Job Application

My client, an international law firm, are looking for an Information Security GRC analyst to work in their London office.

About the IT Security GRC Analyst role:

Looking for an experienced GRC anaylst to help asssit and create and implement an enhanced InfoSec Risk Management framework.

Key responsibilities:

• Demonstrated expertise in implementing risk frameworks and applying risk management principles.
• Support the design and execution of the Information Security Governance, Risk and Compliance roadmap.
• Ensure continuous alignment with business strategy through oversight of the InfoSec Risk Management framework, activities, and processes, including comprehensive metrics and reporting.
• Drive the rollout of the governance, risk, and compliance program for information security.
• Support in establishing Information Security governance that serve my client's intention and direction through development and management of administrative controls and promoting awareness.
• Assist to provide accurate and timely information to the business to make informed strategic, operational and service delivery decisions while remaining fully aware of risks and impact.
• Work with Internal and External stakeholders to ensure continuous compliance with regulatory requirements.
• Work closely with ERM and Audit and other teams where required to ensure risks are managed within risk appetite and audit findings are closed within an agreed timeframe.
• Raise the bar on documentation by running workshops with teams on the templates created and how to design and write audit ready documentation as per best known.
• Support alignment and reviews of our maturity against security frameworks as agreed with the CISO, such as NIST CSF.
• Help build meaningful metrics to support senior management decisions.
• Proficient in various frameworks including Cobit 2019, NIST, GDPR, ISO27001, CSF, CIS, etc.
• Skilled in coordinating and managing programs across diverse divisions, functions, and business units.
• Perform any other GRC duties and responsibilities, as assigned
• Must have a Bachelors degree (ideally in Computer Science or a simiar subject)
• Must have a CISSP
• Ideally have be a lead ISO 27001 Auditor

What they're looking for from the candidate:

* Excellent communication skills, attention to detail and growth mindset.
* Take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.
* The ability to translate Information Security risks into the business language to support and drive informed decision making.
* A passion for compliance and knowledge of finance-related regulatory obligations/standards such as PCI-DSS, FCA, EBA, GLBA and US state financial regulations.
* Forward-looking and out of the box thinking with the ability to work with technical teams to translate regulatory requirements and audit findings into automated controls where feasible.

Education and Experience:
* Bachelor's degree in a related field or equivalent work experience

Knowledge of COBIT and ITIL processes.

If the above is of interest and you would like to find out more please apply to this role or call me to find out more.

Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates