As an experienced GRC Risk Analyst, you will be part of a team responsible for identifying, reviewing, and shaping the management of Enterprise IT Security risks. The role will involve working with internal and external teams to cover areas such as risk assessments, security controls, and framework requirements.
Responsibilities include:
* Recognize the IT security and compliance requirements and respond to regulatory inquiries and audits.
* Support Enterprise IT business continuity management needs. Safeguarding services and operations during incidents, and maturing capability to become operationally resilient.
* Develop Standard Operating Procedures for risk assessments, third party assessments, and process workflows for Security Governance, Risk, Resilience and Compliance.
* Ensure information on accountable technology is accurate (e.g. KB Articles / process maps / training documents and presentations / RACI / Contract information).
* Identify and raise risks, threats and vulnerabilities of technology security.
Essential Experience required:
* Proven experience of internal security assessments and reviews, and documentation of information security risks.
* Security standards, and audit requirements including NIST CSF, 800-53, ISO 27001, PCI DSS, and SOC 2 Type 2 reports
* BCM programme governance framework, ideally ISO22301 aligned.
Desirable Experience:
* Experience of implementing security within cloud services e.g. AWS, Azure etc.
* Technical security controls, procedures and systems e.g., Email Security, AV, EDR, Firewalls.
* Relevant security accreditations e.g. CISSP, CISM.
* Knowledge of ITIL processes.
Working Policy:
Hybrid working is in place for this role, with a minimum of 2 days onsite (Cambridge) required each week.