At a Glance
- Tasks: Support the Information Security Management System and conduct internal audits.
- Company: Join a forward-thinking company prioritising security and compliance.
- Benefits: Gain valuable experience, competitive salary, and opportunities for professional growth.
- Other info: Dynamic role with exposure to various frameworks and career advancement opportunities.
- Why this job: Make a real difference in maintaining security and compliance across the organisation.
- Qualifications: Experience in cyber security or IT audit, with strong organisational skills.
The predicted salary is between 40000 - 50000 £ per year.
We are looking for someone to support the day-to-day running of an Information Security Management System and internal audit programme. This is a great opportunity for someone with experience in cyber security, GRC, IT audit or information assurance who enjoys structure, documentation, compliance and working with stakeholders across the business. You will help maintain a strong security posture and support compliance obligations across frameworks and regulations including ISO 27001, PCI DSS and DORA.
What you'll be doing
- Support the ongoing operation and improvement of the ISMS, helping to ensure policies, controls, risks and audit activities are well managed and clearly documented.
- Maintain ISMS documentation, including policies, procedures, version control and review cycles.
- Plan, schedule and conduct internal audits against ISO 27001 and other relevant frameworks.
- Document audit findings and track corrective actions through to closure.
- Maintain the risk register and support risk owners with assessments, treatment plans and periodic reviews.
- Collect and maintain evidence for certification audits, customer assurance requests and regulatory obligations.
- Coordinate management review meetings, prepare reports and metrics, and record actions and outcomes.
- Support supplier and third-party risk activities, including issuing and reviewing questionnaires.
- Help deliver the security awareness and training programme, including tracking completion and exceptions.
- Act as a first point of contact for ISMS-related queries from across the business.
What we're looking for
- Experience in cyber security, GRC, IT audit, information assurance or a similar role.
- Working knowledge of core cyber security concepts, such as confidentiality, integrity and availability, access control, risk management, common threats and security controls.
- Practical exposure to at least one recognised security or compliance framework, such as ISO 27001, PCI DSS, NIST CSF, Cyber Essentials or similar.
- Strong organisational skills, attention to detail and a methodical approach to documentation.
- Confident written and verbal communication skills, with the ability to engage technical and non-technical stakeholders.
- Confidence using Microsoft 365 tools, including Word, Excel and SharePoint.
- Experience using GRC, service management or ticketing tools.
- A foundational cyber security qualification, such as CompTIA Security+, ISO 27001 Foundation or ISC2 Certified in Cybersecurity, or equivalent practical knowledge.
Desirable experience
- Experience supporting an ISO 27001-certified ISMS.
- Familiarity with PCI DSS v4.0 and/or DORA.
- ISO 27001 Internal Auditor or Lead Auditor training.
- Experience in a regulated environment, such as financial services, insurance, technology, professional services or critical service providers.
- Exposure to GRC platforms.
Information Security GRC Analyst employer: 4square Recruitment Ltd
Join a forward-thinking organisation that prioritises information security and compliance, offering a dynamic work environment in the heart of the city. As an Information Security GRC Analyst, you will benefit from a culture that values continuous learning and professional development, with opportunities to enhance your skills in cyber security and governance. Enjoy a supportive team atmosphere where your contributions are recognised, and be part of a company committed to maintaining a robust security posture while fostering employee growth.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security GRC Analyst
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend events, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Prepare for interviews by researching the company and its security practices. Show them you’re not just another candidate; you’re genuinely interested in their mission and how you can contribute to their ISMS.
✨Tip Number 3
Practice your responses to common interview questions, especially those related to GRC and compliance frameworks. We want you to feel confident discussing your experience and how it aligns with their needs.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who take that extra step.
We think you need these skills to ace Information Security GRC Analyst
Some tips for your application 🫡
Tailor Your CV:Make sure your CV reflects the skills and experiences that match the job description. Highlight your experience in cyber security, GRC, and IT audit to show us you’re the right fit for the role.
Craft a Compelling Cover Letter:Use your cover letter to tell us why you’re passionate about information security and how your background aligns with our needs. Be specific about your experience with frameworks like ISO 27001 and how you can contribute to our ISMS.
Showcase Your Communication Skills:Since you'll be engaging with both technical and non-technical stakeholders, make sure your application demonstrates your ability to communicate complex ideas clearly. Use straightforward language and examples from your past roles.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates during the process.
How to prepare for a job interview at 4square Recruitment Ltd
✨Know Your Frameworks
Make sure you brush up on ISO 27001, PCI DSS, and DORA before the interview. Being able to discuss these frameworks confidently will show that you understand the compliance landscape and can contribute to maintaining a strong security posture.
✨Showcase Your Documentation Skills
Since this role involves a lot of documentation, be prepared to talk about your experience with maintaining policies, procedures, and audit findings. Bring examples of how you've managed documentation in the past to demonstrate your attention to detail and organisational skills.
✨Engage with Stakeholders
This position requires working with various stakeholders, so practice how you would communicate complex security concepts to non-technical audiences. Think of examples where you've successfully engaged with different teams and how you handled any challenges.
✨Prepare for Scenario Questions
Expect scenario-based questions related to risk management and internal audits. Prepare by thinking through how you would approach specific situations, such as handling a compliance breach or conducting an internal audit, and be ready to explain your thought process.
