Job ID 2024-10650 Date posted 11/11/2024 Location Cambridge, United Kingdom Category Security Job Overview The GRC Risk Analyst will be responsible for identifying, analysing and influencing the management of Enterprise IT (EIT) and Enterprise Security (ES) risks. Responsibilities Support internal and external partners on matters of risk assessments, security controls, and framework requirements. Ensuring security and compliance requirements are understood. Coordinate EIT responses to regulatory inquiries and audits, making sure Arm is compliant. Support EIT business continuity management (BCM) needs. Operationalizing and assuring a capability of safeguarding our services and operations in the face of disruption and disaster. Further, to mature this capability to put us on a firm path to becoming operationally resilient. Ensuring continuity and recovery plans are detailed, approved, tested, and maintained by asset owners and custodians. Develop tactical and positive relationships within the business, partners and vendors. Develop Standard Operating Procedures (SOP) to detail procedures for risk assessments, third party assessments, and business process workflows for Security Governance, Risk, Resilience and Compliance. Ensure that fundamental information on accountable technology is accurate (e.g. KB Articles / process maps / training documents and presentations / RACI / Contract information). Identify and raise risks, threats and vulnerabilities of technology security matters. Working with risk owners to shepherd the risks to conclusion where possible. Required Skills And Experience Experience in conducting internal security assessments and reviews, articulating and documenting information security risks. Strong familiarity with security standards, and audit requirements including NIST CSF, 800-53, ISO 27001, PCI DSS, and SOC 2 Type 2 reports BCM programme governance - the development and maintenance of a strategy and enabling governance framework, ideally ISO22301 aligned. Interpersonal skills are required to interact effectively within the Enterprise Security group, customers and vendors at a tactical level. Agile, self-starter and can prioritise quickly and effectively. Contributes through the quality, accuracy and timeliness of the tasks/services provided by self, and quality control of work provided by others. “Nice To Have” Skills And Experience Hands on experience implementing security within public cloud services (AWS, Azure, Google). Demonstrates a good understanding of the variety of technical security control concepts, procedures and systems (e.g., Email Security, AV, EDR, Firewalls). Security qualifications i.e., CISSP, CISM. Good familiarity with other Enterprise Security organization (can identify which team fulfils which roles) and a solid grasp of ITIL processes In Return You will be a key person to help our leaders focus on the risk that truly matters. This is a global role with responsibility for responding to information security needs across the entire Arm corporation Accommodations at Arm At Arm, we want our people to Do Great Things. If you need support or an accommodation to Be Your Brilliant Self during the recruitment process, please email Hybrid Working at Arm Arm’s approach to hybrid working is designed to create a working environment that supports both high performance and personal wellbeing. We believe in bringing people together face to face to enable us to work at pace, whilst recognizing the value of flexibility. Within that framework, we empower groups/teams to determine their own hybrid working patterns, depending on the work and the team’s needs. Details of what this means for each role will be shared upon application. In some cases, the flexibility we can offer is limited by local legal, regulatory, tax, or other considerations, and where this is the case, we will collaborate with you to find the best solution. Please talk to us to find out more about what this could look like for you. Equal Opportunities at Arm Arm is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and don’t discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.