Information Security Analyst - Hatfield - Hybrid - up to £60k + Excellent Bens
About the company:
Global Technology powerhouse pioneering the future of transport & logistics through disruptive innovation and automation. They create world-class systems at the intersection of robotics and IoT, cloud platforms, big data, machine learning, software development, and beyond.
What you will be doing:
As the Information Security Analyst, you will support the InfoSec GRC team in all aspects of information security across the whole organisation, including overall information security governance, compliance programs, third-party vendor risk management, education, and Vendor Risk Management tool administration.
This role is not a technical hands-on role but would suit an individual who has a technical background having worked with a range of technology and security tools who is now looking for an information security GRC role.
You’ll be working on things like:
1. Contributing to the creation and refreshment of information security documents, policies, processes, and procedures.
2. Working with business stakeholders and project teams to understand, scope and define security requirements.
3. Assisting in developing control testing strategies to ensure our security controls are meeting their objectives.
4. Performing internal security and vendor risk assessments.
5. Supporting Data Protection activities.
6. Supporting the Information Security teams and Business functions in maintaining security attestations, which include PCI DSS and SSAE18/SOC 2.
7. Providing effective reporting to the Head of Information Security Governance of trends, audit findings, and risk ratings.
8. Performing internal and third-party vendor risk assessments, and writing risk assessment reports.
9. Managing and analysing security controls, while understanding the risk of certain controls not being in place.
What we’re looking for:
1. Experience in an Information Security GRC related role, including writing Information Security related Policies, Processes and Procedures.
2. Knowledge of current information security standards, frameworks, and regulations such as ISO27001, NIST, SSAE18/SOC 2, PCI-DSS, GDPR.
3. Third-Party Vendor Risk Management experience.
4. Good communication skills with the ability to articulate compliance changes and experience in collaboration with internal/external stakeholders.
Nice to have (but not essential):
1. Knowledge of Vendor Risk Management tools such as OneTrust.
2. Any of the following: CISA, CRISC, or CISM certifications.
What is in it for me:
1. 30 Day ‘work from anywhere’ policy.
2. Remote working for the month of August.
3. 25 days annual leave, rising to 27 days after 5 years service (plus optional holiday purchase).
4. Pension scheme (various options available including employer contribution matching up to 7%).
5. Private Medical Insurance.
6. 22 weeks paid maternity leave and 6 weeks paid paternity leave (once relevant service requirements complete).
7. Train Ticket loan (interest-free).
8. Cycle to Work Scheme.
9. Opportunity to participate in Share save and Buy as You Earn share schemes.
10. Income Protection (can be up to 50% of salary for 3 years) and Life Assurance (3 x annual salary).
For more information and immediate consideration apply today.
#J-18808-Ljbffr