- Support the business on achieving security accreditations such as ISO27001, Cyber Essentials, and PCI-DSS.
- Monitoring compliance with the ISO 27001 standard, and providing regular status reports.
- Conducting control checks against policies and standards of both technology environments and business processes.
- Collaborate with all the business units, internal audit, general counsel, and leadership to develop and maintain an assurance framework to support the assessment of risk and controls across our information systems and those of our suppliers.
- You'll be skilled in writing a range of documentation, relevant for the business, ranging from processes and procedures to reports, standards and frameworks.
- Plan and create security awareness training materials to enhance corporate and personal security postures.
- Provide effective support to the business in the provision of third-party assurance reviews.
As the Information Security GRC Analyst you will have the following experience:
- Experience working in an Information Security GRC role.
- Technical understanding and skills; able to walk through network and system to identify risks and able to understand the risk impact to the business.
- Experience in conducting information security audits, ideally internally and externally (suppliers).
- Experience in an information security risk management capacity; specifically, with hands-on knowledge of risk identification, recording, tracking, response, and reporting.
- Experience working with stakeholders across a large organisation, up to and including business leadership.
- CISA, SSCP, CompTI (desirable)
- ISO27001 Foundation, Implementer, GDPR Foundation( desirable)
- IT Management Certification (ITIL or similar)
- Project Management Certification (desirable)