This is a remote position.
Full job description
JobAdvert
Information SecurityGRC Analyst
Remotebased role with travel as requiredto Nuneaton or Oxford
£35000 per annum plus 22 days holidayrising pension life assurance employee assistance programmewellbeing support and flexible benefitsscheme
Aboutthe Job
Relationships mean everythingto us and this one is particularly special. You ll collaborate withstakeholders assisting in the coordination of ISO 27001 auditsreviewing monitoring and resolving findings.
Here at Unipart we don t just have a way of working wehave The Unipart Way. It allows everyone in our team to pursuetheir own personal and professional goals to a world class levelthrough Uniparts From Gate to Great training and developmentprogram.
As a GRC Analyst you willsupport the team to undertake internal ISO27001 audit andcompliance activities. You will also drive the quality consistencycontinual improvement and documentation of the ISMS. This roleprovides an opportunity for growth and will suit an individualeager to progress supported by an experiencedteam.
As part of your key responsibilities you ll:
* Ensure Unipart meets its information security obligationsin line with ISO 27001 through the selection and implementation ofrequired controls and maintenance of the ISMSAudits
* Conduct internal informationsecurity audits and reviews to include policy and contractualcompliance and manage the remediationactivities
* Ensure the compliancecalendar is current and the assigned activities are instigated andtracked through to completion
* Actas the point of contact for client IT audits coordination of theaudit lifecycle from opening meeting to resolution ofnonconformances
* Manage 3rd Partysupplier audits for Information Security and associatedrisks
* Support quality risk reviewsto ensure that risks are up to date andrelevant
* Maintain the status ofInternal audits and audit findings ensuring findings have treatmentplans and target resolution dates
* Maintain records of audit requests and responses in thecorrect platforms
* Proactively seekout areas for improvement and offer insightful advice andvalueadded guidance on process and controlenhancements
* Share and report onfindings with managers to ensure overview andremediation
AboutYou
We d love you to have thefollowing skills and experience but please apply if you think you dbe able to perform well in this role!
* Previous experience within a GRC function ITSecurity/Cyber team Internal Audit or an ITenvironment
* Experience working withISO Standards and/or security frameworks such as ISO 27001/CyberEssentials / NIST / ISO 27005 / DPA 2018 / PCI DSS / ISO22301
* Experience of risk managementmethods identifying describing and logging ofrisks
* Experience of working withrisk management frameworks
* Abilityto build relationships to influence and guide stakeholders andpeers on compliance activities
* Excellent people skills including good written oral andinterpersonal communication skills
* Good report writing and presentationskills
* Understanding of applicablelegal and regulatory requirements
* Strong analytical and problemsolvingabilities
* ISO 27001 Auditorqualification equivalent experience or willing toobtain
Our recruitment and selectionprocess has been developed to ensure that it is consistent fair andprovides equality of opportunity all selection decisions are basedsolely on technical and behavioural competencies. We do notdiscriminate on the grounds of race colour or nationality ethnic ornational origins sex gender reassignment sexual orientation maritalor civil partnership status pregnancy or maternity disabilityreligion or belief age or any other current or future protectedcharacteristic as defined in the current Equality Act of Englandand Wales. As an organisation we also promote an environment whichencourages diversity of characteristics and thought where you feelincluded safe and confident to be the best version of yourself anddo your best work every day.
Experience required: The successful candidate shouldhave a solid foundation in risk management, cyber security threatsand trends, experience creating information and cyber securitydocumentation and exposure to international frameworks such asISO27001, NIST and the NCSC Cyber Assessment Framework. A minimumof 2 years experience in a similar role is essential. Experience inthe water industry is beneficial but any exposure to criticalnational infrastructure will be considered. Certifications such asCISMP, CISA, CISM and CISSP are advantageous but notessential.