GRC - Information Security Analyst
Permanent role offering £50 000 - £60 000 + Excellent Benefits
Hybrid working, with 2 days onsite in the office per week in Hatfield
About the company
Great opportunity to join this unique employer on their journey to transform the future of transport & logistics through innovation and automation. They are establishing as one of the leaders in the UK, producing robotics and IoT, cloud platforms, big data, machine learning, software development, and AI technologies.
They are a fast- growing company: with 7 development centre across the UK & Europe.
What you will be doing
As the Information Security Analyst you will be joining 8 people Information Security team covering all aspects of information security across the whole organisation, including overall information security governance, compliance programs, third-party vendor risk management, education, and Vendor Risk Management tool administration. You will be conducting risk assessment and producing documentation in line with PCI DSS, ISO27001 and SSAE18/SOC2.
What will you do?
* Creating and regularly revising information security documents, policies, processes, and procedures as required.
* Worked closely with business stakeholders and project teams to understand, scope, and define security requirements.
* Developed control testing strategies, to ensure our security controls are meeting their objectives.
* Perform internal security and vendor risk assessments.
* Support Data Protection activities as required.
* Assist the Information Security teams and Business functions in maintaining security certification which include PCI DSS, ISO27001 and SSAE18/SOC2 attestation.
* Provide effective reporting to the Group Information Security Manager of trends, audit findings and risk ratings.
* Support with operational aspects of GRC
What we are looking for,
* Experience of working in an Information Security role dealing specifically with governance, risk, and compliance areas.
* Prior experience writing Information Security related Policies, Processes and Procedures.
* Experience managing internal and third-party vendor risk assessments and writing risk assessment reports.
* A track record of effectively analysing security controls, while understanding the risk of certain controls not being in place.
* Knowledge of Vendor Risk Management tools such as OneTrust.
* Knowledge of current information security standards, frameworks, and regulations such as ISO27001, NIST, SSAE16/18/SOC 2, PCI-DSS, GDPR.
* Experience in the software operational security or working in SaaS environment
* Working towards (or already have) any of CISA, CRISC, or CISM certifications.
Not required, but nice to have:
Any of the following: CISA, CRISC, or CISM certifications
Role comes with a great benefit package, some to mention:
- ‘work from anywhere’ policy + Remote working for the month of August
- 25 days annual leave, rising to 27 days after 5 years service (plus optional holiday purchase)
- Pension scheme with employer contribution matching up to 7% + Private Medical Insurance
- Opportunity to participate in Share save and Buy as You Earn share schemes
- Income Protection(can be up to 50% of salary for 3 years) and Life Assurance(3 x annual salary)