Information Security Analyst (GRC)
Information Security Analyst (GRC)

Information Security Analyst (GRC)

Hatfield Full-Time
G

As the Information Security Analyst will support the InfoSec GRC team in all aspects of information security across the whole organisation, including overall information security governance, compliance programs, third-party vendor risk management, education, and Vendor Risk Management tool administration.

This role is not a technical hands on role, but would suit an individual who has a

technical background having worked with a range of technology and security tools who is now looking for an information security GRC role.

You’ll be working on things like;

  • Contributing to the creation and refreshment of information security documents, policies, processes and procedures.

  • Working with business stakeholders and project teams to understand, scope and define security requirements.

  • Assisting in developing control testing strategies, to ensure our security controls are meeting their objectives.

  • Performing internal security and vendor risk assessments.

  • Supporting Data Protection activities.

  • Supporting the Information Security teams and Business functions in maintaining security attestations, which include PCI DSS and SSAE18/SOC 2.

  • Providing effective reporting to the Head of Information Security Governance of trends, audit findings and risk ratings.

  • Performing internal and third-party vendor risk assessments, and writing risk assessment reports.

  • Managing and analysing security controls, while understanding the risk of certain controls not being in place.

  • Experience in an Information Security GRC related role, including writing Information Security related Policies, Processes and Procedures

  • Knowledge of current information security standards, frameworks and regulations such as ISO27001, NIST, SSAE18/SOC 2, PCI-DSS, GDPR.

  • Third-Party Vendor Risk Management experience

  • Good communication skills with ability to articulate compliance changes and experience in collaboration with internal / external stakeholders

Nice to have (but not essential):

  • Knowledge of Vendor Risk Management tools such as OneTrust

  • Any of the following: CISA, CRISC, or CISM certifications

  • 25 days annual leave, rising to 27 days after 5 years service (plus optional holiday purchase)

  • Pension scheme (various options available including employer contribution matching up to 7%)

  • Private Medical Insurance

  • 22 weeks paid maternity leave and 6 weeks paid paternity leave (once relevant service requirements complete)

  • Train Ticket loan (interest-free)

  • Cycle to Work Scheme

G

Contact Detail:

Global Ltd Recruiting Team

Information Security Analyst (GRC)
Global Ltd Apply now
G
>